From lindat at iquest.net Tue Aug 1 00:13:03 1995 From: lindat at iquest.net (Dr. Linda D. Thompson - American Justice Federation) Date: Tue, 1 Aug 95 00:13:03 PDT Subject: Software Glitch FYI Message-ID: A Congressman's aid called me today to explain that if you send email to all the Congressmen's offices at one time, the software at their end causes each Congressman to receive 50 copies. Please be sure everyone is aware of this glitch. To prevent 50 copies from being sent to each Congressman, it is necessary to break the mailing list into 5-10 addresses at a time. Every list I've ever received of Congressional Emails has annoying spaces and formats, so my list doesn't have that. It can be copied directly into a nickname box in Eudora or to a Bcc: list on a message. senator at boxer.senate.gov senator_brown at brown.senate.gov, sen_dodd at dodd.senate.gov, senator_lieberman at lieberman.senate.gov, joe_biden at biden.senate.gov, senator_coverdell at coverdell.senate.gov, tom_harkin at harkin.senate.gov, chuck_grassley at grassley.senate.gov, larry_craig at craig.senate.gov, dirk_kempthorne at kempthorne.senate.gov, senator at simon.senate.gov, senator at moseley-braun.senate.gov, wendell_ford at ford.senate.gov, senator at breaux.senate.gov, senator at johnston.senate.gov, senator at kennedy.senate.gov, john_kerry at kerry.senate.gov, senator at mikulski.senate.gov, senator at levin.senate.gov, mail_grams at grams.senate.gov, senator at wellstone.senate.gov, john_ashcroft at ashcroft.senate.gov, max at baucus.senate.gov, conrad_burns at burns.senate.gov, bob at kerrey.senate.gov, mailbox at gregg.senate.gov, opinion at smith.senate.gov, senator at bradley.senate.gov, senator_Bingaman at bingaman.senate.gov, senator_domenici at domenici.senate.gov, senator_reid at reid.senate.gov, senator_dewine at dewine.senate.gov, nickles at rpc.senate.gov, lugar at iquest.net senator_chafee at chafee.senate.gov, senator at hollings.senate.gov, tom_daschle at daschle.senate.gov, larry_pressler at pressler.senate.gov, senator_frist at frist.senate.gov, senator at hutchison.senate.gov, senator_robb at robb.senate.gov, senator at warner.senate.gov, senator_leahy at leahy.senate.gov, vermont at jeffords.senate.gov, senator_Gorton at gorton.senate.gov, russell_feingold at feingold.senate.gov, senator at rockefeller.senate.gov, everett at hr.house.gov, budmail at hr.house.gov, sbachus at hr.house.gov, jdickey at hr.house.gov, edpastor at hr.house.gov, dcaucus at hr.house.gov, woolsey at hr.house.gov, gmiller at hr.house.gov, sfnancy at hr.house.gov, talk2tom at hr.house.gov, petemail at hr.house.gov, annagram at hr.house.gov, tellnorm at hr.house.gov, zoegram at hr.house.gov, samfarr at hr.house.gov, george at hr.house.gov, andrea22 at hr.house.gov, tellbuck at hr.house.gov, jharman at hr.house.gov, tucker96 at hr.house.gov, housesst at hr.house.gov, rpackard at hr.house.gov, skaggs at hr.house.gov, schaefer at hr.house.gov, bozrah at hr.house.gov, cshays at hr.house.gov, delaware at hr.house.gov, kthurman at hr.house.gov, cstearns at hr.house.gov, canady at hr.house.gov, pdeutsch at hr.house.gov, hastings at hr.house.gov, jlinder at hr.house.gov, georgia6 at hr.house.gov, saxby at hr.house.gov, ga10 at hr.house.gov, runderwo at hr.house.gov, brush at hr.house.gov, luisg at hr.house.gov, hfawell at hr.house.gov, dhastert at hr.house.gov, durbin at hr.house.gov, johnhost at hr.house.gov, emailpat at hr.house.gov, edky01 at hr.house.gov, mward2 at hr.house.gov, bunning4 at hr.house.gov, torkma06 at hr.house.gov, jmoakley at hr.house.gov, cardin at hr.house.gov, tellhoek at hr.house.gov, congehlr at hr.house.gov, davecamp at hr.house.gov, repsmith at hr.house.gov, chrysler at hr.house.gov, lrivers at hr.house.gov, jconyers at hr.house.gov, gil at hr.house.gov, dminge at hr.house.gov, mn03 at hr.house.gov, vento at hr.house.gov, tellbill at hr.house.gov, tocollin at hr.house.gov, oberstar at hr.house.gov, goldsmit at iquest.net talentmo at hr.house.gov, demldr at hr.house.gov, bemerson at hr.house.gov, bthompson at hr.house.gov, funnc02 at hr.house.gov, thechief at hr.house.gov, mail2nc5 at hr.house.gov, crose at hr.house.gov, myrick at hr.house.gov, chtaylor at hr.house.gov, melmail at hr.house.gov, epomeroy at hr.house.gov, zeliff at hr.house.gov, franksnj at hr.house.gov, dzimmer at hr.house.gov, mpforbes at hr.house.gov, lazio at hr.house.gov, tmanton at hr.house.gov, molinari at hr.house.gov, rangel at hr.house.gov, jserrano at hr.house.gov, engeline at hr.house.gov, boehlert at hr.house.gov, bpaxon at hr.house.gov, portmail at hr.house.gov, hokemail at hr.house.gov, istook at hr.house.gov, furseor1 at hr.house.gov, pdefazio at hr.house.gov, murtha at hr.house.gov, jonfox at hr.house.gov, mchale at hr.house.gov, pa16 at hr.house.gov, jspratt at hr.house.gov, cwilson at hr.house.gov, samtx03 at hr.house.gov, barton06 at hr.house.gov, doggett at hr.house.gov, frost at hr.house.gov, ggreen at hr.house.gov, enidutah at hr.house.gov, ortonut3 at hr.house.gov, opickett at hr.house.gov, talk2bob at hr.house.gov, ninthnet at hr.house.gov, bsanders at igc.apc.org, repwhite at hr.house.gov, asklinda at hr.house.gov, dunnwa08 at hr.house.gov, rtate at hr.house.gov, mneumann at hr.house.gov, badger02 at hr.house.gov, roth08 at hr.house.gov, commerce at hr.house.gov, slabmgnt at hr.house.gov, resource at hr.house.gov, housesst at hr.house.gov, smbizcom at hr.house.gov ============================================ Dr. Linda D. Thompson American Justice Federation 3850 S. Emerson Avenue, Suite E, Indianapolis, IN 46203 Telephone: (317) 780-5203 AEN News BBS: (317) 780-5211 Fax: (317) 780-5209 Orders (Visa/MC) 1-800-749-9939 Internet: lindat at iquest.net ******************************************************************************* From lmccarth at cs.umass.edu Tue Aug 1 01:21:38 1995 From: lmccarth at cs.umass.edu (L. McCarthy) Date: Tue, 1 Aug 95 01:21:38 PDT Subject: a hole in PGP In-Reply-To: <9508010049.AA05263@all.net> Message-ID: <9508010821.AA20913@cs.umass.edu> [NB: Due to some as-yet-undiagnosed bugs in my .procmailrc, I apparently sent all my mail received between sometime Saturday and about 17:00 PT Monday straight into the bit bucket. *sigh* Archives are a Good Thing. If you sent me mail during that approximate period, please contact me again. Thanks.] Dr. Frederick B. Cohen writes: > Request for Comments: 1750 - Randomness Recommendations for Security > > "...Choosing random quantities to foil a resourceful and motivated > adversary is surprisingly difficult. ...recommends the use of truly > random hardware techniques and shows that the existing hardware on many > systems can be used for this purpose." > > PGP does not use "truly random hardware techniques" Correct. However, the excerpt of RFC 1750 you quoted above does not claim that all PRNG techniques are unreasonably insecure, nor does it suggest that they should never be used. > "...For the present, the lack of generally available facilities for > generating such unpredictable numbers is an open wound in the design of > cryptographic software. ... the only safe strategy so far has been to > force the local installation to supply a suitable routine to generate > random numbers. To say the least, this is an awkward, error-prone and > unpalatable solution." - 1994 - after PGP was implemented. I agree with the RFC's authors that mandating provision of platform- dependent routines is an awkward and unappealing strategy. Note, however, that they characterize it as "the only safe strategy". They say that the _strategy_ is error-prone; they do not say that all locally-supplied routines are unreasonably insecure, and should not be used. > and then: "This informational document suggests techniques for producing > random quantities that will be resistant to such attack. It recommends > that future systems include hardware random number generation or provide > access to existing hardware that can be used for this purpose." This is just a reiteration of the first section you quoted. > So I guess the RFC supports my contention and not [Derek Atkins']. [...] [re: PGP's key generation methods] > But the RFC acknowledges that these methods are highly suspect and should > not be trusted. Where ? Give a citation, please. It doesn't say anything of the sort in the part you quoted previously. Furthermore, you inexplicably omitted all mentions of keystroke-timing PRNG techniques in RFC 1750. Here are some excerpts that strike me as particularly germane to the quality of the randomness in PGP: ------------------------------------------------------------------------ 4.2 Timing and Content of External Events It is possible to measure the timing and content of mouse movement, key strokes, and similar user events. This is a reasonable source of unguessable data with some qualifications. On some machines, inputs such as key strokes are buffered. Even though the user's inter- keystroke timing may have sufficient variation and unpredictability, there might not be an easy way to access that variation. Another problem is that no standard method exists to sample timing details. This makes it hard to build standard software intended for distribution to a large range of machines based on this technique. The amount of mouse movement or the keys actually hit are usually easier to access than timings but may yield less unpredictability as the user may provide highly repetitive input. [...] 6.2 Non-Hardware Sources of Randomness The best source of input for mixing would be a hardware randomness such as disk drive timing affected by air turbulence, audio input with thermal noise, or radioactive decay. However, if that is not available there are other possibilities. These include system clocks, system or input/output buffers, user/system/hardware/network serial numbers and/or addresses and timing, and user input. Unfortunately, any of these sources can produce limited or predicatable values under some circumstances. [...] The use of multiple random inputs with a strong mixing function is recommended and can overcome weakness in any particular input. For example, the timing and content of requested "random" user keystrokes can yield hundreds of random bits but conservative assumptions need to be made. For example, assuming a few bits of randomness if the inter-keystroke interval is unique in the sequence up to that point and a similar assumption if the key hit is unique but assuming that no bits of randomness are present in the initial key value or if the timing or key value duplicate previous values. The results of mixing these timings and characters typed could be further combined with clock values and other inputs. This strategy may make practical portable code to produce good random numbers for security even if some of the inputs are very weak on some of the target systems. However, it may still fail against a high grade attack on small single user systems, especially if the adversary has ever been able to observe the generation process in the past. A hardware based random source is still preferable. ------------------------------------------------------------------------- I find it difficult to reconcile your claim that "the RFC acknowledges that these methods are highly suspect and should not be trusted" with the RFC's assertions that: "the timing and content of [...] key strokes [...] is a reasonable source of unguessable data" "the timing and content of requested `random' user keystrokes can yield hundreds of random bits" "this strategy may make practical portable code to produce good random numbers for security" etc. Having said that, allow me to state my position on some of the other issues you've raised. I do not _know_ nor can I _prove_ that PGP has no cryptographic backdoors. I happen to _believe_ that it does not -- among other things, I have met Derek Atkins and Jeff Schiller, and I trust them in this regard. I don't consider that any reason for you to believe that it's backdoor-free. In fact, I'm not interested in trying to persuade you or anyone else that it is backdoor-free. By the same token, I don't see any reason for anyone here to heed your demands that they justify _their beliefs_ to _your satisfaction_. I remain rather baffled as to your motives in this mini-campaign. You said that no-one can prove PGP has no backdoors, and many here essentially said "what else is new ?". In the white paper about your small "secure" HTTP daemon, thttpd, (found at http://all.net/ManAl/white/whitepaper.html, to save you the trouble of more self-promotion ;), it says: > Proof of program correctness to verify even simple security > properties, for example, grows almost exponentially with the number of > program statements. Verifying a 100 line limited-language program for the > simple security properties associated with the Bell-LaPadula model of > security takes about 24 hours of CPU time on a Cray supercomputer. The > source code for the NCSA W3 server in widespread use today is about 6600 > lines long, so there is no computer around today that is likely to be able > to verify its security (or more likely demonstrate its insecurity). If we adopt this standard, it seems hopeless to "verify" the PGP source, as others have noted here. [BTW, I read your detailed code walkthrough for thttp with interest, and commend your work on that. I'm planning some sort of similar review for a larger piece of code, and it's encouraging to see other people pulling it off.] Nobody has suggested a serious, better-understood alternative to PGP as it is used today (except maybe 2.6.2ui (?), the current int'l. version, for merely MIT-allergic people :) So, in summary, we effectively can't know for sure that PGP is secure, but as a practical matter we have no choice but to accept it, albeit with varying degrees of caution. This is hardly novel. Did you have a point I missed somewhere ? Your good stuff tends to get lost in your rhetoric, recriminations, and advertising.... [On a largely unrelated note, why does http://all.net/admin/usepolicy.html contain the following warning ? Specifically, why the age limit ? "This service is ONLY for use by legally competent adults human [sic] individuals of age 18 or older. If you do not meet these criteria, you should immediately cease and desist your use of this service."] -Futplex "...because of Dr. Cohen's frequent, blatant, and intentional disregard for the guidelines that this list operates under, and because of his apparent disregard for the frequently expressed opinions of many of the members of this list that they don't appreciate his antics, I've configured Majordomo to divert all messages he posts to Firewalls to the list owner for review and approval before posting..." -Brent Chapman, July 24, 1995 From cman at communities.com Tue Aug 1 01:27:20 1995 From: cman at communities.com (Douglas Barnes) Date: Tue, 1 Aug 95 01:27:20 PDT Subject: The Two Threads of Dr. Cohen Message-ID: There are two threads to Dr. Cohen's arguments which bear separation. One thread, with the implications of deliberate wrongdoing on the part of Derek Atkins or others unnamed should be dismissed out of hand. His comments regarding the fundamental security properties of PGP and the burden of proof for software security are right on target. One has to draw the line somewhere with regard to what "they" are out to do. PGP may have had weaknesses from the beginning, but to suggest a deliberate change so subtle to escape PGP's original authors is to descend into the realm of paranoia. In addition, such allegations are extremely rude, and I think Dr. Cohen owes Derek an apology. At the same time, I think some apologies are in order with respect to some very good points raised by Dr. Cohen about software security. There is a whole sub-discipline of CS devoted to the construction of trusted computer systems, which if practiced can result in much greater assurances about the reliability and security of the resultant software. This is (I believe) the source of Dr. Cohen's assertion that the burden of proof is on those who claim something is secure. PGP is practically a poster child for how not to write a secure piece of software. It has had a great many authors. It is non- modular. It is large and complex. Simplicity is almost always sacrificed at the altar of even slight performance gains. It is absolutely infested with platform-dependent code. And these are only the problems that directly impact its security... it's also strongly tied to a tty-style interface and implements a poorly-designed format. With respect to "tiger teaming" PGP, I think it is a pretty hopeless proposition. It is never, ever going to be as secure as some people would like it to be. Given the past and current bug discovery rate, it is almost inconceivable that there are not exploitable bugs. This is not to say it isn't "pretty good", but it is not what someone with a formal background in real secure systems developement would ever bless as "secure". PGP needs to be thrown away and rewritten from scratch. This has, in fact, been done, but while this development effort has been incrementally better, it still doesn't qualify as a secure development approach. Also, nobody has this product yet for reasons that I won't mention as we don't need to start another tangential flamewar. In any event, I think it's important for people to realize that in the security community, the burden of proof _is_ on the software developer, not on those claiming security problems. I'm surprised Perry hasn't chimed in on this score yet, many of his posts allude to similar notions of security by design and by construction. Doug From lmccarth at cs.umass.edu Tue Aug 1 02:01:03 1995 From: lmccarth at cs.umass.edu (L. McCarthy) Date: Tue, 1 Aug 95 02:01:03 PDT Subject: a hole in PGP? NOT! In-Reply-To: <199508010658.CAA18603@charon.MIT.EDU> Message-ID: <9508010900.AA21295@cs.umass.edu> RFC 1750 says: # "...Choosing random quantities to foil a resourceful and motivated # adversary is surprisingly difficult. ...recommends the use of truly # random hardware techniques and shows that the existing hardware on many # systems can be used for this purpose." Dr. Frederick B. Cohen writes: $ PGP does not use "truly random hardware techniques" I wrote: % Correct. Derek Atkins writes: > Oh? It doesnt? How can you say that? In what way does it not do > this? The RFC states, in your quote, that "existing hardware on many > systems can be used" for truly random hardware techniques. Please, > substantiate your claim that PGP does not do this. Show me code > segments which show it does not. Show me an analysis that goes > contrary to the RFC. Warning: I'm about to quibble over semantics. I'm not being accused of being a NSA lackey (yet), so I guess I have more time for pettiness ;) In the context of RFC 1750, it appears to me that the phrase "truly random hardware techniques" does not refer to the type of RNG method employed in PGP. Section 5.3 discusses the use of built-in digitizers of analog natural sources, and turbulence in disk drive chambers, as the "truly random" "existing hardware" techniques. Keystroke timing only seems to fall under 6.2, Non-Hardware Sources of Randomness. ----------------------------------------------------------------------- 5.3 Existing Hardware Can Be Used For Randomness As described below, many computers come with hardware that can, with care, be used to generate truly random quantities. 5.3.1 Using Existing Sound/Video Input [...] 5.3.2 Using Existing Disk Drives [...] ----------------------------------------------------------------------- 6.2 Non-Hardware Sources of Randomness The best source of input for mixing would be a hardware randomness such as disk drive timing affected by air turbulence, audio input with thermal noise, or radioactive decay. However, if that is not available there are other possibilities. These include system clocks, system or input/output buffers, user/system/hardware/network serial numbers and/or addresses and timing, and user input. ----------------------------------------------------------------------- -Futplex "We love our lovin' -- but not like we love our freedom" -Joni Mitchell From asb at nexor.co.uk Tue Aug 1 02:17:47 1995 From: asb at nexor.co.uk (Andy Brown) Date: Tue, 1 Aug 95 02:17:47 PDT Subject: a hole in PGP In-Reply-To: <9508010120.AA07073@all.net> Message-ID: On Mon, 31 Jul 1995, Dr. Frederick B. Cohen wrote: > A reasonable response. My question is: Why do you think that the key > generation algorithm used by PGP is secure? Specifically, how do we know > there is no subtle back door that reduces the problem of testing the > typical key space to a solvable problem in today's technology? Well I told you that I verified the results of the key generation in PGP by testing the primality of p and q and the validity of the key by testing ed = 1 mod (p-1)(q-1). That bit works, period. You seem to be in some doubt about the random starting point for the prime searching. Entropy for the random number generator is collected from the user's keystrokes and is mixed into the random pool. PGP is very careful about how much entropy it attaches to one keystroke and makes sure that the user is prompted to press more keys if it thinks it has not got enough. The random pool is itself stirred periodically by using MD5 to "encrypt" it. This encryption is made strictly one way by using the first 64 bytes of the pool as the key, these 64 bytes are destroyed after use. Now, amongst other times the pool is stirred both before and after use. So, recovering any given state of the pool (i.e. finding the random starting point for a prime search) has to be equivalent to reversing the MD5 transform. There is no known way to do this. - Andy +-------------------------------------------------------------------------+ | Andrew Brown Internet Telephone +44 115 952 0585 | | PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A C0 1F 9F 66 64 02 4C 88 | +-------------------------------------------------------------------------+ From txomsy at ebi.ac.uk Tue Aug 1 02:32:52 1995 From: txomsy at ebi.ac.uk (J. R. Valverde (EMBL Outstation: the EBI)) Date: Tue, 1 Aug 95 02:32:52 PDT Subject: a hole in PGP In-Reply-To: <9508010120.AA07073@all.net> Message-ID: <199508010932.KAA11464@neptune.ebi.ac.uk> >A reasonable response. My question is: Why do you think that the key >generation algorithm used by PGP is secure? Specifically, how do we know >there is no subtle back door that reduces the problem of testing the >typical key space to a solvable problem in today's technology? > >I don't believe I made ANY "vague, wild, unsupported claims" however, >that is certainly a matter of opinion. > OK, let me put my 2 pence collaboration: Let's see. I can try to write a nice program to protect myself. I could XOR something with my key (00000000) and use that. Then tell my fellows and all of us use the same program. Or I could even be more tricky and implement something more complex. Now, my knowledge, time and resources are limited. I see that MIT or whomever has made a program that, under test, is more secure than my XOR 00000000 implementation. I may not fully trust them but it is better than anything I could come out with. So, my position is: if it's the best thing I have access to, I only have two options: either I use it or I give up with cryptography at all. Right? Now, I think that what I am trying to say is: if you can come up with something better, please do. All the Free (and Wannabe Free) World will be eternally grateful to you. If you can't, then you only have the above two options. Bragging about hypothetical fears that you can't demonstrate at all is not only stupid, it is also pesimistic, destructive, improductive and threatening all kinds of freedom. Nazi perhaps? Dunno. And I don't care. Security? As you have already been told, you can only prove it negatively. So, since you can only prove that it can fail, but can't prove it can't, any discussion is irrelevant unless you have any real proof. All the process is based in a fight against time: you are assuming that nobody can break your crypto process before the secret becomes irrelevant. All your security lies in the fact that *YOU* don't know of anybody that can break the problem but can't deny that someone could ever possibly discover a clever algorithm. Thus: either you have proofs that it can be broken, or know a better algorithm, or can name someone who can proof s/he can break it, or you just trust it the best you can. Any other kind of discussion is a sophism. Dr?... hum. Let me try then a different analogy: I do have a patient with a letal disease with no known therapy. Then someone comes up with A, which cures people, but -being new- could maybe possibly perhaps have some secondary effect that no one knows yet and can't be demonstrated (but could exist). Now, should I trust the lifes of my patients to therapy A or should I wait for some years to be secure it has no secondary effects?. Even so, since the fact nobody has reported them doesn't mean it could not have them (only that nobody has discovered them), I can't be 100% sure. Oh, well, I guess that if your doctor never gave you a therapy 'cos you can never be 100% sure, you would not like the idea. Would you trust your life to that therapy when you know for sure you are about to die if you don't? What if A saved 100%, but there was a therapy B that saved 20% with no known secondary effects either? Which one would you chose? Thus, can you trust lives and whatnot to something not fully known? I'd say that unless you have something better, that's your better bet. So, since you know for sure that if you don't use any cryptography at all, you must communicate in the clear, what do you do? So, can you come up with something better or not? jr From frissell at panix.com Tue Aug 1 03:18:50 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 1 Aug 95 03:18:50 PDT Subject: a hole in PGP In-Reply-To: <9508010008.AA02790@all.net> Message-ID: On Mon, 31 Jul 1995, Dr. Frederick B. Cohen wrote: > Why (specifically) do you think so? Because you claim it? Because the > MIT maintainer claims it? You say MIT is not associated with the NSA, > but they have historically been funded by the NSA and other federal > agencies for work on information security. Do you really think that the Of course MIT was in the NSA's pocket back in 1978 when they mailed me and 3,000 other people a copy of "A Proposal for a Public Key Encryption System" and started this whole Public Key-Private Key thing. It was all part of a plot. If they hadn't done that we might all be using stronger systems today. DCF From danisch at ira.uka.de Tue Aug 1 04:25:29 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 1 Aug 95 04:25:29 PDT Subject: a hole in PGP Message-ID: <9508011120.AA11301@elysion.iaks.ira.uka.de> > Clever back doors are not accomplished by an obvious program > change, but rather by the subtle use of some technique that appears to > do one thing when it actually does something else. As a good example, a > subtle interation with the rest of the environment could modify the key > generation algorithm after it is loaded. Unfortunately, PGP is too > large to verify against such back doors, so I ask again: > > Why (specifically) do you think the MIT version of PGP has no > backdoors and is not subject to attacks such as the one outlined in my > previous posting? This is a good question. Subtle backdoors hidden in such a program may be difficult to find out. It might be more effective to use the PGP file format, to understand pgp as a reference implementation, and to write you own pgp compatible program where you can generate your keys etc. in the way you prefer. Hadmut From danisch at ira.uka.de Tue Aug 1 04:35:47 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 1 Aug 95 04:35:47 PDT Subject: a hole in PGP Message-ID: <9508011127.AA11306@elysion.iaks.ira.uka.de> > This is where you are very wrong. I am not saying that "if you can't > find any holes it must be secure". What I am saying is that the > source is available, and thousands of people have looked at the > source, and none of them have found any holes in it. It is definitely much more difficult to implant a backdoor into a program which is available as source code than into a black box. BTW: Has anyone ever found a modified and weakened version of pgp ? Hadmut From danisch at ira.uka.de Tue Aug 1 04:45:31 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 1 Aug 95 04:45:31 PDT Subject: Sex & Crime TV filter Message-ID: <9508011130.AA11309@elysion.iaks.ira.uka.de> > >However, to help derail this V-chip being mandated, what if we (I mean > >activists, writers of columns, etc.) "insisted" that _commercials_ be > >similarly labelled? > > I love it. Great idea, Tim! Someone in Germany developed a device which stops the VTR while they are showing the commercials, but it isn't available yet. Hadmut From fc at all.net Tue Aug 1 04:54:41 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Tue, 1 Aug 95 04:54:41 PDT Subject: a hole in PGP? NOT! In-Reply-To: <199508010658.CAA18603@charon.MIT.EDU> Message-ID: <9508011148.AA15766@all.net> Sorry for the long reply. I hpe this will be taken off-line soon. ... > Here are some snipets of things you've said. First, you say that it > is a rational concern since PGP was taken over by us: > > > The term paranoid is inappropriate in this context. Paranoia refers to > > an irrational fear, while I am expressing a rational concern over a > > system that has been taken over by a (partially) government funded > > university and which has not been properly verified. The history of > > cryptography (as they say) is (quite literally) littered with the dead > > bodies of people killed because somebody else thought a cryptosystem was > > good enough when it was not. This is a true statement. Tens of thousands of people have dies because cryptosystems were trusted when they should not have been (hind sight being 20/20 of course). > Then you talk about the MIT version as if it were the original thing: > > > Why (specifically) do you think the MIT version of PGP has no > > backdoors and is not subject to attacks such as the one outlined in my > > previous posting? > > PGP 2.0 was released in September, 1992, from Europe, and many many > people have been examining it ever since. I truly belive that there > are no backdoors. So you believe that there are no backdoors because it was released from Europe and people have looked at it since. ... > > Anyways, to get back to my claims of your hurtful statements: > > > Why (specifically) do you think so? Because you claim it? Because the > > MIT maintainer claims it? You say MIT is not associated with the NSA, > > but they have historically been funded by the NSA and other federal > > agencies for work on information security. Do you really think that the > > only information protected by PGP is dirty pictures? Do you somehow > > think that MIT and the NSA are above that sort of thing? All you have to > > do is look at history, and it should be clear that this appeal to > > authority is often used by those trying to cover things up. If you know > > I DO NOT GET PAID FOR ANY WORK I DO ON PGP! I HAVE NEVER RECEIVED A > DIME FOR MY WORK. I WORK ON PGP BECAUSE I BELIEVE IN IT. Having said > that, I cannot BELIEVE you would have the Balls to say that the NSA > has bought me. Go re-read what you've said. You have just said that > the MIT PGP team, through MIT, is bound to be covering something up > because of historical fact. I think that you miss the point. If you worked for the NSA, you would probably say this as well. The point is that, for the purposes of looking at the security of PGP, we should assume that you have evil intent, whether you do or not. I didn't say that the NSA bought you. I asked " Why (specifically)..." The question mark at the end is a dead give-away. It is factually accurate that government agencies have gotten the cooperation of academics in the past to carry out subversions in order to further their goals. I asked "Do you somehow think that MIT and the NSA are above that sort of thing?" You apparently do, but history tell us that it is imprudent to do this. So if there has been a failure in communications in this respect, I appologize for not making it as clear as I might have. If you feel personally slighted, I am sorry that you feel this way. Nevertheless, I believe that it is prudent to believe that the NSA has "bought you" for the purpose of assessing the security of PGP and to ask the question "Why (specifically) do you think so?" > I have never said "Believe me when I said PGP is secure". I have > continually asked for you to check on the security yourself. But you > have continually refused to do that, and asked why it is secure! So, > you refuse to look for yourself, and you refuse to believe it when you > are told. I have not refused to do any such thing. I have had a copy of PGP for quite some time, but it is too large and complex for me to verify by hand, and I know of no automated technique that can do the job in any reasonable amount of time. I was probably wrong to assume that this was obvious. > So, what the hell do you want? Do you want a line-by-line > examination of the code???? Sheesh! I think it would be prudent to do and publish a line-by-line walkthrough of the source of PGP (although not to the whole list please). You should be trying to prove properties such as the non-interference of any of the rest of the code with the key generation (or other) algorithms. This may be done by an information flow analysis similar to what was done on our secure W3 server. It would also be prudent to perform adequate tests of the properties of inputs from people to determine the true information content of the seeds and to publish these results so they can be critiqued. Perhaps it would also be valuable to have the members of this list contribute ideas about properties they think would be worth verifying. > > It cannot be safely assumed that any program is clean or that any one > > person or group is not involved with intentionally subverting security. > > That violates the fundamental principles of information protection. > > You're right, which is why the source code is publically available. I > would wholeheartedly agree with you if only binaries are shipped, but > the source is available. Anyone can look through and verify the code. > Anyone can try to find weaknesses. In fact, everyone is encouraged to > do so. I don't see how _this_ "violates the fundamental principles of > information protection". The problem is that merely shipping however many lines of source code does little to demonstrate its propriety. A publicly posted version of the source for IRC, for example, had an obvious Trojan horse that wasn't detected for more than 6 months and was actively being used to attack systems over the entire period. In order to assess the source code, it is necessary to also publish appropriate demonstrations of WHY it is secure. > > You might be, but even if you are not, that doesn't mean there are no > > back doors. Your inability to detect a backdoor gives me little > > confidence, since this is at least an NP-complete problem and, with all > > due respect, today, nobody can prove that PGP is free of backdoors > > I think I've finally figured out where you are completely confused!!! > You are confusing "back door" with "bug". FYI: A back door is usually > a means to make it easy for someone to get into a system. For > example, if I put in code so that I could read every PGP message by > typing the passphrase "Setec Astronomy", that would be a backdoor. > The fact that httpd was exploitable, or sendmail holes, or etc. are > BUGS, not Back doors. But don't you see? If I introduce a subtle backdoor and make it look like a bug, I have plausible deniability. Since I, as an independent observer, cannot tell whether the hole is intentional or accidental, I should, for the purposes of considering security, assume that it is intentional. > Your problem is that you are using these terms interchangably. THEY > ARE NOT THE SAME. Putting in a backdoor has the connotation of > intent. A bug is an accidental occurrance that was a side effect of > poor coding, a typo, carelessness, confusion, inconsistency, etc. A > back door, on the other hand, is a DELIBERATE ATTEMPT TO REDUCE OR > CIRCUMVENT SECURITY! But how can I, as an independent observer, tell if it is an accident or a cleaverly intentional subversion? I cannot look into your brain and tell the difference, and no statement you make can reasonably convince me. They may not be the same, but they are not differentiable by an independent observer. From a scientific point of view, they are the same. From a humanistic point of view they may be different. > > "...Choosing random quantities to foil a resourceful and motivated > > adversary is surprisingly difficult. ...recommends the use of truly > > random hardware techniques and shows that the existing hardware on many > > systems can be used for this purpose." > > > > PGP does not use "truly random hardware techniques" > > Oh? It doesnt? How can you say that? In what way does it not do > this? The RFC states, in your quote, that "existing hardware on many > systems can be used" for truly random hardware techniques. Please, > substantiate your claim that PGP does not do this. Show me code > segments which show it does not. Show me an analysis that goes > contrary to the RFC. You have it backwards. You show me that the techniques you claim to be truely random are indeed that. Supposedly random number generators have been created for many years, and plenty of them have been broken after many years of being held to be secure with the algorithm and the full details available for all to see. > > But the RFC acknowledges that these methods are highly suspect and should > > not be trusted. > > You're right, it should not be blindly trusted. Go read the code and > examine the algorithms to prove to yourself that it is secure. I've > done that to the extent that I wish, and I believe it is secure. But > you wont take my word for it, so go ahead and check! Oh, wait, you > wont do that either. Sorry. I forgot. But I cannot prove that it is secure. In fact, I believe that it is not! > > How is it "unscholarly, unprofessional, needlessly personal, and just > > plain insulting" to question the idea that hundreds of thousands of > > people are trusting their freedom to software that is probably not > > secure? I think it is highly unprofessional to try to claim that PGP is > > secure and to try to bolster that position by claiming that some > > "Request for Comments" supports it when that same said RFC refutes it. > > Show me some proof that PGP is "probably not secure"? Come on, there > is a finite probability that I can walk through a wall! The laws of > quantum probablility give me this finite probability! But I'd be hard > pressed to show you that I can walk through the wall. It looks good > on paper, but it just ain't gonna happen. That's exactly what the Germans said about the Enigma and others have been saying about cryptosystems for the past 4,000+ years. They have been shown wrong again and again, and as a result, people like me want more than just an "I believe it's secure". > As for the RFC, it does not refute that PGP is secure. In fact, PGP > pretty much follows the RFCs guidelines. You clearly have selective > reading. A useful skill -- I should learn it. It takes years of practice. > > It has been my general impression that "scholarly" means, among other > > things, questioning the status quo and finding out where the generally > > accepted ideas break down. I am a professional in the field of > > information protection, and I consider it highly unprofessional in this > > field to assume that systems are secure without ample evidence to > > support it. > > Dont forget that you have to run PGP in some OS. Please show me a > secure OS! Given that the OS cannot be secure (using your logic it is > intuitively obvious that this is true) then how can you ask to see a > program any more secure than the enviornment in which it runs? PGP > tries to be as secure as possible given the environment in which it is > being run. I agree that it is often easier to break into the computer to get the keys than it is to break the cryptosystem. That was my next bone to pick with PGP - the way it stores the keys. But I'll save that for another day. > > So far, I see no ample evidence to support the security of PGP's key > > generation algorithm relative to the concerns I have expressed. Those > > concerns are fairly specific as far as I am concerned, but if you feel I > > have to demonstrate a specific attack that works in order to question > > the adequacy of protection, I think you have it backwards. > > No, your concerns have been utterly vague. The closest you've come to > being at all specific is some vague notion of analyzing keystrokes. > In every message I've responded to, I've asked you to expand upon what > you mean. What kind of analysis do you mean? How do you propose to > analyze keystroke timings? Even if you have a probabalistic model of > keystroke timings, all you can possibly do is compare two different > probabilities to see if they are the same. But that doesn't help you > limit the search on keys. For example, you can generate the most probable 10^40 or so input sequences, do key generation, and test against them to find out if the user's key is one of them. The question I am posing could be considered as a question of the information content of the original input to PGP's key generation process. How could this be subtly altered by a person responsible for maintaining PGP or detected and not repaired by same? For example, a loop index could be calculated incorrectly by having a different part of PGP overwrite the loop index using an incorrect ponter conversion. Then the loop that uses all of the input bits would be subtly altered so as to use fewer of them. The results would still look random but the total search space would be reduced to the point where a good supercomputer could run through it in only a few hours. > > If the people at MIT feel personally insulted because I have questioned > > their previously accepted ideas, it's just too bad. I didn't say they > > I'm not insulted that you are questioning PGP. I am insulted because > in every message you have sent, you have postulated some conspiracy > with the government or postulated some intentional weakening of PGP. And history tells us that the U.S. government does this quite often. They are actively trying to harass PGP's author using a variety of what could be reasonably called dirty tricks, they are actively trying to prevent the use of good cryptography in the US, and they are actively trying to make certain uses of cryptography illegal. Why should I believe that they would not also try to subvert PGP? > Your statements could almost be construed as libelous, which is why I > feel insulted. I feel extremely comfortable with people questioning > the security of PGP. What I dont like is someone stating that it is > not secure, slaiming some sort of back door (which connotes some > intent to reduce the security) and does not back up the claim with any > proof. What I don't like is people that state it is secure but can't back it up with real facts. Why (specifically) do you believe PGP is secure? Forget your ego and the posturing about how you are not working for the NSA and come up with a really good demonstration of the reason PGP is secure, and I will be very quick to commend you. ... > Ok. Please explain what kind of keystroke timing analysis you > propose, and I will attempt to answer that, or concede your point. Fair enough. A useful first step would be to demonstrate the real information content of the keystrokes and timings entered by the user across a reasonable number of different platforms, users, and trials. That would start to address the potential that there is a fundamental mistake in (or intentional corruption of) the input process. The demonstrations described earler would also be worthwhile in demonstrating the lack of subtle interaction among the parts of PGP (I refer to the information flow analysis). After that, you should solicit other ideas from as wide an audience as possible to see what sorts of properties should be considered for this sort of program, and go about picking the most important ones first, and so on. I would be happy to discuss further details off-line. > > OR come up with another alternative that doesn't ignore my question, > > doesn't avoid the issue, doesn't appeal to authority that fails to > > adequately support your contentions, and doesn't claim that I an > > somehow unprofessional or scholarly for questioning an unproven > > contention. > > Have you heard the thought experiment of putting a back-door in login > by modifying the C compiler to modilgy the C compiler to modify login? > Think about that in terms of the security of PGP -- you are always > going to be limited in security to the security of the system on which > you are running. Not a thought experiment, the Turing award paper in 1984 - came out just a little bit after the IFIP conference in which computer viruses were first publicly described and analyzed. > I only believe you are being unscholarly because you are making claims > without any supporting evidence. _THAT_ is unscholarly! I think there is good supporting historical evidence for my questions. But I don't believe I have made any "claims". ... -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From pgf at tyrell.net Tue Aug 1 05:19:20 1995 From: pgf at tyrell.net (Phil Fraering) Date: Tue, 1 Aug 95 05:19:20 PDT Subject: OS noise [Was: a hole in PGP] In-Reply-To: Message-ID: <199508011214.AA17761@tyrell.net> Nathan, I know about the Amiga's small OS; I have used them on and off over the years and recently acquired a non-functional one that I had repaired; it's at the repair shop in Houston, waiting for the next time I'm able to go to Houston and pick it up. I really didn't want to start an OS holy war, although personally my recent experiences with Windows incline me towards joining the Linux Inquisition. Our main weapon is fear, fear and suprise! Our _two_ main weapons are fear, suprise, and an almost fanatical devotion to the principles of K & R C. OUR THREE main weapons are... Hmm. Maybe I should come in again... +----------------+Quote from _Infinite In All Directions_, F.J. Dyson-----+ | Phil Fraering / \"The English Hierarchy, if there be anything unsound in| | pgf at tyrell.net\ /its constitution, has reason to tremble even at an air | +----------------+-pump or an electrical machine."---Joseph Priestly------+ From fc at all.net Tue Aug 1 05:19:42 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Tue, 1 Aug 95 05:19:42 PDT Subject: a hole in PGP In-Reply-To: <9508010821.AA20913@cs.umass.edu> Message-ID: <9508011212.AA17103@all.net> > > PGP does not use "truly random hardware techniques" > > Correct. However, the excerpt of RFC 1750 you quoted above does not claim > that all PRNG techniques are unreasonably insecure, nor does it suggest that > they should never be used. Nor do I. > > "...For the present, the lack of generally available facilities for > > generating such unpredictable numbers is an open wound in the design of > > cryptographic software. ... the only safe strategy so far has been to > > force the local installation to supply a suitable routine to generate > > random numbers. To say the least, this is an awkward, error-prone and > > unpalatable solution." - 1994 - after PGP was implemented. > > I agree with the RFC's authors that mandating provision of platform- > dependent routines is an awkward and unappealing strategy. Note, however, > that they characterize it as "the only safe strategy". They say that the > _strategy_ is error-prone; they do not say that all locally-supplied > routines are unreasonably insecure, and should not be used. But in practice, PGP is not used this way by the masses. They use standard distributions withou alteration. ... > > So I guess the RFC supports my contention and not [Derek Atkins']. > [...] > [re: PGP's key generation methods] > > But the RFC acknowledges that these methods are highly suspect and should > > not be trusted. > > Where ? Give a citation, please. It doesn't say anything of the sort in > the part you quoted previously. Furthermore, you inexplicably omitted all > mentions of keystroke-timing PRNG techniques in RFC 1750. Here are some > excerpts that strike me as particularly germane to the quality of the > randomness in PGP: That is my interpretation, however, reasonable people may differ... > ------------------------------------------------------------------------ > 4.2 Timing and Content of External Events > > It is possible to measure the timing and content of mouse movement, > key strokes, and similar user events. This is a reasonable source of > unguessable data with some qualifications. On some machines, inputs > such as key strokes are buffered. Even though the user's inter- > keystroke timing may have sufficient variation and unpredictability, > there might not be an easy way to access that variation. Another > problem is that no standard method exists to sample timing details. > This makes it hard to build standard software intended for > distribution to a large range of machines based on this technique. > > The amount of mouse movement or the keys actually hit are usually > easier to access than timings but may yield less unpredictability as > the user may provide highly repetitive input. > [...] Sounds like this is not very random - I agree that "the user may provide highly repetitive input". Just because one type of input is more repetitive, doesn't make the other truely random. ... > I find it difficult to reconcile your claim that "the RFC acknowledges > that these methods are highly suspect and should not be trusted" with the > RFC's assertions that: > > "the timing and content of [...] key strokes [...] is a reasonable > source of unguessable data" You left out "with some qualifications". This is the part where I have concern. > "the timing and content of requested `random' user keystrokes can > yield hundreds of random bits" You missed the "but conservative assumptions need to be made" part. Hundreds of random bits are possible, but how many actual bits of content are contained in PGP input. > "this strategy may make practical portable code to produce good > random numbers for security" You missed the "However, it may still fail against a high grade attack on small single user systems, especially if the adversary has ever been able to observe the generation process in the past. A hardware based random source is still preferable." part and your reliance on the term "may" as "does" is overly optimistic. > Having said that, allow me to state my position on some of the other > issues you've raised. I do not _know_ nor can I _prove_ that PGP has > no cryptographic backdoors. I happen to _believe_ that it does not -- > among other things, I have met Derek Atkins and Jeff Schiller, and I > trust them in this regard. I don't consider that any reason for you to > believe that it's backdoor-free. In fact, I'm not interested in trying to > persuade you or anyone else that it is backdoor-free. By the same token, > I don't see any reason for anyone here to heed your demands that they > justify _their beliefs_ to _your satisfaction_. Not demands - questions. Why is it that you are unwilling to take questions as questions and instead translate them into demands? You could have answered my questions without all the other side comments. Why didn't you? I interpret this as being defensive, which means to me that you are not as sure as you outwardly indicate and that there may be some lingering issues. So I ask more questions. You respond with more posturing and fewer answers, so I become even more concerned. It's probably my fault for not asking them in the way you are used to hearing them, or maybe we are all over-sensitive about our work. > I remain rather baffled as to your motives in this mini-campaign. You said > that no-one can prove PGP has no backdoors, and many here essentially said > "what else is new ?". In the white paper about your small "secure" HTTP daemon, > thttpd, (found at http://all.net/ManAl/white/whitepaper.html, to save you the > trouble of more self-promotion ;), it says: > > > Proof of program correctness to verify even simple security > > properties, for example, grows almost exponentially with the number of > > program statements. Verifying a 100 line limited-language program for the > > simple security properties associated with the Bell-LaPadula model of > > security takes about 24 hours of CPU time on a Cray supercomputer. The > > source code for the NCSA W3 server in widespread use today is about 6600 > > lines long, so there is no computer around today that is likely to be able > > to verify its security (or more likely demonstrate its insecurity). Which is why we need very small programs (which PGP is not) that do the security-critical functions. We can then analyze these programs and determine many important properties with regard to their security, which we cannot do with PGP. > If we adopt this standard, it seems hopeless to "verify" the PGP source, as > others have noted here. [BTW, I read your detailed code walkthrough for > thttp with interest, and commend your work on that. I'm planning some > sort of similar review for a larger piece of code, and it's encouraging > to see other people pulling it off.] Thank you, but I think it may be too hard to do for a much larger piece of code. There is another gentleman who is now working on formally (and automatically) verifying these properties. Perhaps his results will be of value in your problem and similar problems for other programs. ... > [On a largely unrelated note, why does http://all.net/admin/usepolicy.html > contain the following warning ? Specifically, why the age limit ? > > "This service is ONLY for use by legally competent adults human [sic] > individuals of age 18 or older. If you do not meet these criteria, > you should immediately cease and desist your use of this service."] I think that some of the popular literature sections may be considered pornography (Fanny Hill, the Kama Sutra, etc.) and in order to comply with the applicable laws, I thought it would be prudent to warn off our fragile youth. > "...because of Dr. Cohen's frequent, blatant, and intentional disregard for > the guidelines that this list operates under, and because of his apparent > disregard for the frequently expressed opinions of many of the members of > this list that they don't appreciate his antics, I've configured Majordomo > to divert all messages he posts to Firewalls to the list owner for review > and approval before posting..." -Brent Chapman, July 24, 1995 And if enough of those on this list feel that this discussion and my postings are too commercial or too abusive to take, I am certain that Brent will send you a free copy of his Fred filter. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From scs at lokkur.dexter.mi.us Tue Aug 1 05:50:05 1995 From: scs at lokkur.dexter.mi.us (Steve Simmons) Date: Tue, 1 Aug 95 05:50:05 PDT Subject: Commercial killers In-Reply-To: <199508010210.WAA28165@hermes.bwh.harvard.edu> Message-ID: <1995Aug1.123538.8037@lokkur.dexter.mi.us> Adam Shostack writes: > Yes, but the tv stations put in a short period of black & >silence before returning to the show. I'm pretty confident that this >is what the 'zip through commercials' vcrs cue on. Darned close. The article I saw said it detects the period of black and silence and puts a `notch' on the tape at each such switch. The notch can be detected at fast-forward speeds. My question is - what happens if there is black/silence *between commercials*? How does the VCR know that what follows a mark is show or merely the next commercial? -- Simmons' Law Of Alcoholic Expectations: The best stuff always happens after the meeting, when everyone goes to the bar. Correlary: Any meeting which doesn't adjourn to the bar isn't worth going to. From Doug.Hughes at Eng.Auburn.EDU Tue Aug 1 06:59:24 1995 From: Doug.Hughes at Eng.Auburn.EDU (Doug Hughes) Date: Tue, 1 Aug 95 06:59:24 PDT Subject: a hole in PGP Message-ID: <199508011359.IAA20397@edison.eng.auburn.edu> >How is it "unscholarly, unprofessional, needlessly personal, and just >plain insulting" to question the idea that hundreds of thousands of >people are trusting their freedom to software that is probably not >secure? I think it is highly unprofessional to try to claim that PGP is >secure and to try to bolster that position by claiming that some >"Request for Comments" supports it when that same said RFC refutes it. ... ... >As far as the potential that they are working with the NSA to subvert >personal privacy, it is a potential, just as it is a potential that I am >working with the NSA to undermine confidence in PGP. The issue is and >should be, why (specifically) do you believe that PGP is secure. Here you go again. "Probably not secure". Earlier you make implications of trap doors. The only way for a trap door to be there, would be if one of the authors put it there. Otherwise, you would be suggesting that one dark night, on a new moon, the NSA snuck in to MIT, changed the source code, inserted a back door, and snuck out without anybody being the wiser. Implying there is a trap door is much different than implying there may be a flaw in the code itself that allows a security breach. I agree with Matt's assessment on your behavior Fred. Your statements lead me (among others) to believe that you think that one or more of the authors are not trustworthy and have tampered with the code to insert trap doors. His remarks on your statements being near-defamatory hit mighty close to home for this on-looker. I'm sure I'm not alone. From rmartin at alias.com Tue Aug 1 07:04:20 1995 From: rmartin at alias.com (Richard Martin) Date: Tue, 1 Aug 95 07:04:20 PDT Subject: Stopped at the boarder In-Reply-To: <9508010351.AA18289@all.net> Message-ID: <9508011001.ZM17072@glacius.alias.com> On Jul 31, 11:51pm, Dr. Frederick B. Cohen wrote of his experiences at the Canada-USA border: > They looked at every slide, checked out > the bags themselves for secret compartments, but the one thing they > didn't do was check the contrnts of my floppy disks. Istn't technology > wonderful? Until a few years ago, carrying software across the border from the states to Canada, one would only pay duty on the value of the media. Canadian Customs regulations did not recognise any value in the information contained on the floppies. I haven't actively exported/imported software in this manner recently (well, I carried 2.6ui to Mobile and back without realising it (or, indeed, ever putting it in a drive) and so broke ITAR) so I'm not sure how things stand currently. I think they might actually have been convinced of the value of software. [Department of External Affairs and International Trade has been, as noted earlier. Danger of software, at least.] frodo =) -- Richard Martin Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team] rmartin at alias.com/g4frodo at cdf.toronto.edu http://www.io.org/~samwise Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992 From dave at dvorak.jta.edd.ca.gov Tue Aug 1 07:26:19 1995 From: dave at dvorak.jta.edd.ca.gov (Dave Otto) Date: Tue, 1 Aug 95 07:26:19 PDT Subject: a hole in PGP In-Reply-To: <9508010008.AA02790@all.net> Message-ID: <199508011426.HAA01105@dvorak.jta.edd.ca.gov> A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From devans at hclb.demon.co.uk Tue Aug 1 07:32:41 1995 From: devans at hclb.demon.co.uk (Dave Evans) Date: Tue, 1 Aug 95 07:32:41 PDT Subject: Mail2news Gates In-Reply-To: <1ef_9507281405@gigo.com> Message-ID: <807306266snx@hclb.demon.co.uk> In article <1ef_9507281405 at gigo.com> you write: > Suddenly, @news.demon.co.uk, which has worked well for ages, is rejecting > posts: I've posted a message about this to a local demon newsgroup. I haven't seen any announcement about withdrawing mail2news access from non-Demon subscribers. The mail2news gateway has been abused with spam from some large ISPs (guess which one? ), but Demon's policy seems to be that they deal with such problems on an individual or site basis. It is possible there was a configuration error at demon which may have been fixed by now. From patl at skyclad.lcs.mit.edu Tue Aug 1 08:31:10 1995 From: patl at skyclad.lcs.mit.edu (Patrick J. LoPresti) Date: Tue, 1 Aug 95 08:31:10 PDT Subject: a hole in PGP In-Reply-To: <199507312340.TAA02533@toxicwaste.media.mit.edu> Message-ID: <199508011530.LAA00429@skyclad.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "warlord" == Derek Atkins writes: warlord> This is where you are very wrong. I am not saying that "if warlord> you can't find any holes it must be secure". What I am warlord> saying is that the source is available, and thousands of warlord> people have looked at the source, and none of them have warlord> found any holes in it. While I largely disagree with Dr. Cohen's conclusions, I do think we should extinguish the "Examine the source!" mantra. I find it surprising that people so familiar with public key cryptography would be reassured by the argument, "Here, this algorithm has been examined by thousands and nobody has found a trap door." Public key cryptography demonstrates that it is possible, in principle, to construct an algorithm with a trap door that nobody else is *ever* going to find. I wonder whether Rivest could construct a hash function which only he could invert... :-) When an algorithm is essentially defined by a tangle of C code, like the PGP random number generator, the "Examine the source!" mantra becomes even more hollow. Ironically, the fact that it was designed by competent cryptographers potentially makes it even more dangerous. Of course, there is no practical alternative at this time. Maybe someday your entire operating environment will be formally proven correct, and the cryptographic algorithms will be provably as hard as factoring, and factoring will be proven hard, and the system will ask you to flip a coin and type "0" or "1" every time it needs a random bit. But until that day, you will have to decide whom to trust. Personally, I trust the authors of PGP. So do most of the people on this list, I suspect. Maybe Dr. Cohen can convince me that my trust is misplaced; but to do so, he will need something better than NSA conspiracy theories. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3beta, an Emacs/PGP interface iQCVAwUBMB5IU3r7ES8bepftAQGRvQP+Masb3fWdJg9UA6YYufuVZ5EZU8wfhuar IXpjID+iSyVV1UnMN5CiWj8912H3buUslygVnbCwv/vnuKdtz5h9k2+lpCUX4r11 2QVAWg4ij1LiA1DU7N2l2K4oqb5mszVZrQcW6aJJzqiuPcvij5Vl7cN3hDTfdttJ x9emd0xEjPA= =nxBy -----END PGP SIGNATURE----- From perry at panix.com Tue Aug 1 08:42:52 1995 From: perry at panix.com (Perry E. Metzger) Date: Tue, 1 Aug 95 08:42:52 PDT Subject: a hole in PGP In-Reply-To: <199508011530.LAA00429@skyclad.lcs.mit.edu> Message-ID: <199508011542.LAA23817@panix4.panix.com> "Patrick J. LoPresti" writes: > I find it surprising that people so familiar with public key > cryptography would be reassured by the argument, "Here, this algorithm > has been examined by thousands and nobody has found a trap door." > Public key cryptography demonstrates that it is possible, in > principle, to construct an algorithm with a trap door that nobody else > is *ever* going to find. This is not correct as you have phrased it. Although it is not possible to find a decision proceedure for any non-trivial property of programs in general (whether it halts, for example) in practice well written code can be well understood and cannot conceal very much at all. In order to use public key cryptography to obfuscate a program as you suggest, you'd have to include huge tables of large numbers in it. Any idiot can observe the existance of such mysterious tables. Trying to conceal anything in cleanly written code is an enormous challenge, and one that has nothing to do with public key crypto per se. Incidently, this doesn't mean that you can't conceal things by producing subtle flaws in, for example, random number generation code. However, such flaws are hardly of the form "nobody else is *ever* going to find" -- anyone being extremely cautious in his analysis will find such flaws. .pm From sdw at lig.net Tue Aug 1 08:45:39 1995 From: sdw at lig.net (Stephen D. Williams) Date: Tue, 1 Aug 95 08:45:39 PDT Subject: Sex & Crime TV filter In-Reply-To: Message-ID: > > > Wow! I think Ted just hit on something that could be used to quickly derail > the "V-chip": > > At 4:02 PM 7/31/95, Thaddeus J. Beier wrote: > > >The chip that interprets the content does it solely based on the rating > >information. This is the so-called "v-chip" (v for violence, I think, > >not for video) that you see in the press. > ... > >qualifications of most people. Besides, what I would really > >like to filter out, what I find to be incredibly violent to the > >minds of children, is commercial advertising. Private rating > >services could take care of these, easily, as well. > > I agree, of course, about it not being the role of government/FCC/etc. to > mandate such ratings, such chips, etc. > > However, to help derail this V-chip being mandated, what if we (I mean > activists, writers of columns, etc.) "insisted" that _commercials_ be > similarly labelled? > > "Yes, if violence and sex is to be "voluntarily rated," we think that > commercial advertising ought to be similarly rated." > > It might be hard for the legislators to avoid the logic of this. > Advertisers, fearing people would of course mute the commercials, would > then quietly urge them to drop the whole idea. > > --Tim May > > .......................................................................... > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at sensemedia.net | anonymous networks, digital pseudonyms, zero > 408-728-0152 | knowledge, reputations, information markets, > Corralitos, CA | black markets, collapse of governments. > Higher Power: 2^756839 | Public Key: PGP and MailSafe available. > "National borders are just speed bumps on the information superhighway." > > > -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From nsb at nsb.fv.com Tue Aug 1 09:07:11 1995 From: nsb at nsb.fv.com (nsb at nsb.fv.com) Date: Tue, 1 Aug 95 09:07:11 PDT Subject: Zimmermann legal fund Message-ID: <9508011604.AB27380@ nsb.fv.com> At 12:20 PM 8/1/95 +0800, Enzo Michelangeli wrote: >Now, my main objection to opening a US account is that it's unclear >whether or not, for simply receiving payments there, a non-resident and >non-citizen account holder like myself incurs in any tax liability with >Uncle Sam's Inland Revenue. Can anybody on this list shed light on the >issue? Last time I checked, the guys at FV weren't sure either. The real question isn't based on your bank account, but on whether or not Uncle Sam thinks you are "doing business in" the US. This is the fundamentally thorny question that is raised by cyberspace businesses. Having payments made to a US bank account may make it more likely that the US will decide that you are doing so, but they could decide it anyway just because you have buyers in the US, or because you're using a US-based payment server. The laws are, to say the least, not clear on such points. As a practical matter, however, it is true that using a US account will make it easier for Uncle Sam to tax you if it decides that's appropriate. -- NB From rjc at clark.net Tue Aug 1 09:15:27 1995 From: rjc at clark.net (Ray Cromwell) Date: Tue, 1 Aug 95 09:15:27 PDT Subject: a hole in PGP In-Reply-To: <199508011530.LAA00429@skyclad.lcs.mit.edu> Message-ID: <199508011615.MAA19157@clark.net> > > -----BEGIN PGP SIGNED MESSAGE----- > > >>>>> "warlord" == Derek Atkins writes: > > warlord> This is where you are very wrong. I am not saying that "if > warlord> you can't find any holes it must be secure". What I am > warlord> saying is that the source is available, and thousands of > warlord> people have looked at the source, and none of them have > warlord> found any holes in it. > > While I largely disagree with Dr. Cohen's conclusions, I do think we > should extinguish the "Examine the source!" mantra. > > I find it surprising that people so familiar with public key > cryptography would be reassured by the argument, "Here, this algorithm > has been examined by thousands and nobody has found a trap door." > Public key cryptography demonstrates that it is possible, in > principle, to construct an algorithm with a trap door that nobody else > is *ever* going to find. I wonder whether Rivest could construct a > hash function which only he could invert... :-) That's a neat metaphor, but it doesn't always apply. It shouldn't apply to algorithms which are primitive recursive. Elementary algorithms like multiprecision add, sub, multiply, divide, modmult, and modexp (the basis of public key encryption) are all provably correct and all terminate. (the basis is polynomial operators over a ring) It is possible to verify the implementation (assuming the correctness of the compiler). Now there could be a "factoring" trapdoor in RSA, but that's a trapdoor not in the implementation of PGP, but in the algorithm itself. RSA-in-4-lines-perl is probably provably correct. To guard against trapdoors in PGP, you should verify the correctness of the PRNG, Key Generator, and that no private key bits or session key bits are leaked. I would suspect this could be difficult, but approximations could be determined to within a high degree of confidence. -Ray From adam at bwh.harvard.edu Tue Aug 1 09:25:00 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 1 Aug 95 09:25:00 PDT Subject: Software Glitch FYI In-Reply-To: Message-ID: <9508011623.AA01033@waller.harvard.edu> I would think that it is in fact necessary for Congress to fix their email system. Asking me to change my work habits to make the Congressmen's lives easier is a prime example of whats wrong with Congress. 30 millions people should act differently so that postmaster at house.gov doesn't have to do his job? | A Congressman's aid called me today to explain that if you send email to all | the Congressmen's offices at one time, the software at their end causes each | Congressman to receive 50 copies. | | Please be sure everyone is aware of this glitch. | | To prevent 50 copies from being sent to each Congressman, it is necessary to | break the mailing list into 5-10 addresses at a time. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From patl at skyclad.lcs.mit.edu Tue Aug 1 09:34:31 1995 From: patl at skyclad.lcs.mit.edu (Patrick J. LoPresti) Date: Tue, 1 Aug 95 09:34:31 PDT Subject: a hole in PGP In-Reply-To: <199508011542.LAA23817@panix4.panix.com> Message-ID: <199508011634.MAA00496@skyclad.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "perry" == "Perry E Metzger" writes: perry> "Patrick J. LoPresti" writes: >> I find it surprising that people so familiar with public key >> cryptography would be reassured by the argument, "Here, this >> algorithm has been examined by thousands and nobody has found a >> trap door." Public key cryptography demonstrates that it is >> possible, in principle, to construct an algorithm with a trap door >> that nobody else is *ever* going to find. perry> This is not correct as you have phrased it. On the contrary, it is *precisely* correct as I have phrased it. perry> Although it is not possible to find a decision proceedure for perry> any non-trivial property of programs in general (whether it perry> halts, for example) in practice well written code can be well perry> understood and cannot conceal very much at all. Check my phrasing again. Note the use of "in principle". Whether the principle applies in practice is certainly a matter for debate. I would point out that 1) PGP is hardly well written code, and 2) many current cryptographic algorithms make ideal places for concealing all sorts of things. perry> In order to use public key cryptography to obfuscate a program perry> as you suggest, you'd have to include huge tables of large perry> numbers in it. Any idiot can observe the existance of such perry> mysterious tables. Sorry, I can't resist. From "md5.c" in the PGP distribution: /* * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious * initialization constants. */ void MD5Init(struct MD5Context *ctx) { ... (Note: Of course I don't think that MD5 has a back door, but that has more to do with my trust of Rivest than the fact the algorithm is public.) perry> Trying to conceal anything in cleanly written code is an perry> enormous challenge, and one that has nothing to do with public perry> key crypto per se. By "cleanly written code", I presume you mean code which is either formally proven to be a correct implementation, or code which is so transparent that it is "obviously" a correct implementation. PGP's random number generator is neither. Moreover, as I precisely mentioned, the algorithms themselves can conceal back doors. This has plenty to do with public key cryptography. A reduction proof from a known hard problem would make this virtually impossible, but there is no such proof for PGP's random number generator. (Nor for any other algorithm used by PGP, although I admit RSA comes close.) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3beta, an Emacs/PGP interface iQCVAwUBMB5XVXr7ES8bepftAQGkJgP9Gopf96k2vu5ORjqQCOk0hPNrdwtmcR71 THm+nPgWk2m1CHGXHF3FhgZ7FNZS8zubv1fzunKA+QDFcqKghHCFfhD+pof4bUF6 fYVq89Oc3P7/pIvS3pCR8BBN/8BTLwxlP+OsPbF4YNANXqsbiqyjvezruojKaOI8 QiVInZxdeoI= =BfP6 -----END PGP SIGNATURE----- From WOOD at VAX2.ROCKHURST.EDU Tue Aug 1 09:40:32 1995 From: WOOD at VAX2.ROCKHURST.EDU (WOOD at VAX2.ROCKHURST.EDU) Date: Tue, 1 Aug 95 09:40:32 PDT Subject: commerical busters Message-ID: <01HTK2WJPWYQ001IQN@VAX2.ROCKHURST.EDU> ON: 31-JUL-1995 20:14:46.10, dan at netmarket.com wrote: > At 8:50 PM 07/31/95, Patrick May wrote: > > > My dim memories from a project I did for Sony a couple of years > >ago are that commercials are separated by a fixed number of black > >frames and some, at least, have tracking information encoded so that > >advertisers can monitor how often they are played. I'll try to dig up > >more info. > > From: dfitzpat at interserv.com > Wednesday July 26, 1995 -- ShopTalk > > - -- > > NEW VCRs TAKE ON COMMERCIALS POINT-BLANK > > By Jonathan Takiff > Philadelphia Daily News Staff Writer > > > Already besieged by Washington politicians over the content of TV > programming (and threats of a show-blocking chip), television > broadcasters are about to be hit with another whammy. This time it's > VCRs that automatically blank out commercials. > > > > $$$$ $$$$$ $$$$ > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBMB193KZKaCr9f/gtAQFa5AP/ZEmtSM/hSXb6zcFHDmv9Me0thtAqqCxZ > 7COYgWxuLkl78+y/INpFKW861mrNig1UlO8Q+vDImKK3qUmTS1tzRWNIH9XVyYtA > pJ05g/Z/WKUPx17jd2no9oRqut4bziLa4iMj59B/4nxAhIjEtE5TZFP6okCQ1HGm > qbFhOteJavc= > =Opny > -----END PGP SIGNATURE----- > dan Hello all, I have thought about this before, as usual my ideas are not new. My vision was like this. 1. Develop a few methods to recognize commercials through cable T.V. a. The blank spaces between broadcasting? b. Analysis of image information? c. Analysis of sound information? d. Understanding cable T.V. protocols? e. etc? 2. My commerical buster would work on a delay. a. The broadcast information would enter a queue. b. The broadcast information would be evaulated. c. If all of the tests for commericals passed, display. d. If any of the tests fail, the T.V. goes blue, and my CD player is served. e. The time of delay is dependent on the time to analyze the broadcast information. I wish it could happen, I hate commericals. Many Thanks, ------------------------------------------- | "Computers are boring and slow." | | | | David Wood | | Information Systems Specialist? | | wood at vax2.rockhurst.edu | ------------------------------------------- From patl at skyclad.lcs.mit.edu Tue Aug 1 09:55:43 1995 From: patl at skyclad.lcs.mit.edu (Patrick J. LoPresti) Date: Tue, 1 Aug 95 09:55:43 PDT Subject: a hole in PGP In-Reply-To: <199508011615.MAA19157@clark.net> Message-ID: <199508011655.MAA00520@skyclad.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "rjc" == Ray Cromwell writes: rjc> That's a neat metaphor, but it doesn't always apply. It rjc> shouldn't apply to algorithms which are primitive rjc> recursive. Elementary algorithms like multiprecision add, sub, rjc> multiply, divide, modmult, and modexp (the basis of public key rjc> encryption) are all provably correct and all terminate. (the rjc> basis is polynomial operators over a ring) It is possible to rjc> verify the implementation (assuming the correctness of the rjc> compiler). Now there could be a "factoring" trapdoor in RSA, but rjc> that's a trapdoor not in the implementation of PGP, but in the rjc> algorithm itself. RSA-in-4-lines-perl is probably provably rjc> correct. To guard against trapdoors in PGP, you should verify rjc> the correctness of the PRNG, Key Generator, and that no private rjc> key bits or session key bits are leaked. I would suspect this rjc> could be difficult, but approximations could be determined to rjc> within a high degree of confidence. As I suggested, you could 1) only use algorithms which are provably as hard to break as known hard problems, and 2) only use implementations which are proven correct. PGP does neither. In addition, the complexity of the source makes #2 difficult even to approximate. Now, we could certainly take care of #1 fairly easily by using a different set of algorithms. And as you suggest, #2 can be approximated if the code is written cleanly. But this would be a big project, and it would not be PGP. I personally would find such a project pointless, since I trust PGP enough for my needs. The availability of the source is a necessary prerequisite for that trust, but it is by no means convincing. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3beta, an Emacs/PGP interface iQCVAwUBMB5cZHr7ES8bepftAQFtBwQA2qDiS0BpvkFBj9HRRd/83OxjSczna/jn wj5eb+2KMSbj87SuD3ByUFcXQmWIqO6bNq5CkzoxmGvrk/y1futjAF/BeGcVlM1+ T4ClfmrIFbqwd/j7i1Qaw7ExN6rNjgQUdRYmo8Nlr1JVaAymCtx2f4GqKRuwP3oy Tc/W8GXThM0= =qdFB -----END PGP SIGNATURE----- From rah at shipwright.com Tue Aug 1 09:58:30 1995 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 1 Aug 95 09:58:30 PDT Subject: IEEE Symp on Security and Privacy - Call for papers Message-ID: >From: zurko at osf.org (Mary Ellen Zurko) >Subject: IEEE Symp on Security and Privacy - Call for papers >To: www-buyinfo at allegra.att.com >Date: Tue, 1 Aug 95 9:29:33 EDT >Cc: zurko at osf.org (Mez) >Mailer: Elm [revision: 70.85] > > CALL FOR PAPERS > >1996 IEEE Symposium on May 6-8, 1996 >Security and Privacy Oakland, California > > sponsored by > IEEE Computer Society Technical Committee on Security and Privacy > in cooperation with > The International Association for Cryptologic Research (IACR) > >Since 1980, the Symposium on Security and Privacy has been the premier >forum for presenting developments in computer security and for >bringing together researchers and practitioners in the field. > >This year, we seek to build upon this tradition of excellence by >re-emphasizing work on engineering and applications as well as >theoretical advances. We also seek to broaden the scope of the >Symposium by introducing additional topics. We want to hear not only >about new theoretical results, but also about work in the design and >implementation of secure systems and work on policy relating to system >security. We are particularly interested in papers on policy and >technical issues relating to privacy in the context of the Information >Infrastructure, papers on securing unsecure applications and operating >systems, papers that relate software and system engineering technology >to the design of secure systems, and papers on hardware and >architectural support for secure systems. > >The symposium will focus on technical aspects of security and privacy >as they arise in commercial and industrial applications, as well in >government and military systems. It will address advances in the >theory, design, implementation, analysis, and application of secure >computer systems, and in the integration and reconciliation of >security and privacy with other critical system properties such as >reliability, performance, and safety. Topics in which papers and >panel session proposals are invited include, but are not limited to, >the following: > > >Secure systems Privacy Issues Access controls >Security verification Network security Policy modeling >Information flow Authentication Database security >Data integrity Security Protocols Viruses and worms >Auditing Biometrics Smartcards >Commercial and industrial security Intrusion Detection >Security and other critical system properties Distributed systems security >Novel applications of cryptography and other security techniques > >We will continue the session of very brief (5-minute) talks introduced >last year. Our goal is to make it possible for us to hear from people >who are advancing the field in the areas of system design and >implementation, and who would like to present their ideas to the >symposium audience but may lack the time and resources needed to >prepare a full paper. Submissions for this session will be accepted >up to April 2, 1996 to permit us to hear of the most recent >developments. Abstracts of these talks will be distributed at the >conference. > >INSTRUCTIONS TO AUTHORS: > >Send six copies of your paper and/or proposal for a panel session to >John McHugh, Program Co-Chair, at the address given below. Papers and >panel proposals must be received by November 6, 1996. Papers, which >should include an abstract, must not exceed 7500 words. The names and >affiliations of the authors should appear on a separate cover page >only, as a ``blind'' refereeing process is used. In addition to the >paper submission, an ASCII copy of the paper title and abstract should >be sent to the Program Co-Chair (mchugh at cs.pdx.edu) by electronic mail. >These will be distributed electronically (without author >identification) to the entire program committee to aid in the >appropriate assignment of referees. Authors must certify prior to >December 25, 1996 that any and all necessary clearances for >publication have been obtained. > >Papers must report original work that has not been published >previously, and is not under consideration for publication elsewhere. >Abstracts, overlength papers, electronic submissions, late >submissions, and papers that cannot be published in the proceedings >will be rejected without review. Authors will be notified of >acceptance by January 16, 1996. Camera-ready copies are due not later >than March 4, 1996. > >Panel proposals should describe, in two pages or less, the objective >of the panel and the topic(s) to be addressed. Names and addresses of >potential panelists (with position abstracts if possible) and of >the moderator should also be included. Panels are not intended to >serve as alternate paper sessions and it is expected that, with the >possible exception of an overview of the topic area by the panel >chair, individual presentations by panel members will be limited to >five to ten minutes and that at least one third of the session will be >reserved for discussion. > >Submitters of abstracts for the special session of five-minute talks >should submit one page abstracts to John McHugh, Program Co-Chair, at >the address given below. The abstract should be one page or less; >Email submissions of 30 to 60 lines are preferred. Abstracts must be >received by April 2, 1996. Authors will be notified of acceptance or >rejection of abstracts by April 16. Submitted abstracts that are >accepted will be distributed at the conference. Presenters of >five-minute talks are expected to register for the conference. >Overtly commercial presentations are inappropriate. > >The Symposium will also include informal poster sessions where >preliminary or speculative material, and descriptions or >demonstrations of software, may be presented. Send one copy of your >poster session paper to Dale Johnson, at the address given below, by >January 31, 1996, together with certification that any and all >necessary clearances for presentation have been obtained. > >Again this year, we will attempt to counsel prospective authors. If >you have questions about whether or how to present your work to the >symposium, please send email to the Chair (dmj at mitre.org), and we will >do our best to assist you. > >Information about this conference will be also be available by >anonymous ftp from ftp.cs.pdx.edu in directory /pub/SP96, on the web >at http://www.cs.pdx.edu/SP96. The program chairs can be reached by >email at sp96 at cs.pdx.edu. > >PROGRAM COMMITTEE > >Dave Bailey, Galaxy Computer Services, USA >Terry Vickers Benzel, TIS, USA >Lee A. Benzinger, Loral, USA >Debbie Cooper, DMCooper, USA >Oliver Costich, Independent Consultant, USA >Yves Deswarte, LAAS-CNRS & INRIA, FR >Jim Gray, Hong Kong U. of Sci. and Tech, HK >Lee Gong, SRI, USA >Sushil Jajodia, GMU, USA >Paul Karger, GTE, USA >Carl Landwehr, NRL, USA >John McLean, NRL, USA >Catherine A. Meadows, NRL, USA >Rich Neely, CTA, USA >Sylvan S. Pinsky, DoD, USA >Mike Reiter, AT&T, USA >Sue Rho, TIS, USA >Peter Ryan, DRA, UK >Tom Schubert, Portland State Univ., USA >Stuart Stubblebine, AT&T, USA >Elisabeth Sullivan, Sequent, USA >Tom Van Vleck, Taligent, USA >Vijay Varadharajan, Univ. of Western Sydney, AU >Yacov Yacobi, Belcore, USA >Raphael Yahalom, Hebrew University, Israel >Mary Ellen Zurko, OSF, USA > > >For further information concerning the symposium, contact: > > > Dale Johnson, General Chair John McHugh, Program Co-Chair > The MITRE Corporation Computer Science Department > Mailstop A156 Portland State University > 202 Burlington Rd P.O. Box 751 > Bedford, MA 01730-1420, USA Portland OR 97207-0751, USA > Tel: +1 (617) 271-8894 Tel: +1 (503) 725-5842 > Fax: +1 (617) 271-3816 Fax: +1 (503) 725-3211 > dmj at mitre.org mchugh at cs.pdx.edu > > Steve Kent, Vice Chair George Dinolt, Program Co-Chair > BBN Systems and Technologies Loral WDL > Mailstop 13/2a P.O. Box 49041, MS X20 > 70 Fawcett Street San Jose, CA 95161-9041 > Cambridge, MA 02138 Tel: +1 (408) 473-4150 > Tel: +1 (617) 873-6328 Fax: +1 (408) 473-4272 > Fax: +1 (617) 873-4086 dinolt at wdl.loral.com > kent at bbn.com > > Charles Payne, Treasurer > Secure Computing Corporation > 2675 Long Lake Road > Roseville, MN 55113 > Tel: +1 (612) 628-1594 > Fax: +1 (612) 628-2701 > cpayne at sctc.com > > Peter Ryan, European Contact Jim Gray, Asia/Pacific Contact > Defence Research Agency Department of Computer Science > Room NX17 Hong Kong Univ. of Science & Technology > St Andrew's Rd Clear Water Bay, Kowloon, Hong Kong > Malvern Tel: +852 358-7012 > Worcs WR14 3PS,UK Fax: +852 358-1477 > Tel +44 (0684) 895845 gray at cs.ust.hk > Fax +44 (0684) 894303 > ryan at rivers.dra.hmg.gb > ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From tcmay at sensemedia.net Tue Aug 1 09:59:52 1995 From: tcmay at sensemedia.net (Timothy C. May) Date: Tue, 1 Aug 95 09:59:52 PDT Subject: BOOK: "Artificial Intelligence: A Modern Approach" Message-ID: On a lighter note, I've recently gotten a new book, "Artificial Intelligence: A Modern Approach," by Stuart Russell and Peter Norvig, 1995, Prentice-Hall, ISBN 0-13-103805-2. In 900 pages of well laid-out text, with excellent use of typography to make finding topics easy, it seems to be a great compendium of methods loosely called "AI." AI has gotten a bad rap, perhaps deservedly after the hype of the mid-80s, but the methods are useful for various purposes. This book is focussed on "agents," and lots of code fragments are available (in Common Lisp) for actual construction of agents. Topics that relate to Cypherpunks are scattered throughout the text, including stuff on planning, provably correct designs, game theory, simulations, neural nets, belief, and ontology. Lots more stuff, too. (If I were writing a formal book review, I'd say more. But this is just a pointer, so that interested folks can check it out at their local technical bookstore or university library.) Not a lot to do with getting PGP 3.0 out the door, and not a lot to do with building remailers, but stuff I find interesting. Let a thousand flowers bloom. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at sensemedia.net | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sandfort at crl.com Tue Aug 1 10:16:14 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 1 Aug 95 10:16:14 PDT Subject: Currency risk on bank accounts In-Reply-To: <199508010621.XAA28791@ix6.ix.netcom.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Mon, 31 Jul 1995, Bill Stewart wrote: > Some of the Channel Island banks offer accounts with ATM cards; > I think some of them are in Jersey (you don't have to remind people > you didn't say _New_ Jersey :-) Banks most any place in the world can do the same. You can get ATM cards from banks in Europe and Asia and probably Africa and Latin America that use the PLUS or Cirrus(sp?) system. You can open an account by mail at most of them. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From erc at khijol.intele.net Tue Aug 1 10:52:32 1995 From: erc at khijol.intele.net (Ed Carp [khijol SysAdmin]) Date: Tue, 1 Aug 95 10:52:32 PDT Subject: a hole in PGP In-Reply-To: Message-ID: On Tue, 1 Aug 1995, Duncan Frissell wrote: > On Mon, 31 Jul 1995, Dr. Frederick B. Cohen wrote: > > > Why (specifically) do you think so? Because you claim it? Because the > > MIT maintainer claims it? You say MIT is not associated with the NSA, > > but they have historically been funded by the NSA and other federal > > agencies for work on information security. Do you really think that the > > Of course MIT was in the NSA's pocket back in 1978 when they mailed me > and 3,000 other people a copy of "A Proposal for a Public Key Encryption > System" and started this whole Public Key-Private Key thing. It was all > part of a plot. If they hadn't done that we might all be using stronger > systems today. Sounds like another LD tentacle to me ;) -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. From tcmay at sensemedia.net Tue Aug 1 11:12:32 1995 From: tcmay at sensemedia.net (Timothy C. May) Date: Tue, 1 Aug 95 11:12:32 PDT Subject: Cypherpunks Santa Cruz (CSC) Message-ID: About a month ago I sent out a notice suggesting that we in the greater Santa Cruz area (Monterey, Carmel, Watsonville, Soquel, Boulder Creek, even parts of Santa Clara Valley, etc.) have a get-together occasionally, as the Bay Area meetings are quite far away (and possibly getting further away if they continue meeting in San Francisco). Response was better than I'd expected, with 17 people sending me notes asking to be kept informed of the thing. I just sent out a notice to them, partly to make sure my mail addresses are accurate and well-formed, and partly to update them on the meeting time (which will be Saturday, August 26th, the last Saturday of the month, at my house in Corralitos, CA). If you got my "CSC MEETING..." message, then you need do nothing further. If you did not get it, and wish to, send me a message. If you know of others in the area who may be interested, forward them this message. This mailing list is maintained manually, in Eudora Pro, so send me English messages, or the best approximation of English you can manage. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at sensemedia.net | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at sensemedia.net Tue Aug 1 11:23:03 1995 From: tcmay at sensemedia.net (Timothy C. May) Date: Tue, 1 Aug 95 11:23:03 PDT Subject: Provably Correct Crypto? Message-ID: At 4:15 PM 8/1/95, Ray Cromwell wrote: > That's a neat metaphor, but it doesn't always apply. It shouldn't >apply to algorithms which are primitive recursive. Elementary >algorithms like multiprecision add, sub, multiply, divide, modmult, >and modexp (the basis of public key encryption) are all provably >correct and all terminate. (the basis is polynomial operators over a >ring) It is possible to verify the implementation (assuming the >correctness of the compiler). Now there could be a "factoring" >trapdoor in RSA, but that's a trapdoor not in the implementation of >PGP, but in the algorithm itself. RSA-in-4-lines-perl is probably ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >provably correct. To guard against trapdoors in PGP, you should ^^^^^^^^^^^^^^^^^ >verify the correctness of the PRNG, Key Generator, and that no private >key bits or session key bits are leaked. I would suspect this could be >difficult, but approximations could be determined to within a high >degree of confidence. This doesn't seem likely. I mean, doesn't "RSA-in-4-lines-of-Perl" *of necessity* make use of external library/utility functions? Such as the "dc" math routines for the PRNG? Part of its compactness is that it makes use of available libraries. Anything that "reaches out" to external libraries or utilities would then have the vulnerabilities of _those_ libraries and utilities, which may or may not be provably correct themselves. (And the issue of any PRNG being probably correct or not is of course an interesting, and deep, question.) I do think the issues of modular design and provable correctness--or approximations to it--are interesting ones. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at sensemedia.net | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From Andrew.Spring at ping.be Tue Aug 1 11:47:15 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Tue, 1 Aug 95 11:47:15 PDT Subject: punk's not dead! Message-ID: >hello? i'am new on this stuff, help me! Sorry, this a mailing list for Country & Western music. -- Thank you VERY much! You'll be getting a Handsome Simulfax Copy of your OWN words in the mail soon (and My Reply). PGP Print: 0529 C9AF 613E 9E49 378E 54CD E232 DF96 Thank you for question, exit left to Funway. From fc at all.net Tue Aug 1 12:19:05 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Tue, 1 Aug 95 12:19:05 PDT Subject: Provably Correct Crypto? In-Reply-To: Message-ID: <9508011911.AA11465@all.net> ... > >PGP, but in the algorithm itself. RSA-in-4-lines-perl is probably > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > >provably correct. To guard against trapdoors in PGP, you should > ^^^^^^^^^^^^^^^^^ > >verify the correctness of the PRNG, Key Generator, and that no private ... > This doesn't seem likely. I mean, doesn't "RSA-in-4-lines-of-Perl" *of > necessity* make use of external library/utility functions? Such as the "dc" > math routines for the PRNG? Part of its compactness is that it makes use of > available libraries. This issue is an interesting one and one worthy of being addressed. There are a couple of concerns here (I approximately quote from a submitted paper on the secure W3 server with quotation marks): Concern 1: "The secure (program) is designed in such a way that we can demonstrate (subject to the propriety of compilers, operating system functions, and other things in the environment) that once the daemon is started, only the desired affects result." Concern 2: The environment has an insecurity specific to the secure program used as a means of subverting the function of the secure program. I pretty much believe that Concern 1 should be addressed by all programs that claim to be secure. That is, subject to the rest of the world woking right, the secure program works right. I believe that concern 2 should be addressed by all programs that claim to be secure in a particular environment. That is, beyond being secure assuming the environment is secure, we might want to eliminate the assumption about the environment by showing it to be justified. In terms of attacking systems, it is necessaary to subvert many different environments for this issue to be important for widespread use of PGP, or at least to subvert several of the more common environments (such as what the Thompson c compiler mentioned in his Turing award talk did). > Anything that "reaches out" to external libraries or utilities would then > have the vulnerabilities of _those_ libraries and utilities, which may or > may not be provably correct themselves. (And the issue of any PRNG being > probably correct or not is of course an interesting, and deep, question.) > > I do think the issues of modular design and provable correctness--or > approximations to it--are interesting ones. I think that this issue can generally be addressed by a divide and conquer strategy. Prove that the called routines are correct and confined under all possible parameters, do the same for the calling routines, do the same for the interaction between them, and I think you have it. This is pretty easy for one or two routines, but when you take the OS into account, the C compiler into account, the program itself into account, and the external environment into account, you run into some serious limitations. For example, you may (in some cases) have to show that under all possible sequences of interrupt timings and stack conditions, the system operates correctly (which almost none currently do). Unless you design with this sort of thing in mind, it's very hard to demonstrate these properties even for limited subproblems. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From marc at cam.ov.com Tue Aug 1 12:22:58 1995 From: marc at cam.ov.com (Marc Horowitz) Date: Tue, 1 Aug 95 12:22:58 PDT Subject: a hole in PGP Message-ID: <199508011923.PAA17989@dun-dun-noodles.cam.ov.com> So Dr. Cohen, what do you use when you want to send a message across the Internet with better security than cleartext? What do your recommend to others? Marc From rjc at clark.net Tue Aug 1 12:25:27 1995 From: rjc at clark.net (Ray Cromwell) Date: Tue, 1 Aug 95 12:25:27 PDT Subject: Provably Correct Crypto? In-Reply-To: Message-ID: <199508011915.PAA02085@clark.net> [Tim responds to my note on "provably correct implementation"} > > Anything that "reaches out" to external libraries or utilities would then > have the vulnerabilities of _those_ libraries and utilities, which may or > may not be provably correct themselves. (And the issue of any PRNG being > probably correct or not is of course an interesting, and deep, question.) > What I meant by my message is in some circumstances, an implementation can be proven correct (i.e. to do what it says it does correctly) What I mean by implementation is the source at the highest level, not the module dependencies which are abstractly disconnected from the application. (e.g. if a multiprecision math library that comes with the operating system is used by PGP, the source to PGP could be said to be "trapdoor free" even if the math library has an NSA monitoring function built into it) Each layer of course relies on the correctness of the layer beneath it, much like a theorem proof relies on the proof of the statements that makes it up. Thus, RSA-in-4-lines can be observed to be a correct implementation of RSA without any trapdoors (like secretly storing or leaking private key bits) at the level of its source code. Of course, the Perl interpreter itself would have to be proven correct, but we assume that no RSA trap doors have been put into perl because perl was available long before PGP and RSA-in-4-lines perl and is widely distributed. The probability of a trapdoor in perl is small. The hierarchy looks like this: RSA-in-4-lines :: DEPENDS_ON_CORRECTNESS_OF { Perl, DC, RSA_Algorithms } Perl :: DEPENDS_ON_CORRECTNESS_OF { C, Unix, Perl_Algorithms } DC :: DEPENDS_ON_CORRECTNESS_OF { C, Unix, DC_Algorithms } C :: DEPENDS_ON_CORRECTNESS_OF { C_compiler } C_compiler :: DEPENDS_ON_CORRECTNESS_OF { Assembler } Assembler :: DEPENDS_ON_CORRECTNESS_OF { instruction_set } instruction_set :: DEPENDS_ON_CORRECTNESS_OF { hardware } Now even if it were possible to prove the correctness of all those layers (which I find doubtful. Some kind of Goedel/Turing limitation is going to turn up somewhere), what if the 'hardware' isn't correct. (e.g. Pentium bug) There could be a one-in-a-zillion bug that randomly leaks keybits. IMHO, there's no sense in worrying about stuff like this. If your data is so valuable that you need absolute theoretical security, use a one-time-pad with a simple redundant provably secure device (also shielded from TEMPEST attacks), and have the thing implanted in your skull. ;-) -Ray From Andrew.Spring at ping.be Tue Aug 1 12:42:01 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Tue, 1 Aug 95 12:42:01 PDT Subject: Australia next to ban PGP Message-ID: <199508011940.VAA05285@ping1.ping.be> > Path: ping.be!Belgium.EU.net!EU.net!howland.reston.ans.net!tank.news.pipex.net!pipex!sunsite.doc.ic.ac.uk!lyra.csx.cam.ac.uk!rja14 > From: rja14 at cl.cam.ac.uk (Ross Anderson) > Newsgroups: alt.security.pgp,alt,politics.datahighway,aus.legal,aus.net.news,sci.crypt > Subject: Australia next to ban PGP > Date: 1 Aug 1995 17:53:50 GMT > Organization: U of Cambridge Computer Lab, UK > Lines: 57 > Message-ID: <3vlpne$cks at lyra.csx.cam.ac.uk> > NNTP-Posting-Host: nene.cl.cam.ac.uk > Xref: ping.be alt.security.pgp:9699 sci.crypt:4852 > > Australia's proposed crypto policy: > > (1) Banks will get key escrow > > (2) Other Australian residents will be forced to use weak crypto > > Source: talk by Steve Orlowski, Assistant Director, Australian attorney > general's department, given at the Cryptography Policy and Algorithms > Conference, Queensland University of Technology, last month. > > p 34: `the needs of the majority of users of the infrastructure for > privacy and smaller financial transactions can be met by lower > level encryption which could withstand a normal but not > sophisticated attack against it. Law enforcement agencies could > develop the capability to mount such sophisticated attacks. > Criminals who purchased the higher level encryption products > would immediately attract attention to themselves.' > > He mentioned that his department considered itself a suitable repository > for the government central decrypting unit, which would decrypt traffic > for local police forces. He also wants to escrowed keys for banks and > other organisations allowed to use strong crypto. > > Centralising the wiretap capability with the AG is represented as a useful > safeguard against abuse of power by local police forces. It would be > presented as a `data recovery' facility in order to reassure the voters. > > Centralisation will enable the AG to acquire the capability to use ``more > sophisticated techniques in circumstances where the key cannot, for > whatever reason, be recovered from escrow''. > > So the technical parameters would appear to be: 40 bit keys for the > masses, 56-bit escrowed keys for the banks, and a Wiener machine sitting > in Orlowski's office. Belt, braces and string. > > Curiously enough, he quotes a `Review of long Term Cost Effectiveness > of Telecommunications Interception' as saying that ``Encryption by > targets of their communications (both voice and data) is not considered > as a problem for TI at present in Australia'' and goes on to say that > ``there has been comparatively little market for voice encryption > products, although they have been readily available''. > > He even produces some good arguments for the EFF, such as that much of > the intelligence comes from the call log data and from calls to third > parties such as airlines and hotels which are not encrypted. > > He also says that the OECD countries will hold a meeting on National > Cryptography Policies later this year. While at the conference, I found > out that a classified meeting took place this March in Germany between > the signals intelligence agencies of the developed countries, plus > Australia and South Africa, at which the assembled spooks agreed to > press their governments to bring in escrow and/or weak crypto. > > Australia seems rather eager to lick Uncle Sam's boots on this issue. > I wonder what the payoff was? > > Ross -- Thank you VERY much! You'll be getting a Handsome Simulfax Copy of your OWN words in the mail soon (and My Reply). PGP Print: 0529 C9AF 613E 9E49 378E 54CD E232 DF96 Thank you for question, exit left to Funway. From sjb at austin.ibm.com Tue Aug 1 12:48:25 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Tue, 1 Aug 95 12:48:25 PDT Subject: U.S. Banks are not all that bad In-Reply-To: Message-ID: <9508011938.AA12258@ozymandias.austin.ibm.com> Douglas Barnes writes: >At First Interstate recently, I had to make a withdrawal from >the teller, as the ATM was broken. Their policy _does_ >reqiure a "counter check", and normally they charge, but when >I explained that the ATM was kaput they did it for free. >It is _much_ cheaper for them if you use the ATM, and this >kind of policy is designed to encourage you to do this. It's >the kind of thing that the market will sort out nicely -- >if it irritates people and loses them money more than it >saves them money, they will stop doing it. Sure they're happier if you use the ATM. It costs them less per transaction, plus they *charge* you to use the damn thing. How many people do you think would put up with $1.00 or $1.25 to do a transaction at a human teller? Most banks charge about that much for "foreign" (other than those they own) ATM use. Some even charge that much for *all* ATM use if you don't get the "premium" accounts. From patl at skyclad.lcs.mit.edu Tue Aug 1 13:00:16 1995 From: patl at skyclad.lcs.mit.edu (Patrick J. LoPresti) Date: Tue, 1 Aug 95 13:00:16 PDT Subject: ANNOUNCEMENT: Mailcrypt 3.3 for GNU Emacs Message-ID: <199508011959.PAA00818@skyclad.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- Mailcrypt version 3.3 is now available. Mailcrypt is an Emacs Lisp package which provides a simple interface to message encryption with PGP. (You do use Emacs to handle your mail and news, right?) Features: Encryption, decryption, signing, adding keys, extracting keys, passphrase caching with timeout, multiple secret key (identity) support, a simple but flexible interface to Cypherpunk remailers (including chaining, response blocks, pseudonyms, and Mixmaster support), and an automatic keyserver interface via HTTP. *We* think it's the best interface to these functions anywhere, but then again, we're biased. The NEWS file is appended to this message. Obtain it through the Mailcrypt home page at http://cag-www.lcs.mit.edu/mailcrypt/ or from the FTP mirror at ftp://cag.lcs.mit.edu/pub/patl/ and enjoy! - Patrick J. LoPresti (patl at lcs.mit.edu) - Jin S. Choi (jin at atype.com) Tue Aug 1 15:00:27 1995 -0500 ====================================================================== Noteworty changes in Mailcrypt version 3.3: Numerous minor bugs have been fixed. Mailcrypt now requires at least FSF Emacs version 19.28 or XEmacs version 19.12. Sorry, but anything else is too annoying. Support has been added for reading mail under (ding) GNUS. Noteworthy changes in Mailcrypt version 3.2: Mailcrypt now uses "start-process" instead of "call-process-region" to run PGP; this uses a pipe instead of a temp file for various inputs, including your passphrase. Ahem. All Mailcrypt commands now start with the prefix `C-c /' to bring Mailcrypt into line with documented GNU standards. `mc-insert-public-key' is now bound to `C-c / x' (an in "extract") instead of `C-c a'. `mc-deactivate-passwd' is bound to `C-c / f' (as in "forget"). `mc-read-mode' and `mc-write-mode' are now full-blown minor modes. So you can do, for example, `M-x mc-install-write-mode' from a Text mode buffer and have the normal encryption and signing commands available. The keymaps for the modes are configurable variables. Interactive commands `mc-encrypt-region', `mc-sign-region', etc. are now defined. If you use RMAIL and you say no to "Replace encrypted message with decrypted?", you will be dropped into RMAIL mode for viewing. RMAIL summary mode is now supported. Documentation in the form of a Texinfo file is now part of the distribution. Mailcrypt can now fetch a needed key from finger, HTTP, or any of a list of locally stored keyrings. `C-c / k' initiates a fetch manually; Mailcrypt will offer to initiate one automatically as appropriate during encryption or signature verification. The remailer functions now support Mixmaster. `C-c / d' can handle conventionally encrypted messages. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMB6GjHr7ES8bepftAQGXLQP/W4sWXEWficWMlQ340StWd+RC5pJmFh4d 9jlAodH/Gmv1slPmJy21WDPqeyp+3z5BJ8BUgz98e7rqooZ3tB7Fy6cT4Q3UJ0Gv +WZQBkNV4tT7bNjCQxjIE3QrowGBeko0CZIMwGlRujioguHMgHcm8XTJO37ZuypB Sn24f/uPkGc= =8f59 -----END PGP SIGNATURE----- From fc at all.net Tue Aug 1 13:19:33 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Tue, 1 Aug 95 13:19:33 PDT Subject: What do I use? In-Reply-To: <199508011923.PAA17989@dun-dun-noodles.cam.ov.com> Message-ID: <9508012013.AA14958@all.net> > So Dr. Cohen, what do you use when you want to send a message across > the Internet with better security than cleartext? What do your > recommend to others? I use different techniques when different levels of protection are required, and I definately don't use the Internet for anything that is really vital because of the ease of gaining intelligence indicators based on traffic analysis. I commonly use FAX machines from non-fixed locations for point-to-point communications where I don't want it to be tapped from my end. I often use telephone lines with modems for other secure communications depending on the requirements. I have used DES for some limited items with the key sent over a separate channel, RSA for short time-limited secure messages, one-time-pads for certain really critical stuf between myself and a single other trusted party, special secure telephones as required by organizations for select communications, various custom ciphers for communication with parties who have special requirements, dictionary and codebook ciphers on rare occasions, wheel ciphers of various sorts, a variety of custom authentication ciphers, and who knows what else. I never recommend a solution without knowing a fair amount about the specific challenge it is supposed to address. I typically start with an understanding of the general environment, the financial and/or human issues, the threat profile, the protection environment, the other dependencies and protection factors, and other factors related to the reasons for protection. Once I have this understanding, I make value judgements about how much I trust things relative to the requirement for trust and other limitations presented by the situation. Sorry I can't give you a pat answer like "I use Joe's Cryptobox", but that's just the way it is. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From marc at cam.ov.com Tue Aug 1 13:36:30 1995 From: marc at cam.ov.com (Marc Horowitz) Date: Tue, 1 Aug 95 13:36:30 PDT Subject: What do I use? In-Reply-To: <9508012013.AA14958@all.net> Message-ID: <199508012037.QAA18078@dun-dun-noodles.cam.ov.com> In message <9508012013.AA14958 at all.net>, fc at all.net (Dr. Frederick B. Cohen) writes: >> I never recommend a solution without knowing a fair amount about the >> specific challenge it is supposed to address. I typically start with >> an understanding of the general environment, the financial and/or >> human issues, the threat profile, the protection environment, the >> other dependencies and protection factors, and other factors related >> to the reasons for protection. Once I have this understanding, I make >> value judgements about how much I trust things relative to the >> requirement for trust and other limitations presented by the >> situation. Ok. IMHO, that's a perfectly valid position. Under what circumstances do you consider pgp to be a suitable tool? Do you think there is a better tool under similar circumstances? Marc From frissell at panix.com Tue Aug 1 13:46:57 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 1 Aug 95 13:46:57 PDT Subject: US vs Overseas Banks Message-ID: <199508012016.QAA15599@panix.com> At 07:05 PM 7/30/95 -0400, Lucky Green wrote: >Six years ago, you could walk into a Bank, show them your driver license, >and open an account. >Today, you need several pieces of ID. >Three years ago, you could withdraw money from your own account without >having your checkbook on you. >Today, they make you pay for a "counter check". >One year ago, you could walk into a bank an cash a check drawn onto an >account at the very same bank. >Today (Coast Federal), they make you pay a $10 check cashing fee. This depends on location. The Feds require that banks use the same ID to open an account that they would require to cash a check. The banks on the Left and Right Coasts are fairly restrictive (more restrictive than they have to be). Banks in the Heartland (particularly the Intermountain West) are much easier. With a little work, it is still possible to open accounts with "soft" ID in the more relaxed regions. Since these banks are accessible by ATM and Fedex and will soon be on the net (in some cases), they can be convenient to use. Likewise Canadian banks (which routinely offer US$ accounts). In the soft ID category, I place Employment ID and Student ID which you are free to make yourselves as well as the new secured credit cards; some of which can be obtained in spite of one's lack of existence. The latter make very good ID. >The US banking industry has gone to the dogs. The day a non-US bank offers >an account that can be accessed over the net will be the day I close my US >accounts. This will be the most interesting story of the next few years. I will be anxious to see if the new ease of "switching" money reverses the trend toward decreased financial privacy caused by the war on money laundering. DCF "If Work, Jobs, Income, and the Middle Class Dream are all over, how come more Americans and a higher proportion of Americans are now in paid employment than ever before in our history." From fc at all.net Tue Aug 1 14:03:18 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Tue, 1 Aug 95 14:03:18 PDT Subject: What do I use? In-Reply-To: <199508012037.QAA18078@dun-dun-noodles.cam.ov.com> Message-ID: <9508012054.AA17294@all.net> > >> I never recommend a solution without knowing a fair amount about the > >> specific challenge it is supposed to address. I typically start with > >> an understanding of the general environment, the financial and/or > >> human issues, the threat profile, the protection environment, the > >> other dependencies and protection factors, and other factors related > >> to the reasons for protection. Once I have this understanding, I make > >> value judgements about how much I trust things relative to the > >> requirement for trust and other limitations presented by the > >> situation. > > Ok. IMHO, that's a perfectly valid position. Under what > circumstances do you consider pgp to be a suitable tool? Do you think > there is a better tool under similar circumstances? That's a tough one. I generally follow the supreme court's view of not handling hypotheticals, but I will give you some ideas about my view. I think that PGP is almost always suitable for casual conversation that is to be kept from casual snooping. Without specifically recommending its use in any particular situation, I generally think that it is suitable for select applications where: - The threat profile does not include well-funded professional cryptanalysts, police agencies, governments, serious financial rivals, criminals, or other high-grade threats. - The implications of corruption, non-delivery, repudiation, or traffic analysis are not extremely important. - The implications of leakage isn't financially or otherwise catastrophic. - No lives are at stake. - My reputation doesn't depend on it. I think that PGP is an excellent tool in many ways, however, I have numerous difficulties with the lack of adequate interface to it in other packages. I am not really keen on its keyring concepts and other similar things, but that's not a real issue in this frame of reference. I have serious concerns about the fact that use of this system does not prohibit people who are not knowledgeable about the limitations of public key cryptography from using it in ways that may result in the revelation or weakening of private keys or other similar potential problems. For that reason, I would not advise the use of PGP for any non-casual application outside of the context of a comprehensive information protection program designed to provide assurance of its proper generation, configuration, installation, application, and use. There are almost certainly other concerns that I would express in an evaluation for any particular purpose. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From perry at panix.com Tue Aug 1 14:20:33 1995 From: perry at panix.com (Perry E. Metzger) Date: Tue, 1 Aug 95 14:20:33 PDT Subject: Attacks on PGP In-Reply-To: Message-ID: <199508012119.RAA23424@panix4.panix.com> Timothy C. May writes: > Things are heating up between Fred Cohen and some of the rest of the list. Were it not for the fact that others are doing the job better than I, I'd be compelled to enter into the fray myself... > I've long appreciated Fred Cohen's work on viruses, And frankly, I've long been forced to install filtering on virtually every list "Dr." Cohen shows up on. He rarely has much of value to say -- he also frequently gets kicked off of mailing lists for being a wee bit to explicit in the advertising hype for his services he puts up on virtually every mailing list he enters -- be it firewalls, bugtraq, or whatever. I considered, as I said, entering this fray early. Fortunately, "Dr." Cohen has managed to demonstrate his capacity to alienate without my having to warn anyone about it in advance. This is not to say that I think PGP couldn't use enhances scrutiny, or that all of "Dr." Cohen's comments are always completely meritless. However, "Dr." Cohen rarely enhances the conversations he's a part of. Perry PS I'm sure he has a real PhD. Its just that the other couple dozen PhDs on this mailing list don't seem to insist on rubbing it in people's noses constantly -- ditto for all other mailing lists I've seen him on. From stewarts at ix.netcom.com Tue Aug 1 14:49:14 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 1 Aug 95 14:49:14 PDT Subject: OS noise [Was: a hole in PGP] Message-ID: <199508012146.OAA05789@ix6.ix.netcom.com> >On Mon, 31 Jul 1995, Phil Fraering wrote: > >> For better or for worse, we all must use programs (or collections >> of programs) that large or larger: even if PGP could be implemented >> in 1 % of the current source code, it would still be running in an >> operating system that's cramped in 4 megabytes of ram, because that's >> a characteristic of the common modern operating systems. > >Ahem! Commiedore APOLOGIED when it released its 512K OS a couple of >years ago. These things _don't_ have to be this large. Foo. Unix used to work just fine in 64K+64K split I&D space on a PDP-11 :-) It got bigger when lots of stuff was added, especially networking and X windows, and I wouldn't want to go back to small machines. However, during one such discussion on comp.unix.wizards or wherever, Dennis Ritchie posted a nice article about "Mine is smaller than yours", saying "here's how big my OS is" (I think ~250K, and the OS was 8th or 9th Edition), "telnet over to foovax, it's this big", "datakit over to barmips, it's that big", "some other networking method over to some other machine, it's that big", "yet another protocol over to yet another bigger machine", "display size of the operating systems on my 256K Blit and Gnot terminal, etc. And QNX's kernel fits just fine inside the cache on a 486, though it wouldn't actually stay there much. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- # Crypto in 3-4 lines of perl --> http://dcs.ex.ac.uk/~aba/ From stewarts at ix.netcom.com Tue Aug 1 14:50:03 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 1 Aug 95 14:50:03 PDT Subject: a hole in PGP Message-ID: <199508012145.OAA05756@ix6.ix.netcom.com> >It is definitely much more difficult to implant a backdoor into a program >which is available as source code than into a black box. > >BTW: Has anyone ever found a modified and weakened version of pgp ? Not that I know of, but there were some versions with a bug in the random-input generation - I forget if that was with ~2.2 or ~2.6.0; Colin Plumb had something to do with it. I've recently acquired ViaCrypt 2.7.1 for WinDows, and one nice feature is that in addition to typing in random keystrokes, you can click your mouse in a box and wave it around to input randomness. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- # Crypto in 3-4 lines of perl --> http://dcs.ex.ac.uk/~aba/ From stewarts at ix.netcom.com Tue Aug 1 14:50:17 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 1 Aug 95 14:50:17 PDT Subject: a hole in PGP Message-ID: <199508012146.OAA05807@ix6.ix.netcom.com> > Now, my knowledge, time and resources are limited. I see that MIT >or whomever has made a program that, under test, is more secure than my >XOR 00000000 implementation. I may not fully trust them but it is better >than anything I could come out with. Foo. Clipper is better than anything I could come up with from scratch, and it's provably untrustable. (I could easily build better stuff out of existing pieces like DES and IDEA, but that's a separate issue.) Even Enigma's pretty strong, and look what it got its users... Some of Dr. Fred's distrust is well-founded. DES is also pretty good, and it's looking less and less likely that there's a secret NSA backdoor in it (other than differential cryptanalysis and maybe linear cryptanalysis), but it and IDEA and MD5 fundamentally depend on messiness and obscurity for their security (plus elimination of obvious holes.) Maybe the authors of IDEA are paid by the same space aliens who really run NSA? RSA has some provable strength to it, though it's not totally risk-free. (One Time Pads do too, and yet people manage to misunderstand and misimplement them almost as much as they mishandle keys.) If you want a provably strong cryptosystem, you could build one out of pure RSA, which would merely be painfully slow, but could be usable. Or you could build a Blum-Blum-Shub Random Number generator, and use it to generate one-time-pads (putting BBS into PGP version N+1 would be interesting...) However, the real weak point of PGP doesn't appear to be the algorithms, or the implementation (except ease-of-use issues); it's attacks on the computers themselves. TEMPEST is fun, if difficult and expensive, black-bag-jobs on keyboards are easy and effective if you're a good housebreaker, and you can always try viruses and trojan horses to distribute keystroke-stealers. I seem to remember that Dr. Fred was once a proponent of using viruses for good purposes for propagation of information or whatever? Anathema! #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- # Crypto in 3-4 lines of perl --> http://dcs.ex.ac.uk/~aba/ From pgf at tyrell.net Tue Aug 1 14:53:28 1995 From: pgf at tyrell.net (Phil Fraering) Date: Tue, 1 Aug 95 14:53:28 PDT Subject: Provably Correct Crypto? In-Reply-To: <9508011911.AA11465@all.net> Message-ID: <199508012149.AA26006@tyrell.net> Hmm. Instead of "vetting" the PGP PRNG code, as Dr. Cohen has been trying to tell me in private email is several programmer- years worth of work perhaps I should just write my own version of the PRNG using the algorithm as defined in whitepapernumberwhatever. If there are artificial "bugs" to throw off the PRNG currently in the PGP MIT code, they ought to simply not work right with the code I write independently and therefore cause a crash or something. Or perhaps just rewrite the program to use plain arrays instead of pointers. ;-) Phil From pgf at tyrell.net Tue Aug 1 14:58:06 1995 From: pgf at tyrell.net (Phil Fraering) Date: Tue, 1 Aug 95 14:58:06 PDT Subject: What do I use? In-Reply-To: <9508012013.AA14958@all.net> Message-ID: <199508012153.AA26490@tyrell.net> From: fc at all.net (Dr. Frederick B. Cohen) Date: Tue, 1 Aug 1995 16:13:09 -0400 (EDT) X-Mailer: ELM [version 2.4 PL22] Content-Type: text Content-Length: 1941 Sender: owner-cypherpunks at toad.com Precedence: bulk > So Dr. Cohen, what do you use when you want to send a message across > the Internet with better security than cleartext? What do your > recommend to others? I use different techniques when different levels of protection are required, and I definately don't use the Internet for anything that is really vital because of the ease of gaining intelligence indicators based on traffic analysis. So you don't trust the remailers? Is this because you don't trust the remailer implementations or because you don't trust digital mixes in the first place? I never recommend a solution without knowing a fair amount about the specific challenge it is supposed to address. I typically start with an understanding of the general environment, the financial and/or human issues, the threat profile, the protection environment, the other dependencies and protection factors, and other factors related to the reasons for protection. Once I have this understanding, I make value judgements about how much I trust things relative to the requirement for trust and other limitations presented by the situation. Actually, it sounds like you don't use anything that can be used by someone not a professional old-time cryptographer. Phil From Matthew.Sheppard at Comp.VUW.AC.NZ Tue Aug 1 15:59:57 1995 From: Matthew.Sheppard at Comp.VUW.AC.NZ (Matthew James Sheppard) Date: Tue, 1 Aug 95 15:59:57 PDT Subject: Provably Correct Crypto? In-Reply-To: <9508011911.AA11465@all.net> Message-ID: <199508012259.KAA16027@bats.comp.vuw.ac.nz> The shadowy figure took form and announced "I am Dr. Frederick B. Cohen and I s ay ... [ lots of purely subjective arguments that frequent alt.security.pgp ] Frederick can you please tell me why I should belive thttpd is secure. I don't accept the ability to compile it myself as evidence and I don't accept a summary of that source written in english prose on the basis that it has no hard link what so ever to the source. It was also written by the authors of thttpd. You should find this argument hauntingly familiar. You state that crypto should be poved correct and suggest a technique otherwise known as formal specification. I agree, pgp should have been written in Z-specs. If you take a course in formal specification you will soon see the intractability of the technique wrt large systems. I'm sorry, the english prose your team writes holds no extra formal credibility over trust. It demonstrates more study - but has not proven security. If you want prople on this list to repeat after you "I cannot be certain there is no compromising bugs or backdoors in X" Then I will go out on a limb and say everyone here will agree if system X is sufficiently large. p.s X = thttpd -- |~ |~ |~ o| o| ('< o| ,',) ''<< ---""--- From fc at all.net Tue Aug 1 16:24:08 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Tue, 1 Aug 95 16:24:08 PDT Subject: Provably Correct Crypto? In-Reply-To: <199508012259.KAA16027@bats.comp.vuw.ac.nz> Message-ID: <9508012317.AA25184@all.net> ... > Frederick can you please tell me why I should belive thttpd is secure. > I don't accept the ability to compile it myself as evidence and I > don't accept a summary of that source written in english prose on the > basis that it has no hard link what so ever to the source. It was > also written by the authors of thttpd. The reason to believe that thttpd fulfills the claims it makes is provided in some detail in the white paper on our server (see what's new under http://all.net). A slightly more detailed version has been submitted for a journal article, and hopefully will appear in a year or two. Certainly compiling it yourself would not in any way help you assert its security, however it would help you assure that the compiled version (which we don't provide on-line) is not an altered executable. I would detail the full set of claims here, but this is not the proper forum for general security issues. Of course if there is popular support, I would be glad to... Instead, I will briefly outline it here: The basic reason that thttpd can be verified to fulfill the claimed security properties relate to some well thought-of and mathemtically proven theories about information flow. Specifically: we have shown that information coming from the client cannot flow to the server except in its effects of sending the requested file (if it exists, is properly owned, and is properly protected for access by remote users) and logging the request in the log file generated by the program. If no information can flow from the client to the server data, the client cannot cause corruption of the server (subject to various details not included here). we have shown that the server is a limited function program (i.e., does not have Turing capability), and that therefore no general purpose operations can be performed as a result of any external input. we have shown that the variables and structures are confined so as to have no unspecified side effects, and that therefore there are no effects other than those stated in the description of the program. we have also shown some other stuf you might be interested in. The next logical question is why those are worthwhile things to show, and I won't get into these details here without further prompting. > You should find this argument hauntingly familiar. I welcome your questions about "why" as I always do. I think that this is a very important question and one worth following up. > You state that crypto should be poved correct and suggest a technique > otherwise known as formal specification. I agree, pgp should have > been written in Z-specs. If you take a course in formal specification > you will soon see the intractability of the technique wrt large > systems. I didn't say that. Perhaps you should review what I said before characterizing it. > I'm sorry, the english prose your team writes holds no extra formal > credibility over trust. It demonstrates more study - but has not > proven security. I have shown (not yet proven) certain things. A graduate student is now working on trying to prove the various properties I believe to be of interest in an automatic theorum prover he is working on. I believe that these things are worth showing (and proving), but you may certainly feel free to disagree with these contentions. > If you want prople on this list to repeat after you "I cannot be > certain there is no compromising bugs or backdoors in X" Then I will > go out on a limb and say everyone here will agree if system X is > sufficiently large. I don't believe I ever asked anyone on this list to repeat anything. All I did was ask questions and respond to responses to my questions. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From ethridge at Onramp.NET Tue Aug 1 16:50:29 1995 From: ethridge at Onramp.NET (Allen B. Ethridge) Date: Tue, 1 Aug 95 16:50:29 PDT Subject: [NOISE] was Re: a hole in PGP Message-ID: >... >> Anyway, after reading the crap below I have been forced to comment. >> For an individual that parades the title of Doctor (and the indication >> of intelligence that title should imply) you seem to lack the grasp of what >> has been stated over and over again. If you can't study the source code, >> find somone that you trust that can! Prove it *doesn't* work before you >> knock it. > >So you claim that software is secure unless it has been shown to be >insecure, while I claim it is insecure unless it has been shown to be >secure. Which position do you think more sensible? (rhetorical >question, does not require any responses). I suspect the practical point of view is more sensible, but if that's what you meant i doubt that you would have called your question rhetorical. allen From hayden at krypton.mankato.msus.edu Tue Aug 1 16:55:17 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Tue, 1 Aug 95 16:55:17 PDT Subject: US vs Overseas Banks In-Reply-To: <199508012016.QAA15599@panix.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- It's interesting to note that where I am (Mankato, Minnesota) I was able to open a checking account with NO ID what so ever. I just wrote down a name and address (which is a P.O. box, BTW) and the next wee I had a box of checks (free) and a ATM card (also free). Of course, this bank has been criticized for being somewhat lax on who they give accounts to, but the point still stands. I could have been anybody, and give any false address. *shrug* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMB6iqTokqlyVGmCFAQES5QP+JWvxHeerHVH7SDoLjJ7bvl3cj4bjXfx9 jMvmb9njXiWT3OAUtrpO/IrqxoZEL2yCf3KsOInHavMsuZbbayBRePMHG32KFPe9 r5kvpUAI+tOegRQ7grUZwBBxqpGVwsINSb1qhM7/Kla5Z2QQHzUQDTvQ1Q0orbZi /JHMJ2aBFUg= =fnb6 -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.0 GED/J d-- s:++>: a-- C++(++++) ULU++ P+! L++ E---- W+(-) N++++ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G++++>$ e++ h r-- y++** ------END GEEK CODE BLOCK------ From jya at pipeline.com Tue Aug 1 17:02:54 1995 From: jya at pipeline.com (John Young) Date: Tue, 1 Aug 95 17:02:54 PDT Subject: QIK_san Message-ID: <199508020002.UAA16604@pipe2.nyc.pipeline.com> 8-1-95. W$Japer: "Your Home Computer Will Soon Be Your Banker and Broker." The first on-line banking transaction will be a historic moment not unlike the first automobile sale or the first commercial airline flight. It will signal a commercially viable use of a new technology that may ultimately eliminate what until now we have considered the retail aspects of banking, stock brokerage and more. The implications are profound. The promise is electronic access to all financial transactions at substantially lower cost. One's personal computer can, in essence, become an in-home bank branch, brokerage outlet and financial planner. For example, with Intuit's software and with its union with American Express, Smith Barney and 17 large banks, consumers will be able use one link for the first time to access traditional banking, credit- and charge-card services, brokerage services, financial planning and more. The effect on the banking and brokerage business and their employees is going to be profound. The retail sales forces of banks and brokerage houses may shrink substantially, as may the ranks of financial planners. The number of bank and brokerage buildings may also shrink. QIK_san From jya at pipeline.com Tue Aug 1 17:31:39 1995 From: jya at pipeline.com (John Young) Date: Tue, 1 Aug 95 17:31:39 PDT Subject: Pat Robertson Fears E-cash? Message-ID: <199508020031.UAA21712@pipe2.nyc.pipeline.com> A Foxhole-atheist swears Pat Robertson said last night that his new book warns of a "digital cash society" and massive theft by cyber-criminals. Did any believer hear this, or know if this is what he prognosticates for e-cash bedevilment? From jonathon at izanami.sbi.com Tue Aug 1 17:38:03 1995 From: jonathon at izanami.sbi.com (Jonathon Fletcher) Date: Tue, 1 Aug 95 17:38:03 PDT Subject: who cypherpunks Message-ID: ... oops. sorry folks From koontz at MasPar.COM Tue Aug 1 18:03:33 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Tue, 1 Aug 95 18:03:33 PDT Subject: Billing for internet usage Message-ID: <9508020106.AA16898@argosy.MasPar.COM> >From time to time there is noise about billing for information transfer on the internet. Historically, it cost more to do the billing calculations then it was worth, yet you still hear about people wanting to figure out how. One way would be to perform cooperative billing balances between nodes, and allow each node to 'bill upward'. This means that any two machines are more interested in their relative balance than how much money they are really spending. There are some interesting problems of trust and reliability, that might be solved through the use of digital money. Then there is the wiley programmer (or machine) that applies expert solutions to the problem trying to 'route' around billing imbalances. With sophisticated enough algorithms such machines would be basically trading on billing futures, perhaps demonstrating that computers could be better capitalists than people. Imagine a communications network that collapses because of an economic crash. Would the internet require the equivalent of suspension of programmed trading (routing) and a FTC? From ericande at linknet.kitsap.lib.wa.us Tue Aug 1 18:08:28 1995 From: ericande at linknet.kitsap.lib.wa.us (Eric Anderson) Date: Tue, 1 Aug 95 18:08:28 PDT Subject: There's a hole in your crypto, dear Eliza dear Eliza... In-Reply-To: <199508010354.AA20144@tyrell.net> Message-ID: How do I know PGP IS secure? I don't. That doesn't mean I don't use it or don't trust it. PGP was designed and written by a human, who by it's nature is NOT infallable. The name says it all.... PRETTY GOOD; not REALLY GREAT or UNCRACKABLE, just pretty good. I think the simple fact that I am not in jail (Knock on wood....) attests to the fact that the algorythm, RNG, works Pretty Good. (There's them there words again) ----------------------------------------------------------------------------- JUSTICE: The outcome of NOT protecting people from the results of their own folly. ----------------------------------------------------------------------------- From gnu at toad.com Tue Aug 1 18:34:35 1995 From: gnu at toad.com (John Gilmore) Date: Tue, 1 Aug 95 18:34:35 PDT Subject: NRC Panel, Law Enforcement questions Message-ID: <9508020134.AA07797@toad.com> To: gnu, crypto at nas.edu (Herb Lin) Date: Tue, 01 Aug 1995 18:07:59 -0700 From: John Gilmore This is more organized. Let me know if you want any more work done on it. John Gilmore for the Cypherpunks POLITICAL PROCESS It appears that law enforcement bureaucrats (such as Mr. Freeh) are seizing on irrelevant publicity in order to push their agendas. An example is in using the Oklahoma bombing to lobby Congress for the authority to limit the use of encryption (encryption played no part in the Oklahoma bombing). This makes the FBI/DoJ position look like it can't actually support itself on the facts. If the facts would support you, why use irrelevant publicity INSTEAD of real facts? Why does the FBI refuse to reveal its political manipulations on this issue to the public? Agent Kallstrom asked rhetorically at the Clipper debate held at the New York City Bar Association if the audiance would want key escrow if a daughter of theirs had been kidnapped to make a snuff pornographic film. Official Bureau records indicate that such films are at the very least extremely rare and probably nonexistant. Why do Bureau spokesmen use graphic description of non-existant crimes as a way of whipping up public sentiment for key escrow? Is it the opinion of the bureau that Clipper would be of use in most kidnapping cases, given that probable cause to issue a wiretap warrant would probably also be sufficient to get a warrant to search the premises of the perpetrators for the victim? Does the Bureau feel that Agent Kallstrom's comment was an appropriate way to conduct a reasoned discussion? Give a precis of the top fifty violations of civil rights or the political process by the FBI since 1950. Rank them by magnitude of the intrusion and by the number of people directly affected. For example, the FBI campaign against the Free Speech Movement's right to speak and petition the government; the McCarthy era; the campaign against CISPES; COINTELPRO; against civil rights organizations; political assassination (e.g., Fred Hampton). How did Mr. Hoover stay in power for his 40-year reign? Be specific about the threats that might have removed him from absolute leadership of the FBI, and what steps he took to counteract these threats. Detail all political figures, including everyone ever elected to Congress, every President, every Cabinet-level officer, and every judge at all levels, who have been subjected to wiretaps or any other kind of covert surveillance by the FBI or any other agency in the Executive Branch. Estimate how many records of such surveillance have been destroyed. Detail all cases in which political figures were pressured, threatened, blackmailed, or simply "informed" or "implied to" about their covert surveillance. What prompted these actions against political figures, and what results did they have? Why should we trust the FBI to "not listen in" when it has the technical capability to do so, a history of having done so for reasons inimical to democratic governance, and a bureacratic appetite for power, money, and control? What five things about your agency would the American public be most surprised to learn? Most pleased? Most displeased? What five things about your agency would Congress be most surprised to learn? The President? Do the domestic LEAs (law enforcement agencies), or their agents, monitor the various crypto/net security and TLA forums on the Net? If so, which and by what legal authority? Do LEAs, or their agents, log the names of posters to the crypto/net security and TLA forums? If so, by what legal authority? Do LEAs, or their agents, monitor non-governmental crypto/net security wizards? If so, who and by what legal authority? Do LEAs use crypto/net security industry informers? Names? Do LEAs run stings in crypto/net security, among crypto/net security zines, orgs, corps, manufacturers? Targets, names, dates, locations? Do LEAs have confidential crypto/net security-access agreements with software and hardware corps. Names? Do LEAs run agents-provocateurs in crypto/net security? Names, locations? Do LEAs, or their agents, sniff the Net for crypto -- periodically, continually? How, where, who? Do LEAs, or their agents, sniff remailers? Which? Do LEAs, or their agents, run remailers? Which? Does Federal policy allow law enforcement agents to purport to run an anonymous remailer, e.g. as part of a sting operation? LAW ENFORCEMENT POLICY As the FBI sees it, describe the proper place and powers of a national law enforcement organization in an open society, without regard to today's laws, court decisions, or the Constitution. If we were forming a new country, and could make it up as we went along, what national law enforcment structure and powers would contribute the most to our society? Rank in order of priority, according to agency policy: -- National security -- Threats to a specific group or individual -- Constitutional rights of citizens -- Statutory rights of citizens -- Statutory limits on the activities of agencies -- Constitutional limits on the powers of government -- Democratic oversight and accountability -- Budgetary considerations -- Maintaining secrecy -- Prosecution of a criminal -- Preventing a crime -- Prosecuting or impeding a criminal organization -- Exposure of corruption within government -- Exposure of corruption within private industry -- ... ? In what order would your agency sacrifice each of these to pursue or preserve another? Give examples from actual cases wherever possible. Does the FBI five-year FOIA backlog render it a secret national police organization? How can a law enforcement organization be answerable to its citizens if they cannot determine what it is doing until five years later? How does a law enforcement organization such as the FBI justify breaking the law itself, by systematically withholding non-exempt documents requested by citizens under the FOIA? What effect have anti-drug efforts over the last 30 years had upon the traditional roles of intelligence and law enforcement? To what extent is drug trafficking considered of interest to intelligence organizations? Why? Be specific. Wiretaps can be used by the police to obtain both evidence and intelligence. By "evidence" I'm referring to information which can be presented in a courtroom. By "intelligence" I mean information which is not presented in the courtroom, but which might be helpful to law enforcement in other ways. As citizens, our main protection against illegal wiretaps is our ability to have improperly acquired evidence thrown out of court. What protection do we have from other illegal wiretaps -- surveillance designed to gather intelligence, not evidence? Who oversees the police and the FBI to make sure that they follow the rules? How do we know that law enforcement people don't use illegal wiretaps to go "fishing"? What is the relationship between the FBI's campaign to limit or eliminate the exclusionary rule and its campaign to increase its technical capabilities for wiretapping? It seems that the combination of these initiatives would result in the FBI being able to perform and `get away with' massive intrusions into personal privacy, for illegitimate reasons, even if they were later judged to be in violation of law or the constitution. What is the FBI's opinion on the optimal level (from their point of view) of wiretapping/surveilance if money were no object? How many wiretaps would the Bureau execute per year if it could do exactly as it desired, without budgetary or court-imposed restraints? What trends does the government foresee in the expected cost of wiretaps in the future? Does the DoJ expect that the number of wiretaps and electronic surveillances will go up if the cost (currently high) goes down? What do the FBI and its ilk know about using tracking technologies such as video cameras, road pricing sensors, and other alternatives to conventional electronic surveillance? What do the FBI and its ilk know about the use of mechanical aids to wiretaps (such as voice recognition technology for keywords; voiceprint recoginition to ID wanted suspects)? Has your agency ever exchanged intelligence with governments of other countries? Specify. Has your agency ever exchanged technology with governments of other countries? Specify. Has your agency ever given non-public technology to a private corporation? Specify. How are the beneficiaries of such gifts selected? How frequently has your agency provided non-public information to private organizations (such as corporations)? How frequently have you refused to do so? Who, when, where and why? Does your agency expect to serve private clients in the foreseeable future, either directly or indirectly? How is policy formed on this issue? How are beneficiaries selected? The burgeoning of privatization of domestic "intelligence"-gathering has blossomed as LEAs activities have been diminished and as foreign targets for TLAs have been reduced. As the need for their services have dropped, ex-TLA-employees have moved to security, investigative and "anti-terrorist" firms and public service organizations. Knoll Associates, Wackenhut, Kissinger Associates, say, or the welter of organizations and firms in the tri-coastal, Great Lakes and DC-beltway regions, often benefit from continuing close contact with former colleagues who remain active in TLAs. TLAs could easily pass prohibited current intelligence to the domestic private market, paralleling their use of front organizations internationally. Today, information on militia groups is being provided by private organizations, sometimes in the same forum as the officials who cannot admit to surveilling those targeted groups. E.g. the Charlie Rose Show from April, 1995, featuring James Fox (former NYC FBI SAIC). Also, a NY Times piece on April 24, 1995 gives capsule descriptions of several "right wing movement" sites and groups, and credits the material to a mix of private and public organizations. The intelligence-gathering, tracking and surveilling of dissident groups, of all persuasions, by private means -- for profit, for ideological or for humanitarian reasons -- is a provocative, perhaps civil liberties-threatening, development, a heritage of the national security culture, wherein a large number of very able people and techniques and knowledge and equipment and organization, seem to be shifting inexorably to new markets of ready, frightened consumers. As your agency campaigns for more intrusive surveillance technology and methods, what impact on society do you foresee as the people who know these technologies and methods move into the private sector, where there are fewer rules and easier ways to avoid being caught? CIVIL RIGHTS Does the FBI believe that citizens have the right to use whatever encryption system(s) they desire to use? Does the FBI believe that the FBI has the right to use whatever encryption system(s) it desires to use? Does the FBI believe that private citizens who have special needs or duties to protect confidential or privileged information -- e.g., lawyers, doctors, psychologists, accountants, financial advisors, bankers, security advisors -- have the right to use whatever encryption system(s) they desire to use for their own legal, ethical, or business reasons? Does the FBI believe that ordinary private citizens who do not belong to a privileged class have less of a right to use whatever encryption system(s) they desire to use than do lawyers, doctors, accountants, financial advisors, bankers, or security advisors? Does the FBI believe that members of non-mainstream religious groups or "cults" have the right to use whatever encryption system(s) they desire to use in transmitting their religious or political beliefs? Does the FBI believe that individuals who believe strongly in their rights under the First and Second Amendments to the Constitution have the right to use whatever encryption system(s) they desire to use? If wiretap or surveillance is really illegal, then the info gleaned is likely tainted. The problem isn't that the rules don't prohibit agencies from doing it. The problem is that there isn't an effective mechanism to detect cheating. Suppose the FBI puts an illegal wiretap on someone, and finds out that they're going to commit a crime. When the crime takes place, they're on the scene. How did they know? "An anonymous tip", or simply that the officer happened to be there. How can you prove it was something different? An illegal wiretap could be used to get hints on where admissible evidence can be `independently' gathered. Or what if they don't find evidence of a crime, and they leave the guy alone? His privacy's been violated illegally. I once spoke with someone from INS who told me that random surveillance on certain people is done. He told me that there are lists of people who get "dropped in on" from time to time, mostly people have had some sort of drug problems with the police. Other people might get on the list by being friends with someone already on the list, with "friendship" being determined by telco records. So if you call someone on the list often, you might end up there yourself. How should we protect society against LEA `cheating' in a clipper/digital-telephony world? I worked for several years lobbying at INS and DOJ on business immigration issues, and INS is hardly the bastion of proper police procedures... Not to mention the fact that aliens have fewer rights than citizens of the US. INS gets away with a lot of illegal stuff because on the whole the alien won't litigate the circumstances of their being caught, because they're too busy fighting the deportation itself... that is if they even bother to hire an atty. Aliens in exclusion proceedings don't even have the right to counsel and in both exclusion and deportation the burden of proof lies not with the prosecution, but the defense (guilty until proven innocent). For example, the first thing an alien gets in the deportation process is the OSC, the Order to Show Cause why they shouldn't be deported...which presumes that they're deportable. INS gets away with a lot of crap because there are several legal limbo zones at play. How can we protect aliens and suspected aliens' civil rights if law enforcement agencies are given broader powers to make illegal searches? In drug cases there is massive and flagrant fabrication of informants. Judges have been winking at this for some time. If they need an "informant" they will pull some petty crook out of stir, and tell him if he reads his lines right, they will let him go. Sometimes the same "informant" turns up in case after case, even though the cases have no connection with each other. Are these fabricated informants to cover up illegal wiretaps? Or is it 100% fabrication, such as cases where someone is merely suspected rather than known (on the basis of illegally obtained evidence) to have committed a crime? How can this be avoided if we give increased wiretapping powers? The ACLU won a court case which forced the LAPD to stop political surveillance of civilians. This surveillance had been going on for decades, it simply came out in the 80s. The book "The Squad," by Michael Milan, 1989 covers it. Much of the material has also been covered by Dave Emory in his radio broadcasts. There's also a book called something like "LA Secret Police" or "Los Angeles Secret Police". A newspaper article stated that, just before they were required to destroy the files, the LAPD intelligence unit had given copies of all the files to an ex-cop who now ran a private right wing intelligence clearing house. He put them all in a database and made them available to other groups like the B'nai Brith. That cop was hunted down, and either was extradited or self-surrendered for trial. The San Francisco Chronicle covered it pretty well. This was "Western Goals." The Association of Chiefs of Police moved *its* files offshore a few years back to avoid U.S. laws about such police data bases. If LEAs are given more power to invisibly search citizens, legally or illegally, how would you prevent the information obtained by ILLEGAL searches from being retained or passed into private hands? Is caller ID blocking (*67) effective when calling the police? Or can the police determine the calling phone, location, or identity anyway? On the other hand, in some states police have lobbied for the power to provide fake Caller-ID on calls _from_ the PD. They claimed it was necessary to handle undercover investigations. Why should police agencies be given the power of anonymity when ordinary citizens cannot be trusted with it? MOTIVATION FOR ENCRYPTION CONTROL Why does the FBI *really* want to control encryption? It clearly has nothing to do with terrorism. The palpable fear among the citizens is that it has a lot to do with social control, enforcement of narrow morality, decreased civil rights, increased federal agency authority and budget, and authoritarianism. Why is the FBI so upset about encryption? What real-world events have caused this upset? Or is it a case of "we think it's coming so we are starting the political machinations now"? HISTORY - WIRETAPS AND ENCRYPTION If a legal wiretap encounters encrypted communications, detail what steps are taken to try to decrypt the communications. Provide the details of all wiretap orders in which encryption was encountered. In which of them was encryption a problem for law enforcement? In what percentage of wiretap orders is encryption encountered at all? Detail all court cases in which encryption has made it harder to get a conviction (or in which the accused was not convicted). What percentage of total court cases do these represent? Detail all investigations in which encryption has made it harder to file charges (or in which charges were never filed). What percentage of total investigations do these represent? Detail all illegal wiretaps known to your agency. [This question should be asked of the telephone companies, too -- right at the company-president level. Recall the way in which telegrams were handed over to the NSA for *years* on the orders of the heads of the telegraph companies...] Summarize all wiretaps under the Foreign Intelligence Surveillance Act. How many, in what years, against what targets? How many are fixed permanent wiretaps (e.g. on the lines into an embassy), and how many are temporary (e.g. against a suspected undercover foreign agent's residence or office)? How many US citizens have been wiretapped under FISA, for what length of time, and for what reasons? I heard a rumor that the FISA court actually turned down a wiretap request. Provide full details. Detail all wiretaps known to your agency which were authorized by means OTHER THAN the FISA and which do not appear in the annually reported wiretap statistics. I.e. who else has authorized the placement of wiretaps, and for what purpose? Are the alleged crimes for which encryption poses a law-enforcement challenge victimless crimes, in which all parties to the alleged crime were happy with the situation before the Law stepped in? To what extent does encryption pose a problem in settling real controversies as opposed to government-mandated moral codes? Has the FBI ever done a wiretap that encountered a Clipper chip? Give details of what happened, if so. Provide the details of all wiretap orders in which encryption was used but law enforcement was able to do its work anyway. Detail all investigations in which encryption was used but charges were filed anyway. Detail all court cases in which encryption was used but the accused _was_ convicted, or in which conviction failed for reasons other than encryption. During the Digital Telephony bill debate, the Administration stated or alluded that one reason the FBI needs total control of wiretapping is the unreliability of telephone company personnel. (I.e. -- "if we tap Jimmy Big-Tuna Vinchenzo at the CO, his spies will tip him off.."). Provide specifics on exactly how many legal taps have been "blown" by actions of telephone company employees. Cite specifics on these cases. Name telephone company folks charged with obstruction of justice in these cases. {Talk is cheap; but to charge someone, they need SOME hard facts...} How many subpoenas for telephone billing records are made by Federal law enforcement agencies each month? Under what circumstances do LEAs order the production of this information? Give statistics on the motivations for why these private records are being produced, e.g. "50% fishing expedition, 22% the subject is in custody for a crime (break down by which crimes), 5% the subject is suspected of a crime (break down), 10% the subject is not suspected of a crime but there may be evidence of someone else's crime in their phone records". Describe other tools & technologies available to criminal organizations that pose LE problems of similar magnitude to the perceived problems with cryptography. Describe how the FBI plans to control & restrict those tools & technologies. Describe tools & technologies available to criminal organizations that do not pose significant LE problems. FBI/NSA INTERACTIONS Detail all interactions between the FBI and the NSA, two organizations that in the ordinary course of business would have very litle to say to each other. In what ways have the FBI and NSA attempted to manipulate public policy to increase their joint power? Detail in what ways have the FBI and NSA cooperated in doing the actual work of either agency (FBI: apprehending and prosecuting criminals; NSA: intercepting foreign communications of diplomatic and military interest)? Detail in what ways the FBI and NSA have cooperated, which have not been directly related to the direct job of each agency (as specified above)? It has been documented (by Bamford and others) that through the early 1980s, the NSA intercepted domestic long-distance telephone traffic by means of simple dishes, mounted alongside legitimate telephone-company microwave receivers. Now that most such long-distance links have been converted to fiber-optics, is the NSA still able to intercept this traffic? How? How is the NSA affected by the passage of the Digital Telephony bill? Did the NSA play any role in the progress of this bill? Will the expected modifications to the telephone system have any uses to the NSA? How? BUDGET What's the five-year -- 1995-2000 -- budget for all crypto/net security ops? LAW ENFORCEMENT SOURCES AND MONITORING What are your agency's sources of information? Which of these are considered the most important, and for what reasons and purposes? What is the current type and extent of your agency's monitoring of the Internet? What is the type and extent of your agency's monitoring of other public communications media (i.e. radio, newspapers, etc.), both here and abroad? What sorts of intelligence come from these channels? How will your agency's methods be changed by the advent of the GII? How might your agency's mission be changed by the advent of the GII? If strong encryption comes into widespread use within the U.S., which of your sources would be compromised? How much? If strong encryption is banned or controlled within the U.S., what new information would become available? What communications would remain unmonitorable? Why? Speculate out to five or ten years. Science Fiction author Vernor Vinge once wrote, "Sufficiently advanced communication is indistinguishable from noise." Is this true? How and to what extent can encrypted communications be reliably distinguished from other types of information or noise, both today and in the future? What are the special challenges involved in compromising a key-escrowed encryption system? Has the NSA or any other intelligence agency, in the U.S. or abroad, ever gone up against a key-escrowed system, or a system which presented similar challenges and vulnerabilities? With what results? If you were ordered to crack a clipper-like system, how would you proceed? GOVERNMENT'S OWN USE OF ENCRYPTION Are your agency's internal communications encrypted? Are your agency's communications with other agencies of the U.S. Government? Other governments? Are these communications susceptible to subpoena? How? Are any of the internal communications of the U.S. Government encrypted? Which, and using what methods? Does your agency have the ability to monitor or decipher these communications? Does anyone? What information can your agency access concerning members of the U.S. Government? How has this information been used? How is it protected? INTELLIGENCE POLICY What is the strategic, tactical, economic or competitive value of intelligence? How is this value quantified and assessed? I have been told that a battlefield commander may profitably expend up to 75% of his resources on the acquisition of data about an enemy. How much of a corporation's resources, for example, would be well spent on the acquisition of various sorts of intelligence about potential competitors and/or customers? How much of a political candidate's resources would be well spent on acquiring data about opposing candidates and other organizations? In the coming "information age", how much of our society's total economic activity might we expect to become devoted to snooping in general? What is your agency's assessment of the surveillance and crypto-analytic capabilities available to large corporations, both inside and outside the U.S.? What level of intelligence-gathering and analysis capabilities might a large company be reasonably expected to be able to acquire if competitive pressures were to dictate a strong effort in that direction? What are the most powerful possible uses of intelligence, past, present and future? What sorts of research has your agency done, or is it currently doing, concerning possible future uses for intelligence information? Does your agency employ any psychologists? Sociologists? For what purposes? THE FINAL QUESTION What questions *should* we have asked you to recommend a good crypto policy for the country? From futplex at pseudonym.com Tue Aug 1 19:01:10 1995 From: futplex at pseudonym.com (Futplex) Date: Tue, 1 Aug 95 19:01:10 PDT Subject: a hole in PGP In-Reply-To: <9508011212.AA17103@all.net> Message-ID: <9508020201.AA15198@cs.umass.edu> Dr. Frederick B. Cohen writes: > It's probably my fault for not asking them in the way you are used to > hearing them, or maybe we are all over-sensitive about our work. Since I've had no involvement in the writing of PGP and RFC 1750, I don't think I'm being sensitive about my work :] [...] > And if enough of those on this list feel that this discussion and my postings > are too commercial or too abusive to take, I am certain that Brent will send > you a free copy of his Fred filter. Nah, we're not into third-party censorship here. As for myself, I intend to keep reading what you write here. Your manner is not a legitimate reason to ignore the value of (some of) your words. -Futplex From jlasser at rwd.goucher.edu Tue Aug 1 19:08:57 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Tue, 1 Aug 95 19:08:57 PDT Subject: Pat Robertson Fears E-cash? In-Reply-To: <199508020031.UAA21712@pipe2.nyc.pipeline.com> Message-ID: On Tue, 1 Aug 1995, John Young wrote: > A Foxhole-atheist swears Pat Robertson said last night that > his > new book warns of a "digital cash society" and massive > theft by cyber-criminals. Did any believer hear this, or > know if > this is what he prognosticates for e-cash bedevilment? I saw him on the 700 club about a year ago WRT this topic. As far as I can recall, the above accurately sums up his position. (The reason he really cares has to do with that "Number of the Beast" stuff in Revelations) Jon ------------------------------------------------------------------------------ Jon Lasser (410) 494-3253 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From hal9001 at panix.com Tue Aug 1 19:10:04 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Tue, 1 Aug 95 19:10:04 PDT Subject: Zimmermann legal fund Message-ID: At 17:57 7/30/95, Ed Carp [khijol SysAdmin] wrote: >When I lived in California, I banked at Security Pacific, then changed >over my account to BofA. When I left the bay area, I closed my account, >not knowing that someone had sat on a check for $120 - I thought it was me >just entering an ATM receipt twice (as I do from time to time). So, >someone from a place called ChexSystems sends me a letter, saying "well, >you had a check go through and the bank paid it, please pay us." So, I >send them the $120 or whatever it was. How old was the check when it was presented (and how long was it from the check's date until you had closed the account). If the check was stale then you have a valid gripe about the bank's behavior. I've dealt in situations where people are collecting checks which are going to be "stale" before they are submitted for processing yet there is no request to post-date the check nor setting up of an escrow account to hold/clear the money until it can be turned over to the correct owner (they collect voting fees for a convention where the winner gets the money but the holder of the election is the one who is being sent the check to sit-on [for up to 6 months] until the winner can be handed the stack of checks - There is a claim that the holder of the election can not open a segregation/escrow account due to bank rules or procedures). From futplex at pseudonym.com Tue Aug 1 19:13:40 1995 From: futplex at pseudonym.com (Futplex) Date: Tue, 1 Aug 95 19:13:40 PDT Subject: Provably Correct Crypto? In-Reply-To: <199508012149.AA26006@tyrell.net> Message-ID: <9508020213.AA15346@cs.umass.edu> Phil writes: > Or perhaps just rewrite the program to use plain arrays instead of > pointers. ;-) How about Java-PGP ? ;) -Futplex From enzo at ima.com Tue Aug 1 19:53:49 1995 From: enzo at ima.com (Enzo Michelangeli) Date: Tue, 1 Aug 95 19:53:49 PDT Subject: Stopped at the boarder In-Reply-To: <9508011001.ZM17072@glacius.alias.com> Message-ID: On Tue, 1 Aug 1995, Richard Martin wrote: > Until a few years ago, carrying software across the border from the states > to Canada, one would only pay duty on the value of the media. Canadian > Customs regulations did not recognise any value in the information > contained on the floppies. I haven't actively exported/imported software > in this manner recently (well, I carried 2.6ui to Mobile and back without > realising it (or, indeed, ever putting it in a drive) and so broke ITAR) > so I'm not sure how things stand currently. > > I think they might actually have been convinced of the value of software. > [Department of External Affairs and International Trade has been, as noted > earlier. Danger of software, at least.] As far as I know, under current GATT regulations software is not considered a commodity, and therefore its import does not attract customs duties. However, I'm not sure about the actual behaviour of the US customs; from recent cases I can confirm that in the European Union and South Africa that rule is respected. From Matthew.Sheppard at Comp.VUW.AC.NZ Tue Aug 1 19:55:53 1995 From: Matthew.Sheppard at Comp.VUW.AC.NZ (Matthew James Sheppard) Date: Tue, 1 Aug 95 19:55:53 PDT Subject: Provably Correct Crypto? Message-ID: <199508020255.OAA10557@bats.comp.vuw.ac.nz> The shadowy figure took form and announced "I am Dr. Frederick B. Cohen and I s ay ... > > I don't accept the ability to compile it myself as evidence and I > > don't accept a summary of that source written in english prose > > The reason to believe that thttpd fulfills the claims it makes is > provided in some detail in the white paper on our server (see what's new > under http://XXX.XXX). A slightly more detailed version has been > submitted for a journal article, and hopefully will appear in a year or > two. > > [ A ton of crap which was exactly what I said I didn't want ] I stipulated I didn't want any such garbage, I specifically said english summaries are not acceptable and you bombard me with them. Yet you wont accept others opinion of PGP's security, which verbal or other wise, can only be an abstract summary. > > You state that crypto should be poved correct and suggest a technique > > otherwise known as formal specification. I agree, pgp should have > > been written in Z-specs. If you take a course in formal specification > > you will soon see the intractability of the technique wrt large > > systems. > > I didn't say that. Perhaps you should review what I said before > characterizing it. piffle! Your words: "I think that this issue can generally be addressed by a divide and conquer strategy. Prove that the called routines are correct and confined under all possible parameters, do the same for the calling routines, do the same for the interaction between them, and I think you have it." This sounds like performing a formal analsis to me. And you didn't address the intractability anyway. > I have shown (not yet proven) certain things. A graduate student is now > working on trying to prove the various properties I believe to be of > interest in an automatic theorum prover he is working on. The work in automatic theorum proving is ongoing and not limited to your grad student or your work. > I believe that these things are worth showing (and proving), but you > may certainly feel free to disagree with these contentions. I said showing by english isn't good enough, proving would be fantastic. I don't believe these issues reside solely with pgp and as such you should question computability as a whole before using "incomplete specification" in accusing one system to be flawed. > > If you want prople on this list to repeat after you "I cannot be > > certain there is no compromising bugs or backdoors in X" Then I will > > go out on a limb and say everyone here will agree if system X is > > sufficiently large. > > I don't believe I ever asked anyone on this list to repeat anything. > All I did was ask questions and respond to responses to my questions. Your tiresome repetitive question was "Why do you belive X is secure" I herby answer exactly as above "I cannot be certain there is no compromising bugs or backdoors in X" -- __________ .- __ / -- -\ __ . . . 0 / <___> ___ | =8' //\/ .^| _---_ / \ = / \ \/\ |o | = / o | | || | ... / =0=======0==| |----| |= Another drive by shooting on \_\_/ \_\_/ \_\_/ the information super highway. From bailey at computek.net Tue Aug 1 20:17:52 1995 From: bailey at computek.net (Mike Bailey) Date: Tue, 1 Aug 95 20:17:52 PDT Subject: commerical busters In-Reply-To: <01HTK2WJPWYQ001IQN@VAX2.ROCKHURST.EDU> Message-ID: On Tue, 1 Aug 1995 WOOD at VAX2.ROCKHURST.EDU wrote: > > ON: 31-JUL-1995 20:14:46.10, dan at netmarket.com wrote: > > > At 8:50 PM 07/31/95, Patrick May wrote: > > > > > My dim memories from a project I did for Sony a couple of years > > >ago are that commercials are separated by a fixed number of black > > >frames and some, at least, have tracking information encoded so that > > >advertisers can monitor how often they are played. I'll try to dig up > > >more info. > > > > From: dfitzpat at interserv.com > > Wednesday July 26, 1995 -- ShopTalk > > > > - -- > > > > NEW VCRs TAKE ON COMMERCIALS POINT-BLANK > > > > By Jonathan Takiff > > Philadelphia Daily News Staff Writer > > > > > > Already besieged by Washington politicians over the content of TV > > programming (and threats of a show-blocking chip), television > > broadcasters are about to be hit with another whammy. This time it's > > VCRs that automatically blank out commercials. > > > > > > > > $$$$ $$$$$ $$$$ > > -----BEGIN PGP SIGNATURE----- > > Version: 2.6.2 > > > > iQCVAwUBMB193KZKaCr9f/gtAQFa5AP/ZEmtSM/hSXb6zcFHDmv9Me0thtAqqCxZ > > 7COYgWxuLkl78+y/INpFKW861mrNig1UlO8Q+vDImKK3qUmTS1tzRWNIH9XVyYtA > > pJ05g/Z/WKUPx17jd2no9oRqut4bziLa4iMj59B/4nxAhIjEtE5TZFP6okCQ1HGm > > qbFhOteJavc= > > =Opny > > -----END PGP SIGNATURE----- > > > dan I believe that they did something like this in Japan several years ago ... I believe they sensed changes in the power output of the audio and also looks for changes in the color outputs. The last I read on said they had limited sucess with their methods. -Mike ************************************************************************** * Mike Bailey (hm)214-252-3915 * * AT&T Capital Corporation. (wk)214-456-4510 * * email bailey at computek.net host bambam.computek.net * * "Remember you can tune a piano but you can't tuna fish -Joe Walsh" * * http://www.computek.net/public/bailey * ************************************************************************** From liberty at gate.net Tue Aug 1 20:27:06 1995 From: liberty at gate.net (Jim Ray) Date: Tue, 1 Aug 95 20:27:06 PDT Subject: NRC Panel, Law Enforcement questions Message-ID: <199508020325.XAA158645@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Nice questions, John. To bring executive-branch accountability to a level more closely approaching absolute zero, the FBI might want a FOIA backlog of +8 years instead of "only" 5, but from what little I know of FOIA; its exceptions, combined with a hostile judiciary (led by Justice Scalia) are swallowing most of it anyway, as embarrassment _obviously_ hurts vital U.S. National Security Interests...[Note: IANAL, and I *am* a bit sarcastic!] I wonder, and perhaps my kind friend Hadmut can help me here, if there is an English translation of any and all Nazi-era German laws/regs regarding cryptography. As I [dimly] recall, Enigma was born as a private enterprise and the patent was only later taken over by government and classified after it was offered for sale to businesses (without much luck). These laws, if they exist, might make for interesting reading in side-by-side comparison with either Sen. Grassley's latest proposals, or with anything regarding cryptography coming from our paranoid FBI director. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMB7vC21lp8bpvW01AQE9WQP7BxH6fBTRyxLX3Sw46oYSCbTHKukVC5Hc Z9nNSC35bazNa5QBCnr7pZjFUBmGXTzs4/NE2uyPbp34d3ojVJrgta9n+y8DX5uD yY4oMignyHGMPscac8OEkUmN+5T5gG1UKYpWv80Qt8sGfpyw3HCHOyE2YYFjpZ1y X+/ZDHvogj8= =dJ3T -----END PGP SIGNATURE----- Regards, Jim Ray "The people will again respect the law when the law again respects the will of the people." Jim Ray, Campaign '92 ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ From vznuri at netcom.com Tue Aug 1 20:36:37 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 1 Aug 95 20:36:37 PDT Subject: anonymity review in law journal Message-ID: <199508020334.UAA09787@netcom15.netcom.com> Hi everyone, someone tipped me off to a law review article by Anne Branscomb entitled Anonymity, Autonomy, and Accountability: Challenges to the First Amendment in Cyberspaces 104 Yale L F 1639. I have not seen this myself or noticed it mentioned here but it might be an interesting read for anyone who has access to it, and useful as a footnote in someone's paper, web filling, pointer for reporters, fish wrapping, or bird cage lining. (as Alfred E. Neuman might note) ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^ \ / ~/ |\| | | |> | : : : : : : Vladimir Z. Nuri : : : : \/ ./_.| | \_/ |\ | : : : : : : ftp://ftp.netcom.com/pub/vz/vznuri/home.html From erc at khijol.intele.net Tue Aug 1 20:36:40 1995 From: erc at khijol.intele.net (Ed Carp [khijol SysAdmin]) Date: Tue, 1 Aug 95 20:36:40 PDT Subject: US vs Overseas Banks In-Reply-To: Message-ID: On Tue, 1 Aug 1995, Robert A. Hayden wrote: > It's interesting to note that where I am (Mankato, Minnesota) I was able > to open a checking account with NO ID what so ever. I just wrote down a > name and address (which is a P.O. box, BTW) and the next wee I had a box > of checks (free) and a ATM card (also free). > > Of course, this bank has been criticized for being somewhat lax on who > they give accounts to, but the point still stands. I could have been > anybody, and give any false address. *shrug* Why should they give a damn who you are? IMO, it's none of their business. Hell, they're making $$$ on *your* deposits, it's time they stopped being such shits about it. -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. From vznuri at netcom.com Tue Aug 1 20:51:16 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 1 Aug 95 20:51:16 PDT Subject: "The Future does not Compute" Message-ID: <199508020349.UAA11272@netcom15.netcom.com> I am reading "the Future does not Compute" by Stephen L. Talbott. I wonder if anyone else has gotten into this. Its a fairly interesting read that is some of the typical trendy reactionism against the utopianism of various visionaires promoting cyberspace and the bit revolution. Talbott however seems to be awfully vague in his criticisms. They seem to amount to, "I'm not sure what the net is missing, but it lacks something crucial that is the essence of our humanity". It reminds me of the various criticisms against AI by Penrose and Searle, "the technology fundamentally lacks, and will continue to lack, that inexpressible something that makes us human which is impossible to define or characterize." One quote drew my attention. He quoted an anonymous participant on an "irvc-l" discussion list: While I'm not forecasting Utopia, I think networks of the future will be the most incredibly egalitarian technology ever invented. It will transform our entire societies. Imagine that homeless people or single parent children can "interconnect" with anybody who is willing to talk to them in the *world*. The possibilities are rather dazzling. Sure, there might be even cyberspatial outcasts, but the point is that we will be doing *at least* as well as we are now, which is not something to "write home" about. The writing seems vaguely familiar, yet I can't quit pin it down. I think I might have been on that list in the time period, and I am trying to figure out the authorship. (And am a bit annoyed at Talbott for not giving proper credit.) Surely one of the visionaires like Gilmore, Barlow, Rotenberg, or somesuch. Its an interesting theme; I think it may have been the same author who said, quoted by Talbott, "the net is fundamentally democratizing and leveling." If anyone recognizes that quote, maybe drop me a line. Talbott uses this theme of whether "the Net is inherently democratizing and leveling" as a counterpoint thought to the chapter, even at times the whole book. I am inclined to agree with Talbott in general, by the way, and I think the quotes are overstated. In my opinion networks are like all other technologies: they bring out the best and worst in human beings, beyond what was known previously. In this way technology is like a magnifying glass on our virtues and vices. We may find the things that work about our society magnified, but at the same time our failings become expanded and exacerbated as well. That is what I like about great technology. It is not necessarily an ends in itself, but a way of learning about the essence of our human psychology. It forces us to confront what we find uplifting and what we find despicable, and removes the possibility of denial. It seems to me that networks are inherently democratic in a society that craves democracy, but I don't really believe that there is fundamentally something egalitarian or democratic about certain kinds of technology. Actually, I think that is true in general if *everyone* is given access to the techology, but the problem is that some governments can use the technology for themselves as a powerful instrument of control by the elites over the downtrodden. To me Talbott has a very good point, that we should be thoughtful in the creation of new technology, and examine our axioms as to whether we can even achieve what we are attempting to derive from it in the long run. The Thoreauian quote, "men have become the tools of their tools" comes to mind repeatedly when I read Talbott. ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^ \ / ~/ |\| | | |> | : : : : : : Vladimir Z. Nuri : : : : \/ ./_.| | \_/ |\ | : : : : : : ftp://ftp.netcom.com/pub/vz/vznuri/home.html From adwestro at ouray.cudenver.edu Tue Aug 1 21:13:39 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Tue, 1 Aug 95 21:13:39 PDT Subject: NRC Panel, Law Enforcement questions In-Reply-To: <199508020325.XAA158645@tequesta.gate.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 01 Aug 1995, liberty at gate.net (Jim Ray) wrote: > I wonder, and perhaps my kind friend Hadmut can help me here, if there is > an English translation of any and all Nazi-era German laws/regs regarding > cryptography. I'm not Hadmut, don't play him on TV, and am not known for being kind, but I recently learned that, "In 1940, Nazi Germany ordered all books on cryptology withdrawn from circulation." -- from historian David Kahn's statement before the House Government Information and Individual Rights Subcommittee, March 20, 1980. Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMB75vVRRFMq4NZY5AQH2mgP/VJ6p5Iw0HLgpEPvMO8nWLtPh8MRhEBWJ rckqqpGWyDv8o4bdbaIhwOlUcZEulI4LBt6/ola1VMvuWigFlrh3eXqD2Ojk+L3G Wac9D07Vg8dOWwBaa2y13XNbICDfwX2PBvGda6KagSCXaiElfDqZulTCex3jh39D G3clzxi2bv4= =ieoE -----END PGP SIGNATURE----- From grendel at netaxs.com Tue Aug 1 21:14:43 1995 From: grendel at netaxs.com (Michael Handler) Date: Tue, 1 Aug 95 21:14:43 PDT Subject: Pat Robertson Fears E-cash? Message-ID: John Young: | A Foxhole-atheist swears Pat Robertson said last night that his | new book warns of a "digital cash society" and massive | theft by cyber-criminals. Did any believer hear this, or | know if this is what he prognosticates for e-cash bedevilment? ----- BEGIN EXCERPT ----- The 700 Club, March 8, 1995, 10:00 -- 11:30 AM [ ... ] PAT ROBERTSON: OK. Well, ladies and gentlemen, something a little bit more serious. You know, the Bible talks about a day when people won't be able to buy or sell except having a mark; a mark of what is called the beast. It's one of those things in Relevation that keeps coming up. Well, as technology increases, we see a little bit -- a little bit more. Now we've got digital cash that may on the way to your wallet, a card you can use for any kind of purchase, from health care to road tolls to pay-per-view TV. But are there hidden security dangers in this computerized wonder card? We've got a special report on this program. You don't want to miss it. [ ... ] ROBERTSON: Now that man [David Chaum!] is Jewish. I don't know whether he's speaking out of Relevations or not, but that is the scenario set forth ... in Relevation, that the -- the -- the cards are too -- too valuable to be lost, which means that -- that there has to be some other identification. And we just were speaking, prior to the program, about the possibility of, indeed, a tattoo that would carry -- just tiny little dots would carry -- all the information that is needed could be put on somebody's hand or wherever. It's -- it's that close, really. ... We've got a few years to go, but I -- I -- I -- I'm just -- and -- and the -- the -- the justification for all this is, `Well, we can't have people dealing drugs.' So let's -- in order to cut the drug dealers, let's take away the freedom and privacy of every other human being on the face of the earth, and that is a frightening prospect. [ ... ] ----- END EXCERPT ---- There's more, like an interview with David Chaum and Dave Banisar [EPIC], but I've got raw calluses on my hands, so I'm not doing any more typing tonight. ;-) PS to JYA: Communique top secret postal address / telephone facsimile machine access codes for possible transmittance of relevant sections for scanning and automatic distribution to the CP list via usual methods? Remember to use HyperMIME backchannel DC-net OTP public key MOST SECRET secret-shared subliminal-signature encoding methods to prevent intellectual property gestapo from homing in on location of Rebel base, no? ;-) -- Michael Handler | Cypherpunks: Civil Liberty through Complex Mathematics handler at sub-rosa.com | grendel at netaxs.com | ISO: Midrange good quality violincello, new or used, Philadelphia, PA | full size, with bow and case, in PA/NY/NJ/DE/MD. From penny at tyrell.net Tue Aug 1 21:17:16 1995 From: penny at tyrell.net (Alan Penny) Date: Tue, 1 Aug 95 21:17:16 PDT Subject: Munition (RSA) Tshirt Testimonial Message-ID: <199508020412.AA17824@tyrell.net> I got my RSA tshirt this week. It looks good! Features: - Way cool black with white lettering - Famous RSA code in 5 lines of perl code on front. - Same text represented in CODE 128 barcode (several bar code lines look kind of smudgy, I doubt that the bar code could actually be read by a scanner, but it looks cool!). - Text on back: "Warning this Tshirt is a munition, ITAR section..." I have worn the shirt out 2 times this week. Unfortunately no one seemed to be impressed by it :-( Maybe I will go browsing for a Pentium system at CompUSA with it on this week end and see if it draws any comment/notice. I got my shirt from: dhenson at itsnet.com (Don Henson) Don Henson, Managing Director (PGP Key ID = 0X03002DC9) West El Paso Information Network (WEPIN) Check out The WEPIN Store at URL: http://colossus.net/wepinsto/wshome.html Order it one or two sizes larger than you think that you need for a comfortable fit! Cordially, [-------------------------------------------------------------------------] [ Public pgp-key: email penny at tyrell.net with subject as 'send pgp-key' ] [ My opinions are mine. I have scored 90% on the the Turing Test. ] [ Alan Penny, penny at tyrell.net ] From nzook at bga.com Tue Aug 1 21:54:25 1995 From: nzook at bga.com (Nathan Zook) Date: Tue, 1 Aug 95 21:54:25 PDT Subject: Software Glitch FYI (fwd) Message-ID: ---------- Forwarded message ---------- Date: Tue, 1 Aug 95 01:55 EST From: Dr. Linda D. Thompson - American Justice Federation To: aen!news at iquest.net Subject: Software Glitch FYI A Congressman's aid called me today to explain that if you send email to all the Congressmen's offices at one time, the software at their end causes each Congressman to receive 50 copies. Please be sure everyone is aware of this glitch. To prevent 50 copies from being sent to each Congressman, it is necessary to break the mailing list into 5-10 addresses at a time. Every list I've ever received of Congressional Emails has annoying spaces and formats, so my list doesn't have that. It can be copied directly into a nickname box in Eudora or to a Bcc: list on a message. senator at boxer.senate.gov senator_brown at brown.senate.gov, sen_dodd at dodd.senate.gov, senator_lieberman at lieberman.senate.gov, joe_biden at biden.senate.gov, senator_coverdell at coverdell.senate.gov, tom_harkin at harkin.senate.gov, chuck_grassley at grassley.senate.gov, larry_craig at craig.senate.gov, dirk_kempthorne at kempthorne.senate.gov, senator at simon.senate.gov, senator at moseley-braun.senate.gov, wendell_ford at ford.senate.gov, senator at breaux.senate.gov, senator at johnston.senate.gov, senator at kennedy.senate.gov, john_kerry at kerry.senate.gov, senator at mikulski.senate.gov, senator at levin.senate.gov, mail_grams at grams.senate.gov, senator at wellstone.senate.gov, john_ashcroft at ashcroft.senate.gov, max at baucus.senate.gov, conrad_burns at burns.senate.gov, bob at kerrey.senate.gov, mailbox at gregg.senate.gov, opinion at smith.senate.gov, senator at bradley.senate.gov, senator_Bingaman at bingaman.senate.gov, senator_domenici at domenici.senate.gov, senator_reid at reid.senate.gov, senator_dewine at dewine.senate.gov, nickles at rpc.senate.gov, lugar at iquest.net senator_chafee at chafee.senate.gov, senator at hollings.senate.gov, tom_daschle at daschle.senate.gov, larry_pressler at pressler.senate.gov, senator_frist at frist.senate.gov, senator at hutchison.senate.gov, senator_robb at robb.senate.gov, senator at warner.senate.gov, senator_leahy at leahy.senate.gov, vermont at jeffords.senate.gov, senator_Gorton at gorton.senate.gov, russell_feingold at feingold.senate.gov, senator at rockefeller.senate.gov, everett at hr.house.gov, budmail at hr.house.gov, sbachus at hr.house.gov, jdickey at hr.house.gov, edpastor at hr.house.gov, dcaucus at hr.house.gov, woolsey at hr.house.gov, gmiller at hr.house.gov, sfnancy at hr.house.gov, talk2tom at hr.house.gov, petemail at hr.house.gov, annagram at hr.house.gov, tellnorm at hr.house.gov, zoegram at hr.house.gov, samfarr at hr.house.gov, george at hr.house.gov, andrea22 at hr.house.gov, tellbuck at hr.house.gov, jharman at hr.house.gov, tucker96 at hr.house.gov, housesst at hr.house.gov, rpackard at hr.house.gov, skaggs at hr.house.gov, schaefer at hr.house.gov, bozrah at hr.house.gov, cshays at hr.house.gov, delaware at hr.house.gov, kthurman at hr.house.gov, cstearns at hr.house.gov, canady at hr.house.gov, pdeutsch at hr.house.gov, hastings at hr.house.gov, jlinder at hr.house.gov, georgia6 at hr.house.gov, saxby at hr.house.gov, ga10 at hr.house.gov, runderwo at hr.house.gov, brush at hr.house.gov, luisg at hr.house.gov, hfawell at hr.house.gov, dhastert at hr.house.gov, durbin at hr.house.gov, johnhost at hr.house.gov, emailpat at hr.house.gov, edky01 at hr.house.gov, mward2 at hr.house.gov, bunning4 at hr.house.gov, torkma06 at hr.house.gov, jmoakley at hr.house.gov, cardin at hr.house.gov, tellhoek at hr.house.gov, congehlr at hr.house.gov, davecamp at hr.house.gov, repsmith at hr.house.gov, chrysler at hr.house.gov, lrivers at hr.house.gov, jconyers at hr.house.gov, gil at hr.house.gov, dminge at hr.house.gov, mn03 at hr.house.gov, vento at hr.house.gov, tellbill at hr.house.gov, tocollin at hr.house.gov, oberstar at hr.house.gov, goldsmit at iquest.net talentmo at hr.house.gov, demldr at hr.house.gov, bemerson at hr.house.gov, bthompson at hr.house.gov, funnc02 at hr.house.gov, thechief at hr.house.gov, mail2nc5 at hr.house.gov, crose at hr.house.gov, myrick at hr.house.gov, chtaylor at hr.house.gov, melmail at hr.house.gov, epomeroy at hr.house.gov, zeliff at hr.house.gov, franksnj at hr.house.gov, dzimmer at hr.house.gov, mpforbes at hr.house.gov, lazio at hr.house.gov, tmanton at hr.house.gov, molinari at hr.house.gov, rangel at hr.house.gov, jserrano at hr.house.gov, engeline at hr.house.gov, boehlert at hr.house.gov, bpaxon at hr.house.gov, portmail at hr.house.gov, hokemail at hr.house.gov, istook at hr.house.gov, furseor1 at hr.house.gov, pdefazio at hr.house.gov, murtha at hr.house.gov, jonfox at hr.house.gov, mchale at hr.house.gov, pa16 at hr.house.gov, jspratt at hr.house.gov, cwilson at hr.house.gov, samtx03 at hr.house.gov, barton06 at hr.house.gov, doggett at hr.house.gov, frost at hr.house.gov, ggreen at hr.house.gov, enidutah at hr.house.gov, ortonut3 at hr.house.gov, opickett at hr.house.gov, talk2bob at hr.house.gov, ninthnet at hr.house.gov, bsanders at igc.apc.org, repwhite at hr.house.gov, asklinda at hr.house.gov, dunnwa08 at hr.house.gov, rtate at hr.house.gov, mneumann at hr.house.gov, badger02 at hr.house.gov, roth08 at hr.house.gov, commerce at hr.house.gov, slabmgnt at hr.house.gov, resource at hr.house.gov, housesst at hr.house.gov, smbizcom at hr.house.gov ============================================ Dr. Linda D. Thompson American Justice Federation 3850 S. Emerson Avenue, Suite E, Indianapolis, IN 46203 Telephone: (317) 780-5203 AEN News BBS: (317) 780-5211 Fax: (317) 780-5209 Orders (Visa/MC) 1-800-749-9939 Internet: lindat at iquest.net ******************************************************************************* From nzook at bga.com Tue Aug 1 22:44:30 1995 From: nzook at bga.com (Nathan Zook) Date: Tue, 1 Aug 95 22:44:30 PDT Subject: Provably Correct Crypto? In-Reply-To: <9508011911.AA11465@all.net> Message-ID: On Tue, 1 Aug 1995, Dr. Frederick B. Cohen was alleged to have blathered: > Tim May mused: > > Anything that "reaches out" to external libraries or utilities would then > > have the vulnerabilities of _those_ libraries and utilities, which may or > > may not be provably correct themselves. (And the issue of any PRNG being > > probably correct or not is of course an interesting, and deep, question.) > > > > I do think the issues of modular design and provable correctness--or > > approximations to it--are interesting ones. > > I think that this issue can generally be addressed by a divide and > conquer strategy. Prove that the called routines are correct and > confined under all possible parameters, do the same for the calling > routines, do the same for the interaction between them, and I think you > have it. This is pretty easy for one or two routines, but when you take > the OS into account, the C compiler into account, the program itself > into account, and the external environment into account, you run into > some serious limitations. For example, you may (in some cases) have to > show that under all possible sequences of interrupt timings and stack > conditions, the system operates correctly (which almost none currently > do). Unless you design with this sort of thing in mind, it's very hard > to demonstrate these properties even for limited subproblems. > After all your griping over PGP, you spout this? Have you ever heard of Godel's theorem? I have a phrase for people who peddle their mark of approval that a given large program will work: "Snake oil salesman". In the messages which you have scrawled between this and the last on my system when I caught up this evening, you have demonstrated the fraudulent nature of your business by first claiming that certain propositions were "demonstrated", then stating that a graduate student was working on "proving" them. I repeat: Snake Oil Salesman From nzook at bga.com Tue Aug 1 22:46:16 1995 From: nzook at bga.com (Nathan Zook) Date: Tue, 1 Aug 95 22:46:16 PDT Subject: Pat Robertson Fears E-cash? In-Reply-To: Message-ID: I believe that Pat Robertson is not aware of the privacy-enhancing capabilities of e-cash. In a probabilistic sense, he may well be right. Nathan From an264373 at anon.penet.fi Tue Aug 1 22:52:36 1995 From: an264373 at anon.penet.fi (Sauroth) Date: Tue, 1 Aug 95 22:52:36 PDT Subject: pkzip cracking Message-ID: <9508020518.AA02633@anon.penet.fi> Does anyone have a utility to crack password encrypted/protected zip files? Or an address to download one? All replies / flames / pointers appreciated. Sauroth ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From bdavis at thepoint.net Tue Aug 1 23:09:46 1995 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 1 Aug 95 23:09:46 PDT Subject: a hole in PGP{n@3 In-Reply-To: Message-ID: On Tue, 1 Aug 1995, Duncan Frissell wrote: > > > On Mon, 31 Jul 1995, Dr. Frederick B. Cohen wrote: > > > Why (specifically) do you think so? Because you claim it? Because the > > MIT maintainer claims it? You say MIT is not associated with the NSA, > > but they have historically been funded by the NSA and other federal > > agencies for work on information security. Do you really think that the > > Of course MIT was in the NSA's pocket back in 1978 when they mailed me > and 3,000 other people a copy of "A Proposal for a Public Key Encryption > System" and started this whole Public Key-Private Key thing. It was all > part of a plot. If they hadn't done that we might all be using stronger > systems today. You forgot the NSA's most recent overt act in the PGP conspiracy: it gets PGP declared a munition, harassing PZ, gets lots of bad press, etc., all in order to make Cypherpunks believe that there is no back door, when there really is! Shhhhhhhhh. Don't let on that you know. Just go back to Rot-13 encoding. > DCF EBD From paul.elliott at hrnowl.lonestar.org Tue Aug 1 23:14:15 1995 From: paul.elliott at hrnowl.lonestar.org (Paul Elliott) Date: Tue, 1 Aug 95 23:14:15 PDT Subject: A hole in PGP Message-ID: <301f0cc0.flight@flight.hrnowl.lonestar.org> -----BEGIN PGP SIGNED MESSAGE----- If I were going to create a hole in PGP, I would create a "bug" in PGP's key generation process which would limit the primes PGP chooses to a relatively small subset. Then when I wanted to break, I would factor by searching this small subset. I could also try to put a bug in the code that chooses a Random Idea key, making it choose from a small subset, that again could be searched. To put a bug in the idea portion of PGP would be difficult because people can check if PGP can intemperate with other implementations of IDEA. - -- Paul Elliott Telephone: 1-713-781-4543 Paul.Elliott at hrnowl.lonestar.org Address: 3987 South Gessner #224 Houston Texas 77063 -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBMB8adfBUQYbUhJh5AQEx3QP9Har9kb9731F/Nzl0p9kMDEhN6YaSmU4D HZ+Xhcwq8fA1EBZOzszmjG5gI2JZvciaQpA6vV+ZraKCoJljXB0Ud0AuRwJnxbSq K4gvmev2Hgi3soE1HWsF/ODmiO4be+haxfDrTYDNjVDP56XL1LH2Lxysx1cqrVqt DRZ4l0480PE= =eLP9 -----END PGP SIGNATURE----- From tcmay at sensemedia.net Wed Aug 2 00:36:44 1995 From: tcmay at sensemedia.net (Timothy C. May) Date: Wed, 2 Aug 95 00:36:44 PDT Subject: Pat Robertson Fears E-cash? Message-ID: At 12:31 AM 8/2/95, John Young wrote: > A Foxhole-atheist swears Pat Robertson said last night that >his > new book warns of a "digital cash society" and massive > theft by cyber-criminals. Did any believer hear this, or >know if > this is what he prognosticates for e-cash bedevilment? I didn't see this, but even if I did it's not likely the subtleties of digital cash societies would be explored. There is the "digital cash society" we fear as an Orwellian surveillance society, with all transactions recorded. This is perhaps the future Robertson fears. There is the "digital cash society" based on Chaumian schemes and untraceability, similar to a "hard cash" society without proofs of identity at every stage, and I suspect Robertson would find much to like about this. (There are also the implications which Robertson might recoil at, too. :-}) So, hearing that "Pat Robertson is warning against a digital cash society" is not too worrisome to me. I suspect he means the stuff about Big Brother tracking us and the Number of the Beast, and so on. Don't forget he came out strongly against Clipper, early on. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at sensemedia.net | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From fc at all.net Wed Aug 2 01:36:55 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Wed, 2 Aug 95 01:36:55 PDT Subject: Provably Correct Crypto? In-Reply-To: Message-ID: <9508020830.AA25888@all.net> > > I think that this issue can generally be addressed by a divide and > > conquer strategy. Prove that the called routines are correct and > > confined under all possible parameters, do the same for the calling > > routines, do the same for the interaction between them, and I think you > > have it. This is pretty easy for one or two routines, but when you take > > the OS into account, the C compiler into account, the program itself > > into account, and the external environment into account, you run into > > some serious limitations. For example, you may (in some cases) have to > > show that under all possible sequences of interrupt timings and stack > > conditions, the system operates correctly (which almost none currently > > do). Unless you design with this sort of thing in mind, it's very hard > > to demonstrate these properties even for limited subproblems. > > > > After all your griping over PGP, you spout this? Have you ever heard of > Godel's theorem? I think so. From my understanding, it basically says that, in the general system, you can write a legitimate expression that expresses its own illegitimacy, or in other words that the general system is incomplete "...in the sense that it fails to provide a proof for every formula which is true under the interpretation..." (quoted from "Introduction to Metamathematics" by S.C. Kleene 1952,...,1980) But I think you misinterpret this. This does not mean that no program can be proven to meet any properties. It means that, among other things, there are an infinite number of infinite expressions that cannot be proven, but it does not mean that a finite expression (e.g., a typical modern program) cannot be proven to meet all sorts of properties. In particular, for certain classes of programs, proofs about the flow of information are not exceedingly complex to establish. In general (as was proven in the early 1980s), tracking information flow in a program is NP-complete, however, in a program designed to limit information flow this can be very straight forward (in fact I think it may be linear time and space). By proving that information doesn't flow from place to place, we can essentially prove that information in one place does not affect information in another place (by information thoeory), and therefore greatly reduce the complexity of demonstrating various things of particular interest to information security - to wit - that item A doesn't corrupt item B, and that information in item A is not leaked to item B. > I have a phrase for people who peddle their mark of > approval that a given large program will work: "Snake oil salesman". In the case of the http daemon, it is a relatively small program of less than 80 lines designed to be secure in various ways. In the case of PGP it is a relatively larger program that it not designed to be secure. > In > the messages which you have scrawled between this and the last on my > system when I caught up this evening, you have demonstrated the > fraudulent nature of your business by first claiming that certain > propositions were "demonstrated", then stating that a graduate student > was working on "proving" them. How is it fraudulent to accurately state the facts? > I repeat: Snake Oil Salesman -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From fc at all.net Wed Aug 2 01:38:20 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Wed, 2 Aug 95 01:38:20 PDT Subject: Provably Correct Crypto? Message-ID: <9508020832.AA25989@all.net> > I stipulated I didn't want any such garbage, I specifically said > english summaries are not acceptable and you bombard me with them. > Yet you wont accept others opinion of PGP's security, which verbal or > other wise, can only be an abstract summary. The difference between my response to your question and your responses to my questions is that I tried to answer your questions. > > > You state that crypto should be poved correct and suggest a technique > > > otherwise known as formal specification. I agree, pgp should have > > > been written in Z-specs. If you take a course in formal specification > > > you will soon see the intractability of the technique wrt large > > > systems. > > > > I didn't say that. Perhaps you should review what I said before > > characterizing it. > > piffle! Your words: > "I think that this issue can generally be addressed by a divide > and conquer strategy. Prove that the called routines are > correct and confined under all possible parameters, do the > same for the calling routines, do the same for the interaction > between them, and I think you have it." I don't see wher I said anything about formal specification here or Z-specs. It's true that proof of correctness for large systems is a hard problem, and that is one of the reasons that the secure http daemon is designed to be small. However, the same has not been shown (as far as I am aware) for many of the other properties that may be interesting from a security standpoint. > This sounds like performing a formal analsis to me. And you didn't > address the intractability anyway. Problems worthy of attack, prove their worth by fighting back - Alan Perlis > > I have shown (not yet proven) certain things. A graduate student is now > > working on trying to prove the various properties I believe to be of > > interest in an automatic theorum prover he is working on. > > The work in automatic theorum proving is ongoing and not limited to > your grad student or your work. I never said it was and he is not my grad student. He is a grad student who made some comments on the daemons and decided he would be interested in seeing if some of these properties could be proven. > > I believe that these things are worth showing (and proving), but you > > may certainly feel free to disagree with these contentions. > > I said showing by english isn't good enough, proving would be > fantastic. I don't believe these issues reside solely with pgp and as > such you should question computability as a whole before using > "incomplete specification" in accusing one system to be flawed. And I told you that we are in the process of, but not finished with, doing just that. I never said that any such problems reside solely in PGP. > > > If you want prople on this list to repeat after you "I cannot be > > > certain there is no compromising bugs or backdoors in X" Then I will > > > go out on a limb and say everyone here will agree if system X is > > > sufficiently large. > > > > I don't believe I ever asked anyone on this list to repeat anything. > > All I did was ask questions and respond to responses to my questions. > > Your tiresome repetitive question was "Why do you belive X is secure" > I herby answer exactly as above "I cannot be certain there is no > compromising bugs or backdoors in X" If you are tired of hearing my responses to your comments, there is an obvious solution. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From aba at dcs.exeter.ac.uk Wed Aug 2 03:05:21 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Wed, 2 Aug 95 03:05:21 PDT Subject: some discussion of rannos in PGP (was: of a hole in PGP) Message-ID: <28643.9508011023@exe.dcs.exeter.ac.uk> Fred Cohen writes on cpunks: : PGP is a product that is specifically disliked by the powers that be : because it provides free access to strong cryptography which is against : the public policy of the US government. That means that people in that : same said government likely feel it is their duty to make certain that : they can still read PGP mail. Certainly granted! Hence persecution of Phil Z. A bit difficult to achieve in the presence of available source code, I (and many others) are using PGP compiled by themselves. That doesn't prove there are no subtle back-doors but it rules out unsophisticated backdoors in distributed executables. (Even such things could be checked if someone got suspicious, things can be reverse engineered). Now to the question of what can be done practically to help further validate PGPs authenticity, and freeness from back-doors. The way I see it the only attack which you could reasonably expect to pull off in terms of being subtle enough to hope to get away with given full access to source is the random number generator. The code which actually generates the random primes, and converts them to PGP output format is reasonably short and well defined. Wouldn't take long to single step that and watch that nothing happened on the way out to file. Encryption is a similarly simple operation, M ^ e % n you could easily check that manually (with a certain small piece of perl even). Same for generation of IDEA keys. I don't really feel qualified to comment properly on the random number generation, but to me (I looked at the source in fair detail) it looks good. I mean there is real entropy being generated (timing key strokes against a high speed clock on PCs lower on UNIX systems typically) and the stirring operation looks good, MD5 + XOR on key. Presuming that the MD5 implementation is correct? Seems a pretty good likelihood to be, it's been given enough real world tests that you could do a very nice probablistic statistical confidence test on it. Which would easily say that it was correct to some huge degree of certainty. The legitimacy of using a high frequency clock to time intervals between key strokes, seems a very good way of generating random numbers. I mean there is most definately *some* entropy being generated, PGP makes reasonably conservative estimates of the amount of entropy generated, and stirs the whole number in (not just the expected entropy). I'm not saying your comments aren't useful; they are, and analysis and critique of the random number generation in particular is very important. Indeed given the sheer cost of factoring a 2048 bit RSA modulus, or of brute forcing a 128bit IDEA key, it is indeed a pertinent question as to whether any kind of brute force attack could be generated on the random number generation, which could be slighly cheaper than either of these. 128bits is a lot to play with. To me it looks good, but then I'm not a cryptographer, and also there is the kind of "NP problem aspect" to it all in that for reasonably complex code it will not be apparent whether a proof is possible with out looking at the specifics. Still I think some analysis of the random number generation code would be useful work. I'm not expecting to see a flaw, but doesn't mean it shouldn't be entered into with an open mind. I think it does not fall in the same league as the apparent difficulty of having a secure sendmail (you said a compromising couple of bugs seem to get found a couple of times a year), for the reason that what PGP is doing with it's random no generation is well defined, contained in a few lines of code, and only really relying on a couple of assertions: 1) MD5 is itself not inherently flawed 2) the MD5 implementation is correct 3) key stroke timings are a source of a safely conservatively estimatable amount of entropy 4) the key generation method does not narrow the search space 5) there are no other compromising bugs between key generation of the key and it being written to the keyring 1) Heh, not a lot you can do about that. Is it or isn't it? Time will tell. 2) Seems pretty likely to me there are test strings which come with the RFC implemenation, and it would be unbelievably unlikely that it should produce the complete set of tests and yet somehow still be flawed. Given that there are _no_ branches in the algorithm (ie just various permutations and bit twidlings based on the key info, which get mangled into the digest. 3) Pretty good I think, especially on a PC, which has a higher speed timer. Some entropy is surely generated, and with safe entropy estimation, and cryptographically secure stirring, it sounds pretty good to me. 4) For RSA keys, I don't think so, unless you believe that strong primes will agains become important. For current factoring algorithms strong primes are just as hard to factor as a completely randomly generated prime, except for certain primes which are in any have an infinitesimal chance of occurring. For IDEA keys there is little value added over a striaght ran no, as there are no special properties which an IDEA key must have. 5) I would assert is relatively trivial to demonstrate, a couple of hours with a debugger should demonstrate that. You could do testing more rigourously, test every branch, so that you have checked that the outcome is that the key gets written to the keyfile, with various options, not utterly fool proof of course, but pretty darn good given the simplicity. On the more philosophical side, with the idea that you can never be sure that folks aren't NSA agents with hidden agendas etc, well you can't be sure. But the open source and sheer number of folks reading is the best argument against this. That means that at least some true blue cpunks, "live free or die" types will read it in earnest, and examine very carefully. Another philosophical argument against PGP having any cleverly hidden "back-doors" in the form of purposefully weakened ran-no generators or what have you is that the NSA et all hate PGP with such vehemence. Heh if they don't like it, it must be good :-) And remember, say NO to key escrow :-) (It's no good having an ultra carefully validated PGP if you go to jail for being caught with a copy on your HD, welcome to the Land of the Freeh, and all you know. May happens sooner than expected, then the only folks using crypto will be the "live free or die" folks, plus of course the criminals who figure they have more to hide and would get in more trouble for what they are really up to than for a "possesion of crypto" charge.) Adam -- HAVE *YOU* EXPORTED RSA TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ --rsa--------------------------8<------------------------------- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 -----BEGIN PGP SIGNED MESSAGE----- Fred Cohen writes on cpunks: : PGP is a product that is specifically disliked by the powers that be : because it provides free access to strong cryptography which is against : the public policy of the US government. That means that people in that : same said government likely feel it is their duty to make certain that : they can still read PGP mail. Certainly granted! Hence persecution of Phil Z. A bit difficult to achieve in the presence of available source code, I (and many others) are using PGP compiled by themselves. That doesn't prove there are no subtle back-doors but it rules out unsophisticated backdoors in distributed executables. (Even such things could be checked if someone got suspicious, things can be reverse engineered). Now to the question of what can be done practically to help further validate PGPs authenticity, and freeness from back-doors. The way I see it the only attack which you could reasonably expect to pull off in terms of being subtle enough to hope to get away with given full access to source is the random number generator. The code which actually generates the random primes, and converts them to PGP output format is reasonably short and well defined. Wouldn't take long to single step that and watch that nothing happened on the way out to file. Encryption is a similarly simple operation, M ^ e % n you could easily check that manually (with a certain small piece of perl even). Same for generation of IDEA keys. I don't really feel qualified to comment properly on the random number generation, but to me (I looked at the source in fair detail) it looks good. I mean there is real entropy being generated (timing key strokes against a high speed clock on PCs lower on UNIX systems typically) and the stirring operation looks good, MD5 + XOR on key. Presuming that the MD5 implementation is correct? Seems a pretty good likelihood to be, it's been given enough real world tests that you could do a very nice probablistic statistical confidence test on it. Which would easily say that it was correct to some huge degree of certainty. The legitimacy of using a high frequency clock to time intervals between key strokes, seems a very good way of generating random numbers. I mean there is most definately *some* entropy being generated, PGP makes reasonably conservative estimates of the amount of entropy generated, and stirs the whole number in (not just the expected entropy). I'm not saying your comments aren't useful; they are, and analysis and critique of the random number generation in particular is very important. Indeed given the sheer cost of factoring a 2048 bit RSA modulus, or of brute forcing a 128bit IDEA key, it is indeed a pertinent question as to whether any kind of brute force attack could be generated on the random number generation, which could be slighly cheaper than either of these. 128bits is a lot to play with. To me it looks good, but then I'm not a cryptographer, and also there is the kind of "NP problem aspect" to it all in that for reasonably complex code it will not be apparent whether a proof is possible with out looking at the specifics. Still I think some analysis of the random number generation code would be useful work. I'm not expecting to see a flaw, but doesn't mean it shouldn't be entered into with an open mind. I think it does not fall in the same league as the apparent difficulty of having a secure sendmail (you said a compromising couple of bugs seem to get found a couple of times a year), for at least two reasons, one is that with sendmail the code being examined must take input from Charlie who is trying to mess the system up. So a deliberate attempt to foul the works, examining the source, looking for any kind of subtle weakness, or weird combination of inputs (which would almost certainly never occur by accident during normal usage) which could cause it to compromise security. For PGP for the section we are talking about (key generation) the only input comes from *you*, the person who is presumably trying to obtain security, not trying to generate a weak key through some tortuous input string. So things like the stack over flow with carefully crafted machine code for the particular architecture which was exploited with finger in the fave old example of the worm of yore, is not the kind of attack you need to be worried about (IMO). The second aspect in which analysing PGPs ran no generation, is different to sendmail or http type problems is that what PGP is doing with it's random no generation is well defined, contained in few lines of code, and only really relying on a couple of assertions: 1) MD5 is itself not inherently flawed 2) the MD5 implementation is correct 3) key stroke timings are a source of a safely conservatively estimatable amount of entropy 4) the key generation method does not narrow the search space 5) there are no other compromising bugs between key generation of the key and it being written to the keyring 1) Heh, not a lot you can do about that. Is it or isn't it? Time will tell. 2) Seems pretty likely to me there are test strings which come with the RFC implemenation, and it would be unbelievably unlikely that it should produce the complete set of tests and yet somehow still be flawed. Given that there are _no_ branches in the algorithm (ie just various permutations and bit twidlings based on the key info, which get mangled into the digest. 3) Pretty good I think, especially on a PC, which has a higher speed timer. Some entropy is surely generated, and with safe entropy estimation, and cryptographically secure stirring, it sounds pretty good to me. 4) For RSA keys, I don't think so, unless you believe that strong primes will agains become important. For current factoring algorithms strong primes are just as hard to factor as a completely randomly generated prime, except for certain primes which are in any have an infinitesimal chance of occurring. For IDEA keys there is little value added over a striaght ran no, as there are no special properties which an IDEA key must have. 5) I would assert is relatively trivial to demonstrate, a couple of hours with a debugger should demonstrate that. You could do testing more rigourously, test every branch, so that you have checked that the outcome is that the key gets written to the keyfile, with various options, not utterly fool proof of course, but pretty darn good given the simplicity. On the more philosophical side, with the idea that you can never be sure that folks aren't NSA agents with hidden agendas etc, well you can't be sure. But the open source and sheer number of folks reading is the best argument against this. That means that at least some true blue cpunks, "live free or die" types will read it in earnest, and examine very carefully. Another philosophical argument against PGP having any cleverly hidden "back-doors" in the form of purposefully weakened ran-no generators or what have you is that the NSA et all hate PGP with such vehemence. Heh if they don't like it, it must be good :-) And remember, say NO to key escrow :-) (It's no good having an ultra carefully validated PGP if you go to jail for being caught with a copy on your HD, welcome to the Land of the Freeh, and all you know. May happens sooner than expected, then the only folks using crypto will be the "live free or die" folks, plus of course the criminals who figure they have more to hide and would get in more trouble for what they are really up to than for a "possesion of crypto" charge.) Adam PS to any folks who may have sent me mail in the last couple of days, note the temporary change of email addr to: A.Back at ex.ac.uk due to local hw failure, similarly the same m/c was the WWW server, should all return to normal in a couple of days. (Talk about single point of failure, all the X-terms booted off it too). - -- HAVE *YOU* EXPORTED RSA TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ - --rsa--------------------------8<------------------------------- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 Phil Fraering writes: >Why are the arguments on either side so emotional? I'm rather hesitant to jump into this thread, but I think that one reason is that Fred's concerns have been misunderstood a bit. (If I'm wrong, I'm sure he'll correct me.) It seems that there are many people who are ready to leap to the defense of the honor of the programmers behind PGP, when they feel said honor is being impugned. I get the impression (as much from what I know of his background as from what he's said) that Fred is at least as concerned about PGP being a correct implementation of the various algorithms it involves as he is about back doors inserted by nefarious individuals. As I understand it, it is impossible to demonstrate the correctness of any program the size of PGP. And it would also not be possible to validate the compiler or the operating system. One thing I'm not sure of, though, is this: Would it be possible to verify a much smaller program, say, the RSA-in-3-lines-of-Perl? (Of course, you still would be left trying to verify the Perl interpreter, and the OS again.) And is there any way to build trusted system out of small, verifiable pieces? Since the way they're connected could also be questioned, I suspect that when you put enough of them together it's just as bad as the case of a single, monolithic program. But this isn't my area, so I don't know. Would it be possible to formally verify at least some parts of a large program like PGP? And would that add to the trustworthiness of the overall program? (Keeping in mind Fred's earlier remark about a seemingly-unrelated portion of the code overwriting the key.) -- David R. Conrad, ab411 at detroit.freenet.org, http://web.grfn.org/~conrad/ Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 No, his mind is not for rent to any god or government. From nzook at bga.com Wed Aug 2 06:39:52 1995 From: nzook at bga.com (Nathan Zook) Date: Wed, 2 Aug 95 06:39:52 PDT Subject: There's a hole in your crypto... In-Reply-To: <199508021251.IAA08192@detroit.freenet.org> Message-ID: On Wed, 2 Aug 1995, David R. Conrad wrote: > > > Phil Fraering writes: > >Why are the arguments on either side so emotional? > > I'm rather hesitant to jump into this thread, but I think that one > reason is that Fred's concerns have been misunderstood a bit. (If > I'm wrong, I'm sure he'll correct me.) > > It seems that there are many people who are ready to leap to the > defense of the honor of the programmers behind PGP, when they feel > said honor is being impugned. > > I get the impression (as much from what I know of his background as > from what he's said) that Fred is at least as concerned about PGP > being a correct implementation of the various algorithms it involves > as he is about back doors inserted by nefarious individuals. > > As I understand it, it is impossible to demonstrate the correctness of > any program the size of PGP. And it would also not be possible to > validate the compiler or the operating system. One thing I'm not sure > of, though, is this: Would it be possible to verify a much smaller > program, say, the RSA-in-3-lines-of-Perl? (Of course, you still would > be left trying to verify the Perl interpreter, and the OS again.) > > And is there any way to build trusted system out of small, verifiable > pieces? Since the way they're connected could also be questioned, I > suspect that when you put enough of them together it's just as bad as > the case of a single, monolithic program. But this isn't my area, so > I don't know. No. This was essentially proved during the first third of this century. But even if the program itself works, you have to check the OS, the motherboard & the processor. Did I say processor? Yes, I did. Anyone running on an 80586? Nathan > Would it be possible to formally verify at least some parts of a large > program like PGP? And would that add to the trustworthiness of the > overall program? (Keeping in mind Fred's earlier remark about a > seemingly-unrelated portion of the code overwriting the key.) > > -- > David R. Conrad, ab411 at detroit.freenet.org, http://web.grfn.org/~conrad/ > Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page > Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 > No, his mind is not for rent to any god or government. > From jya at pipeline.com Wed Aug 2 06:51:48 1995 From: jya at pipeline.com (John Young) Date: Wed, 2 Aug 95 06:51:48 PDT Subject: HEY_now Message-ID: <199508021351.JAA08303@pipe1.nyc.pipeline.com> 8-02-95. NYPaper: "Pattern Emerges In Bomber's Tract: F.B.I. Says Attacker Stayed Close to a Few Campuses." In what was described as an important advance in the hunt for an elusive serial bomber, the Federal Bureau of Investigation said yesterday that it had traced a years-long pattern of academic involvement that took the self-described anarchist from the Chicago area to Salt Lake City to Berkeley, Calif. By matching his 17-year record of carnage against an analysis of a densely argued 35,000-word tract he sent to The New York Times in June, Government officials say they have concluded that the bomber is a student of the history of science who may have taken classes at or hovered around major university campuses from the late 1970's to the mid- 1980's. FCU_stu "Excerpts From Manuscript Linked to Suspect in 17-Year Series of Bombings." Role of Scientists: The system HAS TO force people to behave in ways that are increasingly remote from the natural pattern of human behavior. For example, the system needs scientists, mathematicians and engineers. It can't function without them. So heavy pressure is put on children to excel in these fields. FCX_txt Twofer: HEY_now From nzook at bga.com Wed Aug 2 06:53:05 1995 From: nzook at bga.com (Nathan Zook) Date: Wed, 2 Aug 95 06:53:05 PDT Subject: NYET--attempted formal specs (again) Message-ID: I hope I'm not becoming Detweileresqe about this, but I've had some requests for these. Since not even I was satisfied with my original notation, I thought I'ld try again... (donning gear) -----BEGIN PGP SIGNED MESSAGE----- Copyright 1995, Nathan Zook. All rights reserved. NYET-- Non-Youths Exhibit Temperance. This is a rising, legitamate concern among parents that their children have all-to-easy access to porn on the internet. Last year, there were numerous proposals for various voluntary self-rating systems. AOL and Prodigy heavily censor their systems in various ways. This year, Senator Exon advanced his own proposal. Of course, this occured just about the time that SurfWatch came out. But none of these proposals can ultimately succeed. Here I restate my NYET proposal from last year for your consideration. The system is of necessity ISP-based. Home-based systems are subject to attacks at home. Since many (most?) children are better with computers than their parents, these attacks can be expected to succeed. Any ISP-based system requires that the ISP determine which customers are not of majority age and who is legally responsible for them. There are technical solutions to this problem which are part of the basis to the proposal. The elements of NYET are as follows: the ISP, monitoring software, the parent/guardian of the minor, and one or more ratings services. A NYET-ISP does not grant access priveleges to minors without prior contact with the (generically) parent of the minor. This contact includes explaining and helping configure the NYET software in accordance with the parent's wishes. The NYET-software runs as superuser on the ISP's machine. All minor accounts have a corresponding configuration file sitting in their account owner's parent's directory, which is locked with read/write by owner only flags. The correspondence between minor and parent accounts sits in a file owned by root and similiarly locked. The parent sets the configuration file to permit and deny access to various parts of the net. Since it is unreasonable for the parent to personally "rate" the net, it is expected that various organizations will form ratings services. The parent could then select various combinations of ratings criteria from these agencies as default. It is expected that the services would charge for their information. It is likely that these charges could be added to the monthly bill that the parent receives from the ISP. And the role of government? Right now--none other than to encourage parental involvement. Any attempt to force this, or almost any other, type of restriction by legislative "I say so" (fiat in Latin) will meet with fatal opposition. Until the legislature understands the net, the combined efforts of the millions who use the net will swamp any efforts to control it. Speaking of government, school internet access is the bane of any attempt by parents to control the access that their kids have to the net. Anyone seeking to limit children's access should look carefully at this experimentation. I post this proposal because I believe it to be one of the few stable attractors in this problem. I believe that Prodigy and SurfWatch amount to first iterations, and that the market will push them towards NYET. When it does so move, and a majority of ISPs provide or nearly provide NYET service, and ONLY then, the government might mandate the NYET standard. As a somewhat earlier measure, the government could offer to hold harmless ISPs that adhere to these standards--but only when the market has already handled the technical hurdles. I feel it necessary to reiterate the importance of the government waiting for a market solution to this problem. By its design, the net appeals to libertarians and anarchists. For many years, it has been accessible almost exclusively by people demographically predisposed to a libertarian or anarchist world view. The net.gods, when angered, can produce no end of michief. And since they designed the system, they won't be stoppable. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMB73X34gWvtXVTwZAQFKsAP9E/NOfKrt7WwcvNdMlWzg8jneyVa19hL+ 9Ot7Ir4SigZJDDQ7hjxS2elJourCZpFWpBXFdKMbTGqTXMtmELZJu5qYidXDmV1i BAWHYI0RW2E6MszGSgAh1MDfUpY7/RO89CjsuP8M3aGVF44FOWpIoTRZnNhXRO9q xnA2tErpz+A= =NpaG -----END PGP SIGNATURE----- From habs at warwick.com Wed Aug 2 07:13:01 1995 From: habs at warwick.com (Harry S. Hawk) Date: Wed, 2 Aug 95 07:13:01 PDT Subject: Consumer Report: RSA T-Shirt Message-ID: <199508021411.KAA05924@cmyk.warwick.com> I got my RSA tee-shirt the other day.. It came promptly and both of the shirts I ordered came. It was oddly shipped in a near see-through pouch. I'm happy over all with the shirt, the quality of the printing, and the construction of the Tee (all cotton, name brand tee).. I have only one complaint. THat is the "machine readable" rsa barcodes. TO my eye the printing job there is rather poor. I doubt it is machine readable (althought I don't have a 128 barcode reader to try it out with).. I'm disappointed as I doubt that the 4 line RSA code is NOT exportable since text books have been allowed previously to be exported. Machine readable materials have been called into question. My thoughts are that if it is not machine readable the shirt is much more a novelity then an munition (which is sorta why I bought it to begin with.. to be fair..).. Of course I hoped to be the first one on my block to own one. But when I went into the drug store the clerk asked me where I got it, noting someone else was just in there wearing one... /hawk -- Harry Hawk Manager of Computer Services Warwick Baker & Fiore 212 941 4438 habs at warwick.com From futplex at pseudonym.com Wed Aug 2 07:43:08 1995 From: futplex at pseudonym.com (Futplex) Date: Wed, 2 Aug 95 07:43:08 PDT Subject: Provably Correct Crypto Message-ID: <9508021442.AA25910@cs.umass.edu> Those interested in this discussion of verification of PGP etc. might also find it worth reading some recent traffic on the firewalls list, regarding the viability of "trusted systems" and formal evaluation methods. Look for messages from Marcus Ranum (ex-TIS), Ray Kaplan, and some others in the past few digests (e.g. #458 and #459, and a few prior ones). You can find them in ftp://ftp.greatcircle.com/pub/firewalls/digest/ with filenames like v04.n458.Z, v04.n459.Z, etc. (Only digests through #457 are there now, but I'm sure the latter ones will appear soon.) Use majordomo at greatcircle.com if you want to subscribe to firewalls or firewalls-digest. -Futplex From rhoz at sna.com Wed Aug 2 07:49:55 1995 From: rhoz at sna.com (Rhonda Halushka by way of carolann@censored.org UnCensored Girls Anonymous) Date: Wed, 2 Aug 95 07:49:55 PDT Subject: Net Censorship bill Message-ID: <199508021449.HAA17139@mailhost.primenet.com> This showed up on The Spiderwoman list. Seems accurate. I endorse it as much as I endorse PGP. I know most of you filter me out, but for those that don't, THEN please read this just for me. For if this tiny amendment fails, I do predict there won't be any discussions of PGP by about 2005. Simply because PGP will be outlawed by then. The wheels of Washington grind slowly. But once started almost never stop. Love Always, Carol Anne ---- Begin Forwarded Message Return-Path: Received: from cdt.org by ix4.ix.netcom.com (8.6.12/SMI-4.1/Netcom) id UAA27278; Tue, 1 Aug 1995 20:05:43 -0700 Received: (from majordom at localhost) by cdt.org (8.6.9/8.6.9) id QAA30972 for policy-posts-outgoing; Tue, 1 Aug 1995 16:37:15 -0400 Received: from [204.157.127.4] (whale.ctd.org [204.157.127.4]) by cdt.org (8.6.9/8.6.9) with SMTP id QAA30921 for ; Tue, 1 Aug 1995 16:34:55 -0400 Message-Id: <199508012034.QAA30921 at cdt.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 1 Aug 1995 17:43:34 -0400 To: policy-posts at cdt.org From: editor at cdt.org Subject: ALERT: House to Vote This Week on Net-Censorship Bills Sender: owner-policy-posts at cdt.org Precedence: bulk HOUSE TO VOTE THIS WEEK ----------------------- The House of Representatives will vote late Thursday or Early Friday (Aug 3 or 4) on whether to add the Cox/Wyden Internet Freedom and Family Empowerment Act as an amendment to the House Telecommunications Reform Bill (HR 1555). The Cox/Wyden amendment is a direct attack on the Exon/Coats Communications Decency Act (CDA). House passage of the Cox/Wyden amendment is the last chance we have to defeat the Exon/Coats CDA. If the House fails to pass Cox/Wyden, the Exon bill will likely become law. We must act now to head off this possibility. Please take a moment to contact your member of Congress and urge them to support the Cox/Wyden legislation (described in the alert below). The attached alert is from a coalition organized by the Voters Telecommunications Watch (VTW) which includes CDT, EFF, EPIC, and other online advocacy organizations. This may be your last chance to make your voice heard on this critical issue, so please call before Friday August 4. ======================================================================== CAMPAIGN TO STOP THE EXON/COATS COMMUNICATIONS DECENCY ACT (SEE THE LIST OF CAMPAIGN COALITION MEMBERS AT THE END) Update: -Latest News: House vows to vote on Telecomm bill (which includes the CDA) this week before recess! -What You Can Do Now *** THIS IS YOUR LAST CHANCE TO MAKE A DIFFERENCE. *** *** THE HOUSE WILL VOTE ON THE COMMUNICATIONS DECENCY *** *** ACT THIS WEEK. IF WE LOSE, IT WILL BECOME LAW. *** CAMPAIGN TO STOP THE UNCONSTITUTIONAL COMMUNICATIONS DECENCY ACT July 30, 1995 PLEASE WIDELY REDISTRIBUTE THIS DOCUMENT WITH THIS BANNER INTACT REDISTRIBUTE ONLY UNTIL August 14, 1995 REPRODUCE THIS ALERT ONLY IN RELEVANT FORUMS Distributed by the Voters Telecommunications Watch (vtw at vtw.org) ________________________________________________________________________ CONTENTS The Latest News What You Can Do Now What is Cox/Wyden? (HR1978) Chronology of the CDA For More Information List Of Participating Organizations List of the House of Representatives ________________________________________________________________________ THE LATEST NEWS This week the House of Representatives will choose between ANTI-FREE-MARKET PRO-CENSORSHIP LEGISLATION (the Exon/Coats Communications Decency Act) and ANTI-CENSORSHIP PRO-PARENTAL-CONTROL LEGISLATION (the Cox/Wyden Internet Freedom and Family Empowerment Act - HR1978). THIS IS YOUR LAST CHANCE AS A CITIZEN TO MAKE A DIFFERENCE. IF WE LOSE THIS VOTE, THE COMMUNICATIONS DECENCY ACT, ALREADY PASSED BY THE SENATE, WILL BECOME US LAW. The vision of a cyberspace ONLY FIT FOR CHILDREN will become reality. The Communications Decency Act will be offered by supporters of conservative pro-censorship groups THIS WEEK. They will try and amend HR1555 to include the Communications Decency Act and remove any other net-friendly language such as the Leahy/Klink study. ________________________________________________________________________ WHAT YOU CAN DO NOW 1. THERE'S NO TIME FOR EMAIL OR SNAIL MAIL. CALL OR FAX YOUR REPRESENTATIVE NOW. 2. Find your rep (instructions below) and urge them to oppose the Communications Decency Act and support parental control legislation (the Cox/Wyden "Internet Freedom and Family Empowerment Act" HR1978) Figure out who your Rep is; feel free to use the following sample. ** See Instructions Below On How To Obtain Your Rep's Phone and Fax Number ** SAMPLE PHONE CALL (Y=You, S=Rep's Staffer) S:Rep. Snark's office, may I help you? Y:Hi, As your constituent I'd like to urge Rep Snark to oppose Internet censorship legislation such as the Exon/Coats Communications Decency Act and support parental control bills such as the Cox/Wyden Internet Freedom and Family Empowerment Act - HR1978. S:Anything else? Y:Yes, where does Rep. Snark stand on this issue? S:Rep. Snark supports HR1978. Y:Thank you! Take the response you get and mail it to vtw at vtw.org. We'll be totalling up the responses and counting votes. Send it to us with the subject line of "house call". $ Mail vtw at vtw.org Subject: house call I live in Ohio and I called Rep Snark. Snark's staffer said he favors HR1978 too! . Mail sent... $ SAMPLE FAX Dear Representative Snark, As your constituent I'd like to urge Rep Snark to oppose Internet censorship legislation such as the Exon/Coats Communications Decency Act and support parental control bills such as the Cox/Wyden Internet Freedom and Family Empowerment Act - HR1978. Sincerely, 3. Ask your Internet Service Provider or Sysop to put the following message into their "message of the day". We also encourage you to forward the following short announcement to relevant mailing lists where a copy of this alert would be too long for the list. 8/1/95: The Communications Decency Act (CDA) will be voted on by the House of Representatives this week. IT IS CRUCIAL THAT YOU CALL YOUR REPRESENTATIVE NOW. To get a copy of the alert, send mail to vtw at vtw.org with "send alert" in the subject line, gopher -p 1/vtw/exon/alert gopher.panix.com, or URL:gopher://gopher.panix.com:70/00/vtw/exon/alert 4. Forward a copy of this alert to your friends until the "freshness date" above. THIS IS CRUCIAL. WE NEED TO GENERATE CALLS OF SUPPORT OR THE COMMUNICATIONS DECENCY ACT WILL BECOME LAW. 5. Congratulate yourself! You've done your part to save cyberspace. ________________________________________________________________________ HOW TO FIND YOUR REPRESENTATIVE'S PHONE AND FAX NUMBER: 1. If you don't remember your representative's phone number, send email to reps at cdt.org You will automatically receive a list of all 435 members of the House of Representatives with phone and fax numbers. 2. OR, call the Capitol Switchboard (+1.202.225.3121) and ask to be connected to your Rep's office. If you don't remember who your Rep. is, the operator can tell you when provided with your zipcode. ________________________________________________________________________ WHAT IS COX/WYDEN? Cox/Wyden (HR1978) is legislation intended to prevent the Federal Communications Commission (FCC) from imposing content regulations on cyberspace and encourage private sector development and deployment of parental control technologies. Throughout HR1978's history, civil liberties advocates from ACLU, CDT, EPIC & PFAW have examined the bill and recommended modifications to ensure that the bill does not negatively impact your privacy or civil liberties. Although several questions still remain, Representatives Cox and Wyden are committed to addressing these concerns. As the legislation moves to the House/Senate conference committee, civil liberties advocates will continue to submit changes to the Representatives' staffers throughout the conference process where the House bill and the Senate-approved Communications Decency Act are reconciled. ________________________________________________________________________ CHRONOLOGY OF THE COMMUNICATIONS DECENCY ACT House vote to occur before Friday August 4, 1995. Jun 30, '95 Cox and Wyden introduce the "Internet Freedom and Family Empowerment Act" (HR 1978) as an alternative to the CDA. Jun 21, '95 Several prominent House members publicly announce their opposition to the CDA, including Rep. Newt Gingrich (R-GA), Rep. Chris Cox (R-CA), and Rep. Ron Wyden (D-OR). Jun 14, '95 The Senate passes the CDA as attached to the Telecomm reform bill (S 652) by a vote of 84-16. The Leahy bill (S 714) is not passed. May 24, '95 The House Telecomm Reform bill (HR 1555) leaves committee in the House with the Leahy alternative attached to it, thanks to Rep. Ron Klink of (D-PA). The Communications Decency Act is not attached to it. Apr 7, '95 Sen. Leahy (D-VT) introduces S.714, an alternative to the Exon/Gorton bill, which commissions the Dept. of Justice to study the problem to see if additional legislation (such as the CDA) is necessary. Mar 23, '95 S314 amended and attached to the telecommunications reform bill by Sen. Gorton (R-WA). Language provides some provider protection, but continues to infringe upon email privacy and free speech. Feb 21, '95 HR1004 referred to the House Commerce and Judiciary committees Feb 21, '95 HR1004 introduced by Rep. Johnson (D-SD) Feb 1, '95 S314 referred to the Senate Commerce committee Feb 1, '95 S314 introduced by Sen. Exon (D-NE) and Gorton (R-WA). ________________________________________________________________________ FOR MORE INFORMATION Web Sites URL:http://www.panix.com/vtw/exon/ URL:http://epic.org/ URL:http://www.eff.org/pub/Alerts/ URL:http://www.cdt.org/cda.html URL:http://outpost.callnet.com/outpost.html FTP Archives URL:ftp://ftp.cdt.org/pub/cdt/policy/freespeech/00-INDEX.FREESPEECH URL:ftp://ftp.eff.org/pub/Alerts/ Gopher Archives: URL:gopher://gopher.panix.com/11/vtw/exon URL:gopher://gopher.eff.org/11/Alerts Email: vtw at vtw.org (put "send alert" in the subject line for the latest alert, or "send cdafaq" for the CDA FAQ) cda-info at cdt.org (General CDA information) cda-stat at cdt.org (Current status of the CDA) ________________________________________________________________________ LIST OF PARTICIPATING ORGANIZATIONS In order to use the net more effectively, several organizations have joined forces on a single Congressional net campaign to stop the Communications Decency Act. American Communication Association * American Council for the Arts * Arts & Technology Society * Association of Alternative Newsweeklies * biancaTroll productions * Californians Against Censorship Together * Center For Democracy And Technology * Centre for Democratic Communications * Center for Public Representation * Citizen's Voice - New Zealand * Cloud 9 Internet *Computer Communicators Association * Computel Network Services * Computer Professionals for Social Responsibility * Cross Connection * Cyber-Rights Campaign * CyberQueer Lounge * Dutch Digital Citizens' Movement * ECHO Communications Group, Inc. * Electronic Frontier Canada * Electronic Frontier Foundation * Electronic Frontier Foundation - Austin * Electronic Frontiers Australia * Electronic Frontiers Houston * Electronic Frontiers New Hampshire * Electronic Privacy Information Center * Feminists For Free Expression * First Amendment Teach-In * Florida Coalition Against Censorship * FranceCom, Inc. Web Advertising Services * Friendly Anti-Censorship Taskforce for Students * Hands Off! The Net * Human Rights Watch * Inland Book Company * Inner Circle Technologies, Inc. * Inst. for Global Communications * Internet On-Ramp, Inc. * Internet Users Consortium * Joint Artists' and Music Promotions Political Action Committee * The Libertarian Party * Marijuana Policy Project * Metropolitan Data Networks Ltd. * MindVox * MN Grassroots Party * National Bicycle Greenway * National Campaign for Freedom of Expression * National Coalition Against Censorship * National Gay and Lesbian Task Force * National Public Telecomputing Network * National Writers Union * Oregon Coast RISC * Panix Public Access Internet * People for the American Way * Republican Liberty Caucus * Rock Out Censorship * Society for Electronic Access * The Thing International BBS Network * The WELL * Voters Telecommunications Watch (Note: All 'Electronic Frontier' organizations are independent entities, not EFF chapters or divisions.) ________________________________________________________________________ End Alert ======================================================================= From futplex at pseudonym.com Wed Aug 2 08:31:14 1995 From: futplex at pseudonym.com (Futplex) Date: Wed, 2 Aug 95 08:31:14 PDT Subject: anonymity review in law journal In-Reply-To: <199508020334.UAA09787@netcom15.netcom.com> Message-ID: <9508021530.AA28462@cs.umass.edu> Vladimir Z. Nuri writes: > Hi everyone, someone tipped me off to a law review article by > Anne Branscomb entitled Anonymity, Autonomy, and Accountability: > Challenges to the First Amendment in Cyberspaces 104 Yale L F 1639. I expect this is the Anne Wells Branscomb who reviewed the Rimm job for the Georgetown Law Journal. According to http://catalog.com/columbia/homepage/ftr/995.html, she `called the study's methodology "academically rigorous."' She is a professor at the GWU law school. Alas, neither the GWU law school nor the Yale law school seems to have any measurable presence on the WWW. A Lycos search turned up a footnote pointing to an article she wrote for Scientific American: Branscomb, A. W.: Common law for the electronic frontier. In Scientific American, September 1991, pp. 154-158. A paper by Norderhaug and Oberding on "Designing a Web of Intellectual Property" at http://www.ifi.uio.no/~terjen/pub/webip/950220.html that cites the SciAm piece mentions that: Branscomb [bra91] reminds us that the rigors of the market economy are such that it is not a viable economic policy to give away the results of intellectual labor without a fair and equitable compensation. Thus I would be rather surprised if the anonymity/autonomy/accountability paper turned out to be notably sympathetic to anonymity. That would make it all the more interesting to see.... -Futplex From perry at panix.com Wed Aug 2 08:39:00 1995 From: perry at panix.com (Perry E. Metzger) Date: Wed, 2 Aug 95 08:39:00 PDT Subject: Provably Correct Crypto? In-Reply-To: <199508020255.OAA10557@bats.comp.vuw.ac.nz> Message-ID: <199508021538.LAA08653@panix4.panix.com> Matthew James Sheppard writes: > I stipulated I didn't want any such garbage, I specifically said > english summaries are not acceptable and you bombard me with them. > Yet you wont accept others opinion of PGP's security, which verbal or > other wise, can only be an abstract summary. Not long ago "Dr." Cohen was in a flame war with me (on bugtraq) in which he claimed exactly the opposite of everything he's claiming here -- that for enough money it was practical to actually prove the security of an arbitrarily complex piece of code. Here, of course, he claims the exact opposite. Perry From enzo at ima.com Wed Aug 2 09:30:29 1995 From: enzo at ima.com (Enzo Michelangeli) Date: Wed, 2 Aug 95 09:30:29 PDT Subject: Are there free implementations of DSS available? Message-ID: Thanks for any pointer. From trei Wed Aug 2 10:42:06 1995 From: trei (Peter Trei) Date: Wed, 2 Aug 95 10:42:06 PDT Subject: Pat Robertson Fears E-cash? Message-ID: <9508021741.AA05602@toad.com> The relevant verses are in Revelations 13, where some of the actions by which The Beast can be recognized are given. Among them are: 16 And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: 17 And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name. Millenialist Christians tend to regard this as a method by which the faithful will be shut out of the economy, since the pious will refuse such a 'mark'. E-cash is a bit of a reach from this, but some of them (eg, Robertson), extend the verses to cover all forms of trackable transactions. I suspect that if someone could get him to realize the privacy aspects of true anonymous ecash, he'd like it. Just don't propose an implantable cryptographic token :-). Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From jya at pipeline.com Wed Aug 2 11:01:32 1995 From: jya at pipeline.com (John Young) Date: Wed, 2 Aug 95 11:01:32 PDT Subject: Mierda Message-ID: <199508021801.OAA03135@pipe2.nyc.pipeline.com> The New Yorker of July 31 writes on the indictment of six lawyers in Miami on drug-conspiracy charges: [Ex-Fed] Abbell continued to do legal work for the Rodriguez brothers, and in January, 1991, he hired an obscure Miami lawyer, Francisco Laguna, as a full-time associate. Laguna, who is in his thirties and was born in Colombia and speaks fluent Spanish, appears, from the indictment, to have been the most deeply immersed of all the lawyers in the day-to-day affairs of the Cali cartel. He maintained frequent contact with Miguel Rodriguez by public telephone. Unfortunately for Laguna, federal agents had obtained the code numbers of the debit cards he used to make his calls, and were able to intercept many of the conversations. From tbyfield at panix.com Wed Aug 2 11:25:12 1995 From: tbyfield at panix.com (Ted Byfield) Date: Wed, 2 Aug 95 11:25:12 PDT Subject: Pat Robertson Fears E-cash? Message-ID: At 12:41 AM 8.2.95, Timothy C. May wrote: >There is the "digital cash society" we fear as an Orwellian surveillance >society, with all transactions recorded. This is perhaps the future >Robertson fears. > >There is the "digital cash society" based on Chaumian schemes and >untraceability, similar to a "hard cash" society without proofs of identity >at every stage, and I suspect Robertson would find much to like about this. > >(There are also the implications which Robertson might recoil at, too. :-}) > >So, hearing that "Pat Robertson is warning against a digital cash society" >is not too worrisome to me. I suspect he means the stuff about Big Brother >tracking us and the Number of the Beast, and so on. > >Don't forget he came out strongly against Clipper, early on. And at 1:44 PM 8.2.95, Peter Trei wrote: >The relevant verses are in Revelations 13, where some of the actions >by which The Beast can be recognized are given. Among them are: > >16 And he causeth all, both small and great, rich and poor, free and > bond, to receive a mark in their right hand, or in their foreheads: >17 And that no man might buy or sell, save he that had the mark, or > the name of the beast, or the number of his name. > >Millenialist Christians tend to regard this as a method by which >the faithful will be shut out of the economy, since the pious will >refuse such a 'mark'. > >E-cash is a bit of a reach from this, but some of them (eg, >Robertson), extend the verses to cover all forms of trackable >transactions. I suspect that if someone could get him to realize the >privacy aspects of true anonymous ecash, he'd like it. This antinumerical tradition is, relevant biblical passages aside (see also Daniel, Ezekiel, as well as assorted HB and NT Apocrypha) a Protestant Anglo tradition that stretches back almost a thousand years to the census that came to be know as the Domesday Book. Pop opposition to censuses and the like are, AFAIK (and I know pretty far on this subject), all but unheard of among e.g. predominantly Catholic cultures (how many govts has the Italian peninsula seen?). Robertson isn't approaching this question _primarily_ from a policy or humanist-liberal standpoint--he's approaching from a religious standpoint: his duty as a preacher is to warn fellow Christians against falling prey to Satan's machinations. And since the assignation of numbers to people is, he feels, such a machination and a sign of the endtimes, "fear" perhaps isn't the best word to describe his take on the future (which in his view is a very bounded entity): while filled with tribulations in which many of the devout will fail, the events of this era prefigure Jesus's imminent return. This isn't to say that, in the absence of Jesus's return (an absence of which I'm quite confident), Robertson's recommendations don't have a policy potential or political ramifications--on the contrary, they very likely will. Given the fact that there's a longish prehistory to Christian interpretations of SS #s, UPC symbols, etc. as the Mark of the Beast, it seems more likely that fundamentalists will tend to view _stable_ numbers assigned by impersonal institutions as the MotB, rather than, say, interpreting public keys--which people themselves can generate and revoke at will--as the mark. It's fine with me if Robertson mobilizes Christian soldiers against the governmental fracturing of privacy (note the irony in his acceptance of "privacy" as a legit philosophical-legal doctrine in this context, BTW)--it's just a shame that he has to mix these issues up with idiotic references to Chaum's religion of birth, as though that was significant on a par with Chaum's work. Needless to say, though, I'm a secular humanist. Ted From s5cromw at watson.ibm.com Wed Aug 2 11:26:05 1995 From: s5cromw at watson.ibm.com (Ray Cromwell) Date: Wed, 2 Aug 95 11:26:05 PDT Subject: Object Oriented Crypto API Message-ID: <9508021824.AA16891@play.watson.ibm.com> C'punks, It seems to me that one of the reasons why crypto isn't being incorporated into lots of applications is because there is no good general purpose plug-n-play crypto-library. I mean something that is so easy to use that a Visual Basic programmer would understand it. I've had personal experience with RSA's BSAFE library and I have to admit, it has a better software architecture than any of the cypherpunk attempts. It's highly portable and highly object oriented. Algorithms can be dropped in and out easily. But it suffers from not being user extensible, not having a variety of algorithms, and faking object-orientation in C. I think we can do better. (and we're not as legally restricted as they are) We also need an architecture that will facilitate collective work so that we do not duplicate efforts. I recently checked out Crypto++ by Wei Dai. It's a real tour de force of algorithms, and probably violates more patents in a single piece of software than any in history. ;-) But it has some small design quirks, and with a little bit of modification on the user interface side (leveraging the code already written), I think it can be improved by leaps and bounds. (IMHO) Prelude ------- C++ will be our language of choice. A C-to-C++ API will be discussed later. Note: in some parts, only pseudo-C++ is used, so don't expect this to pass a C++ grammar. The Design Goal --------------- The goal is to define an architecture permitting a simple API which can perform all of the standard cryptographic operations (Encryption, Signing, Key Management, etc) without strict dependency on any algorithm, file format, or I/O mechanism. An application writer should be able to incorporate cryptography into his application without worrying about fileformats, key management, cryptographic algorithms, or distribution. He should be able to seemlessly operate on PEM messages, pgp files, etc without even knowing what the files are. (I've looked at GSSAPI, it addresses different issues) Here's a first-pass API: Encrypt(EncryptionAlgorithm, EncryptionKey, PlainText, CipherText) Decrypt(DecryptionAlgorithm, DecryptionKey, CipherText, PlainText) Sign(SignatureAlgorithm, PrivateKey, PlainText, Signature) Verify(VerifierAlgorithm, PublicKey, PlainText, Signature) GetKey(KeyDomain, KeyId, Key) PutKey(KeyDomain, KeyId, Key) GenerateKey(EncryptionAlgorithm, RandomNumberGenerator, Key) That's it, just 7 functions to perform almost all cryptographic algorithms in the universe. P-Key and Symmetric systems aren't even treated differently. A few more could be added to the API, but that's the gist. Now let's look at how we will accomplish this abstraction. Polymorphism is your friend --------------------------- While Crypto++ does have an object hierarchy, polymorphism is rarely used. For instance, the Sign function signs raw data, not "Digests" It does sign a Digest if you give it raw data that is a Digest, but the point is, the function doesn't know. The idea of Signing should be abstracted above and away from low-level representations and the underlying cryptosystem itself. (this philosophy of abstraction is drawn strongly from STL - the standard template library which is a C++ working draft. It's a great library design) Let's look at a single example: The Encrypt function. All encryption algorithms have a property in common, whether it is a public key system, a symmetric block cipher, or a stream cipher: the encryption key. Therefore, they can all be treated as-a member of a class of EncryptionAlgorithm objects which implement a function called encrypt(), which takes some plaintext, an encryption key, and outputs some ciphertext. Nothing magical here, simple object-orientation. A hypothetical abstract base EncryptionAlgorithm class might look like: class EncryptionAlgorithm { public: virtual encrypt(EncryptionKey& key, PlainText& p, CipherText& c) = 0; virtual EncryptionKey generate_key(RandomNumberGenerator& rng) = 0; }; And a possible concrete class: class DESEncryptAlgorithm : public EncryptionAlgorithm { typedef DESEncryptionKey keytype; public: encrypt(DESEncryptionKey& key, PlainText& p, CipherText& c); keytype generate_key(RandomNumberGenerator& rng); }; So to encrypt something with DES, you'd instantiate a DESEncryptionAlgorithm, say labeled des, generate a key by asking the class to generate one, and then call Encrypt(des, deskey, plaintext, ciphertext); But that 'des' could have just as well been a RSAEncryptionAlgorithm class, in which case, the plaintext would have been encrypted with an rsa public key (independent of whether DES or IDEA is being used as the underlying BlockCipher) Our design methodology throughout this article will be to look for common behavior between algorithms and where it is found, define an abstract base class around that behavior. Any specialization will be handled by subclassing. The case for Decrypt() looks almost identical, in fact, we could overload Encrypt(), and call them both Crypt() and have assymetrical ciphers work like symmetric ciphers. (the compiler would detect a DecryptionAlgorithm instead of EncryptionAlgorithm and do the neccessary magic) I feel this is a bad design decision because it is confusing and removes some type safety. The processes of encryption and decryption are semantically different, therefore they deserve separate interfaces. Now that you've see an example, let's proceed with the design. SignatureAlgorithm ------------------ Signature systems typically sign "Message Digests", so intuition should lead us to assume that we must have a "MessageDigest" object which a SignatureAlgorithm may sign. "Message Digests" are generally produced by one-way secure hash algorithms, so we also need a SecureHashAlgorithm object that computes a MessageDigest given a PlainText. A MessageDigest should be convertable to a BitString for signing. Finally, a signature should be abstracted into a Signature class which has an equality condition. With those thoughts, here's a proposed class. class SignatureAlgorithm { private: SecureHashAlgorithm& hashref; public: SignatureAlgorithm(SecureHashAlgorithm& h); virtual Signature sign(PublicKey, PlainText, CipherText) = 0; }; class Signature { public: virtual operator==(Signature& s) = 0; // functions to cast to/from bitstring }; Concrete example: class RSASignature : public Signature { }; class RSASignatureAlgorithm: public SignatureAlgorithm, private RSADecryptionAlgorithm (privately inherited because the relationship is "implemented-in-terms-of") { typedef RSADecryptionAlgorithm::keytype keytype; typedef RSASignature sigtype; RSASignatureAlgorithm(SecureHashAlgorithm& h) : SignatureAlgorithm(h) { } sigtype sign(keytype& privatekey, Plaintext& p, CipherText& c) { decrypt(privatekey, hashref.digest(p), c); return sigtype(c); /* signature constructed from signed message digest bitstring */ } }; Notice how the message digest (hash) algorithm is a polymorphic type. When the object is constructed, it can be told to use any hash algorithm independent of hash size, etc. Verification works similarly. A concrete example class RSAVerifierAlgorithm: public SignatureAlgorithm, private RSAEncryptionAlgorithm { verify(keytype& publickey, Plaintext& p, Signature& s) { CipherText c; encrypt(publickey, p, c); return sigtype(c) == s; } } Key Retrieval ------------- I will assume for sake of simplicity that all keys have a KeyId associated with them, perhaps just the name of the person who owns the key. A KeyID is much like an ISBN number for a book. Whether you're in the Library of Congress, B Dalton Bookstore, or searching an electronic catalog, you can still find the book. What's common about the different mediums where the book is located is that 1) it's still a book, and 2) it has an ISBN. So, our model will be to generalize the places keys are found into things called KeyDomain, and to generalize the ID of a key into something called a KeyID. The function of a KeyDomain is to be able to retrieve/store a Key based on a KeyID. A KeyDomain might be just a KeyRing on your filesystem, or it may be a KeyServer. The key idea ( ;-) ) here is that it doesn't matter. Problems however start to arise when a single KeyDomain can store keys for multiple algorithm types. For instance, a KeyServer storing keys for both DSA and RSA. I don't know if this is a bad idea or not, but since people will probably want to do it, it's probably a good idea to support it. One possibility is to have the KeyDomain return a generic Key pointer, and use RTTI (run time type identification) to cast the pointer to the appropriate type. I think this is a bad paradigm which will lead to lots of programming errors and most C++ compilers don't support RTTI yet. Therefore, my idea is to have a KeyDomain for each cryptosystem which returns only keys of the type that cryptosystem uses. The KeyDomain itself may be a KeyServer that connects to some internet based server which stores lots of different key types, but the idea is that the KeyServer filters out key requests which do not conform to the type required. If you ask an RSAKeyServer for a KeyID that corresponds to a DSA key, it will fail to find it even though the physical server may actually store it. The same comments go for a KeyRing which stores multiple types. A typical object hierarchy may look like this: KeyDomain (Returns Key) / \ RSAKeyDomain DSAKeyDomain (Returns RSAKey) (Returns DSAKey) / \ / \ RSAKeyRing RSAKeyServer DSAKeyRing DSAKeyServer (The *KeyRing and *KeyServer above also multiply inherit from KeyRing and KeyServer represpectively. This is to encapsulate network and file i/o abstractions) My first shot at the base class is class KeyDomain { typedef Key keytype; virtual keytype fetch(KeyId) = 0; virtual keytype put(KeyId) = 0; }; class RSAKeyDomain { typedef RSAKey keytype; virtual keytype fetch(KeyId) = 0; virtual keytype put(KeyId) = 0; }; KeyRing and KeyServer are important because they will encapsulate the i/o functions neccessary and store information (like the hostname and port of a keyserver), but I can not define them right now without more research into existing formats and protocols. Just picture in your head, the KeyRing and KeyServer objects containing a nebulous cloud which does the appropriate magic. class KeyRing { magic_io_function(magic_arg); // implements file system fetches } class RSAKeyRing : public RSAKeyDomain, public KeyRing { // example fetch keytype fetch(KeyId) { return magic_io_function(magic_manipulate(KeyId)); } }; Key Generation -------------- Key generation is dependent on two things. The cryptographic algorithm being used and the random number generator used. The problem with the examples given earlier is that the generation of encryption and decryption keys can normally not be done separately. An encryption and decryption key are intimately related by virtue of the fact that they are semantic inverses. Therefore, what really should be generated is not individual keys, but key pairs. Furthermore, since the encryptor usually generates the keys, I'm placing the KeyPair generating function on the EncryptionAlgorithm. An alternative architecture is to define another object hierarchy called "KeyGenerator" and subclass "RSAKeyGenerator", "DESKeyGenerator", etc. In the case of symmetric algorithms, such as a DESKeyPair, the object would only store the secret key, but the "get" functions on the object would return the same key whether you are asking for the encryption key or the decryption key. Imagine the following BlumBlumShubGenerator bbsg(KeyStrokeBitSource()); DESAlgorithm des; DESKeyPair dpair = des.generate_key(bbsg); des.encrypt(dpair.encryptionkey(), plaintext, ciphertext); DESKeyPair might look like this class DESKeyPair : public KeyPair { private: private_storage_type x; public: // both functions return the same key 'x' DESEncryptionKey encryptionkey() { return DESEncryptionKey(x); } DESDecryptionKey decryptionkey() { return DEDDecryptionKey(x); } } Division of Labor ----------------- By defining a standard set of abstract interfaces, reuseable software components are possible. This means that cypherpunks can write code at the micro-level, optimize it, implement the newest algorithms, and distribute the result, which can then automagically be included in software applications by simply relinking. (and with a Java implementation, it really is automagic ;-)) Also, since only those objects which are used are linked in, executable size can be kept small. By using abstract base classes, and isolating implementation from interface, recompiles can be kept to a minimum. Low Level Hierarchy ------------------- Since public key algorithms often need BlockCiphers to accomplish encryption, several further abstractions are needed. BlockCipherEncrypt (child of EncryptionAlgorithm) encrypt(key, plaintext, ciphertext) generate_key(randomnumbergenerator) BlockCipherDecrypt (child of DecryptionAlgorithm) decrypt(key, plaintext, ciphertext) These are generic classes that specify an interface for symmetric block ciphers. example (refined from earlier): class DESEncryptionAlgorithm: public BlockCipherEncrypt { typedef DESKey keytype; encrypt(key, plaintext, ciphertext); keytype generate_key(RandomNumberGenerator); } A public key algorithm is a special case of an algorithm, so class PublicKeyEncryptionAlgorithm : public EncryptionAlgorithm { private: BlockCipherEncrypt& bc_enc; public: PublicKeyEncryptionAlgorithm(BlockCipher& bc); encrypt(PublicKey, PlainText, CipherText); raw_encrypt(PublicKey, PlainText, Ciphertext); // used for signing // digests } All public key algorithms are constructed with a BlockCipher so that the encrypt function knows which cipher to use (unless of course you are only using raw_encrypt(). Using normal encrypt() without initializing with a BlockCipher should throw an exception). The PublicKeyDecryptionAlgorithm class is defined similarly with BlockCipherDecrypt; Given these classes, here's what how an RSA concrete class might look. class RSAimplement; // implements low-level rsa operation // after all, encryption and decryption are just // modular exponentiation. Let's call this // rsa_op(factor, exponent, modulus) class RSAEncryptionAlgorithm : public PublicKeyEncryptionAlgorithm, private RSAimplement { RSAEncryptionAlgorithm(BlockCipherEncrypt& foo) : bc_enc(foo) {} encrypt(RSAPublicKey& r, PlainText& p, CipherText& c) { BlumBlumShubGenerator bbs(KeyBoardRandomBitSource()); BlockCipherKey session_key=bc_enc.generate_key(bbs); bc_enc.encrypt(session_key, p, c); rsa_op(session_key, r.exponent(), r.modulus()); } } Typical usage pattern might be as follows: DESAlgorithm des; RSAAlgorithm rsa(des); KeyID kid("deepthroat"); RSAKeyServer rsaks("blacknet.net", PORT_BLACK); PlainText p; // pictures of Senator Exon being spanked by his Mistress CipherText c; RSAKey pkey; RFC822Encoding email; pkey=rsaks.fetch(kid) Encrypt(rsa, pkey, p, c); email.encode(c); cout << email; Auxillary class hierarchies --------------------------- Many of the above classes depend on polymorphic lower-level classes to implement hash algorithms, key generation, random number generation, number theory, primality testing, output encoding, and so on. The following are just a few example hierarchies. (class interfaces will be defined later) These classes form the hash of a Plaintext and return MessageDigest SecureHashAlgorithm--------------------------------------------------- | | | | MD5Algorithm NISTSecureHash Haval Snefru These classes return a random bitstring of a specified number of bits RandomNumberGenerator------------------------------------------------- | | | | BlumBlumShubGenerator HashGenerator UnixRand RadioactiveHardWare These classes test an Integer for the specified typed of primality and optionally suggest an increment value (to find the next such prime) ProbablePrimeTest----------------------------------------------------- | | | | FermatTest MillerRabin StrongPrime BlumPrime (e.g. a RandomPrime routine might take a RandomNumberGenerator and a ProbablePrimeTest as arguments. It uses the RNG to get a starting point, sieves a number, and if it passes the test, lets the PPT object test it for the right qualities. ) Comments -------- Some of you may be asking "what's the point? Some libraries like Crypto++ can already compute all these things." The point of this exercise is to devise an object hierarchy, interface, and dependency between these algorithms so that they can interoperate without the user having to know how they interoperate (or perform conversions himself between the different formats each algorithm expects) Algorithms share common data formats and interfaces. One crucial design feature of this hierarchy is that the graphs contain no cycles. This alleviates the need to worry about virtual base classes in multiple inheritance or object overlap. Criticism --------- * overuse of subclassing might be slow answer: the performance impact of a virtual function call is minimal in comparison to performing a modular exponention * encapsulating raw data like digests into objects like MessageDigest when they are just going to be converted back to a raw bitstring is a waste of time and cpu answer: the cost is of setting a pointer to a databuffer and returning that pointer thru a class interface which can be inlined. the gain in abstraction which allows several different representations of digests, plus the type safety is worth the trade off. In the worst case, typedef MessageDigest to your favorite type. * C is more popular, we need a C library, not a C++ one answer: define a C interface library which hides the C++ and controls objects via takes. e.g. enum algorithms { RSA_ALGORITHM, DES_ALGORITHM, ... } encrypt(RSA_ALGORITHM, ....); the encrypt function would perform a case statement on these tags and allocate the appropriate C++ objects. We still gain abstraction and component behavior. * I think your class hierarchy sucks answer: then make some suggestions on how to improve it * object oriented programming is a fad, it doesn't gain you anything answer: it all depends on the design. Almost all new langages now a days are OO, and C++ is one of the fastest growing languages in the market. OO has proven advantages. * this is too much work answer: the bulk of the work is already done. Crypto++ has the actual implementation of most of these functions. All we need to do write the definitions of these classes with appropriate forwarding functions. * The NSA doesn't like "crypto hooks", this object oriented component system allows any algorithm to be "dropped in" answer: NSA who? Sorry, I don't recall. Encoding -------- I purposely left this part out. It's the most complex piece of the design but it is doable. The basic idea is to make all the objects "persistent" in that they have a type id, and know how to translate themselves into an internal stream based data format. Encoding objects would construct streams out of keys, and algorithm outputs, and ciphertexts, and Integers, etc. Later, StreamModules would take these streams and translate them into the appropriate real world format (like PGP's CTB cyphertext block stuff) Likewise, those same modules would constuct a protocol stream from the real world format, and Decoding objects would turn those into objects. Finally, a picture ------------------ EncryptionAlgorithm---- | | PKeyEncAlgorithm BlockCipherEncAlgorithm | | | | RSAEncAlg ElGamalEncAlg DESEncAlg IDEAEncAlg | | | | | | | | | | | | RSAAlgorithm ElGamalAlg DESAlgorithm IDEAAlgorithm | | | | | | | | | | | | RSADecAlg ElGamalDecAlg DESDecAlg IDEAEncAlg | | | | PKeyDecAlgorithm BlockCipherDecAlgorithm | | DecryptionAlgorithm---- -Ray Cromwell From pjm at ionia.engr.sgi.com Wed Aug 2 11:53:49 1995 From: pjm at ionia.engr.sgi.com (Patrick May) Date: Wed, 2 Aug 95 11:53:49 PDT Subject: NYET--attempted formal specs (again) In-Reply-To: Message-ID: <199508021853.LAA10598@ionia.engr.sgi.com> -----BEGIN PGP SIGNED MESSAGE----- Nathan Zook writes: [ . . . ] > NYET-- Non-Youths Exhibit Temperance. > > This is a rising, legitamate concern among parents that their children > have all-to-easy access to porn on the internet. Last year, there [ . . . ] > > But none of these proposals can ultimately succeed. Here I restate my > NYET proposal from last year for your consideration. The system is of > necessity ISP-based. Home-based systems are subject to attacks at > home. Since many (most?) children are better with computers than > their parents, these attacks can be expected to succeed. [ . . . ] > > The NYET-software runs as superuser on the ISP's machine. All minor > accounts have a corresponding configuration file sitting in their > account owner's parent's directory, which is locked with read/write by > owner only flags. The correspondence between minor and parent > accounts sits in a file owned by root and similiarly locked. > > The parent sets the configuration file to permit and deny access to > various parts of the net. Since it is unreasonable for the parent to [ . . . ] Your solution fails against your specified threat. Children who are more software-proficient than their parents will, in many cases, be able to access their parents' accounts and modify the configuration file (or simply use the account to access the blocked areas). Ultimately, all such systems are "home-based" if any accounts used by members of the household have or can be granted access to the naughty bits (tip o' the hat to M. Python). While your proposal is obviously marketable, given the success of Prodigy and the prospects for SurfWatch, it does not appear to be inherently more secure than schemes that utilize subscriber software. Regards, Patrick May -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMB/Jqe5Yg08fDKehAQH16gQAp78uOJX02xNz7/5XYPBcaRZRC8pCWx6K oUdOxbGta/l1rKrRGWhJ7WLJy9iaopBcbr4YXNOMPL4Va91DEXkJ5rfJKXC+o7Mz jA0wBujVu0DK+S0C49Ah3OoXxX6H0SorbuscvDF2IIw9aGLSezD49H4/GgWvhklo Y1Gu5Tfok+Y= =FsYi -----END PGP SIGNATURE----- From bailey at computek.net Wed Aug 2 12:01:07 1995 From: bailey at computek.net (Mike Bailey) Date: Wed, 2 Aug 95 12:01:07 PDT Subject: Consumer Report: RSA T-Shirt In-Reply-To: <199508021411.KAA05924@cmyk.warwick.com> Message-ID: On Wed, 2 Aug 1995, Harry S. Hawk wrote: > > I have only one complaint. THat is the "machine readable" rsa barcodes. > > TO my eye the printing job there is rather poor. I doubt it is > machine readable (althought I don't have a 128 barcode reader to > try it out with).. We tried it and it does not read. I am still very happy with the product 8-) -Mike ************************************************************************** * Mike Bailey (hm)214-252-3915 * * AT&T Capital Corporation. (wk)214-456-4510 * * email bailey at computek.net host bambam.computek.net * * "Remember you can tune a piano but you can't tuna fish -Joe Walsh" * * http://www.computek.net/public/bailey * ************************************************************************** From SADLER_C at HOSP.STANFORD.EDU Wed Aug 2 13:21:08 1995 From: SADLER_C at HOSP.STANFORD.EDU (Connie Sadler) Date: Wed, 2 Aug 95 13:21:08 PDT Subject: Pat Robertson Fears E-cash? Message-ID: Subject: Re: Pat Robertson Fears E-cash? Date: Wed, 2 Aug 1995 11:37:19 PDT A1-type: DOCUMENT Importance: normal < >> >> Of course, this bank has been criticized for being somewhat lax on who >> they give accounts to, but the point still stands. I could have been >> anybody, and give any false address. *shrug* > >Why should they give a damn who you are? IMO, it's none of their >business. Hell, they're making $$$ on *your* deposits, it's time they >stopped being such shits about it. Mostly they are afraid that you will get checks under a fake name, and bounce a lot of them, which ends up costing them a lot of money, even though they don't pay off on them. (Most of the costs of any financial transaction system come from handling exceptions). They are also under obligation to provide accurate SSN or Business Tax-ID information to the government on any interest-bearing account, so that you are forced to declare it on your income taxes. Clearly there are other ways of preventing or insuring against the problems that arise from check fraud (such as not issuing checks), but the IRS requirements are out of the bank's hands. From tcmay at sensemedia.net Wed Aug 2 14:56:54 1995 From: tcmay at sensemedia.net (Timothy C. May) Date: Wed, 2 Aug 95 14:56:54 PDT Subject: "The Net" Message-ID: I saw "The Net" yesterday and was moderately entertained. Lots of leaps of logic, especially the notion that one can be "vanished" by having computer records changed--I can believe that such changes would screw things up, but surely even the character played by Sandra Bullock (nicely) would have human friends and associates to vouch for her. The portrayal of her job as a "beta tester," with a couple of Mac screens running and lots of MacTCP connections, was well done. In fact, maybe the most interesting look at computer screens I've seen. (But maybe I'm biased...) The cheesy climax, involving a computer virus, was especially egregious. But tension has to be gotten somehow, I suppose, and most moviegoers will not be terribly excited by the "real stuff." All in all, some good tension. If this was the film I advised a woman screenwriter/researcher about (the "vanishing" part she was asking me for tips on, 18 months ago), I sure couldn't seen any influence of my ideas, or those of Cypherpunks. (I have her name written down somewhere, but the two official screenwriters were both male...still, I have a hunch she was doing background research for them.) Ironically, I saw a second movie the same day..."Under Siege II." It had a lot of crypto, as well. Things like "Going secure" on cellphone conversations with the Arabs purchasing the terrorist actions. --The Praetorian ---- | PI | ---- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at sensemedia.net | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sandfort at crl.com Wed Aug 2 15:26:40 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 2 Aug 95 15:26:40 PDT Subject: DETWEILLER In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Wed, 2 Aug 1995, Kragen J Sittler wrote: > On Mon, 31 Jul 1995, SysAdmin wrote: > > > ObCypherpunk: Anybody heard from Detweiller? Actually, he was at the last Bay Area Cypherpunks physical meeting under another name. At least he learned that Eric Hughes and I are not the same person. Unfortunately, Tim May was not in attendance so no telling what he thinks. In addition, he has been fairly active on list of late. I think you all know which poster is he. Hell, I don't care, just as long as he isn't frothing. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From kelli at zeus.towson.edu Wed Aug 2 16:27:19 1995 From: kelli at zeus.towson.edu (K. M. Ellis) Date: Wed, 2 Aug 95 16:27:19 PDT Subject: Cypherpunks Lobbying? (fwd) Message-ID: I posted this idea of mine about a month ago, when toad was having problems bouncing mail and the router on my own system was going crazy; I thought it had gone up but I got absolutely _no_ response about it, either pro or con, so I thought maybe I'd better repost it just in case it's still bouncing around sura or something. I'll probably get flamed for starting up an old thread again, but this isn't so much an invitation for discussion as it is a call to action. I've updated it, since some things have changed since then. -=Kathleen M. Ellis=- ---------- Forwarded message ---------- Date: Fri, 14 Jul 1995 04:11:23 -0400 (EDT) From: K. M. Ellis To: "Timothy C. May" Cc: pfarrell at netcom.com, jlasser at rwd.goucher.edu, cme at tis.com, cypherpunks at toad.com Subject: Cypherpunks Lobbying? On Thu, 13 Jul 1995, Timothy C. May wrote: > > I'd hardly call my view "throwing in the towel." What I said clearly enough > was that the Washingtonians can throw out repressive legislation much > faster than we can--and I speak in terms of "we" as being the EFF, EPIC, > NRA, ACLU, etc., and _not_ the Cyherpunks, who have no lobbying activities > to speak of. I'm glad you brought this up, Tim, because Pat Farrell, Carl Ellison, and I have been discussing the possiblility of doing just that over the past week or so. The three of us, in addition to many others (we like to call ourselves "The Mid-Atlantic Cypherpunks") are very near DC and thought we might take advantage of this on behalf of others who don't have the luxury of living near their legislators. Our idea (and it was originally limited to lobbying against the CDA, but we can expand it now to lobby against that and S.974) was to have Cypherpunks send letters (yes, authentic _snail mail_) to a Cypherpunk willing to go deliver it in person, (namely me) and talk to whoever is there, be it the congressperson or one of his/her aides. The strategy of this action would be to say,"hello, we represent and we oppose and we feel this way because and here is a letter from one of your constituents who feels the same way we do." A simple lobby. I thought this might be beneficial to cypherpunks because it seems that a lot of representatives are difficult to get in touch with, since not all of them have e-mail addresses. I think there is a certain advantage in this kind of action from an educational standpoint, considering that the House doesn't seem to have a strong backer for this bill like the Senate did, and the many Congresscritters who know nothing about the net only need someone to explain the consequences of such a bill to them. Furthermore, to those ignorant of the net and its ways, a printed out list of names and e-mail addresses collected through the web is completely foreign and perhaps intimidating to them, and therefore not all that helpful to us, IMHO. Hand-signed letters (or hand-written, if your printing is more legible than mine) in good, old-fashioned envelopes is just what critters of this sort need to see. If any US citizens here would like me (and hopefully some older, wiser cypherpunks willing to join me on this trip) to deliver a letter to their congressperson please send a letter to this address: The Hon. Whoever c/o Kathleen M. Ellis TSU box 898 Towson State University 8000 York Road Towson, MD 21204 On the envelope you must include: The name of the congressperson (if I have to open the letter to be able to tell who it is meant for it'll lose some of its authenticity) My full address (yes, all five lines of it, or i'll never get it) If you can get it, the office location of representative (building name and room number) printed on the back. If you can't find it don't worry, I'll find it, but if you can provide it I'd appreciate it. You can get it at the URL below. A return address A postmark from your district The letter must have: The specific bill you are against; its number, title, and sponsors (the CDA is H.R.1004/S.652 sponsored by Senator James Exon, from Nebraska) Possible alternatives (my suggestion is H.R. 1978, sponsored by Cox and Wyden) A polite introuduction, a concise body, and a gracious conclusion :). Your address and signature. If you need more information for your letter, good URLs on the subject are: http://www.cdt.org/cdw.html http://www.cdt.org/petition.html http://www.eff.org/pub/EFF/Issues/censorship/Exon_bill/ http://uvacs.cs.virginia.edu/~hwh6k/public/S314_stuff.html http://www.phantom.com/~slowdog http://www.panix.com/vtw/exon/ If you don't know who your representative is, try to find her/him through http://www.house.gov and look for a familiar looking name from your state. Unfortunately there's no "point-and-click" US map to refer to to find out which district is yours, but you should be able to find out fairly easily by looking for familiar names. If you really get stuck, try your local League of Women Voters. The main thing is, I need these letters soon. In order to have a shot at getting to talk to anyone, I must make appointments with the offices of the respective representatives. The house is expected to vote on this topic any day now; the clock's a-ticking. I ask that all letters be sent so that I can recieve them by August 11, 1995. I aim to raid congress on Wednesday, August 16. This date could be changed, depending on the definite responses I get from people willing to help. I have lobbied before, and I'm up to the task, but it would be nice to have some other politically-oriented cypherpunks along for, at the very least, moral support. Anybody interested, Please Please Please send me some e-mail. Carl or Pat might go, and if we get enough people to help we can split the workload among teams. If anyone has comments/questions/suggestions, don't hesitate. I'd appreciate whatever isn't necesary to go up on the list to be sent to me privately, so's I don't get into trouble for "inciting spam". -=Kathleen M. Ellis=- kelli at zeus.towson.edu http://zeus.towson.edu/~kelli/ GAT d? H+ s+++:-- !g p? !au a- w++@ !v@ c++++ UL++ P+ L+ 3 E---- N+ K W--- M-- V-- po- Y++ t+ 5-- jx R G'''' tv- b+++ D-- B e+ u** h* f++ r--- n+ z** Diverse Sexual Orientation Coll.Towson State University DSOC at zeus.towson.edu BigBrotherSystemsBBS........BigBrotherIsWatchingYou.......(410)494-3253#11 From nzook at bga.com Wed Aug 2 16:29:21 1995 From: nzook at bga.com (Nathan Zook) Date: Wed, 2 Aug 95 16:29:21 PDT Subject: LD was Re: [NOISE] was Re: a hole in PGP In-Reply-To: Message-ID: On Wed, 2 Aug 1995, Kragen J Sittler wrote: > On Mon, 31 Jul 1995, SysAdmin wrote: > > > ObCypherpunk: Anybody heard from Detweiller? > > Yes, I saw a posting from him (ldetweil at somewhere) on Usenet; I replied > and said it was good to see him back. He answered politely; perhaps he > doesn't recognize me, as his last (previous) words to me were 'just shut > up, you writhing tentacle'. Perhaps he's not so upset about things > anymore; I don't know. > > Peace, > Kragen > Kragen! I haven't heard much from you since someone thought Kragen <-> Kracken ==> monster ---> tentacle! (And you were being pretty rational at the time--for this list.) Doing well, I hope. Nathan P.S.: It's good to see this thread moving to the S side of the SNR From xentrac at unm.edu Wed Aug 2 16:36:18 1995 From: xentrac at unm.edu (Kragen J Sittler) Date: Wed, 2 Aug 95 16:36:18 PDT Subject: LD was Re: [NOISE] was Re: a hole in PGP In-Reply-To: Message-ID: On Wed, 2 Aug 1995, Nathan Zook wrote: > > > On Wed, 2 Aug 1995, Kragen J Sittler wrote: > > doesn't recognize me, as his last (previous) words to me were 'just shut > > up, you writhing tentacle'. Perhaps he's not so upset about things > > anymore; I don't know. > > Kragen! I haven't heard much from you since someone thought Kragen <-> > Kracken ==> monster ---> tentacle! (And you were being pretty rational > at the time--for this list.) > > Doing well, I hope. *laugh* yes, relatively. Moved to another state and started working at an underclass job. And I'm trying frantically to unsubscribe; I no longer have big quotas and procmail. My mail is going to cybele.unm.edu, which has since been renamed; also, I lost my account there. You were the Christian fundamentalist, right? Peace, Kragen Kragen Sittler 2.0 GCS/J/M/P/O/U/! d? H+/--- s+: !g>+ p?(?+) !au a17.72 w+ v+(?(*)) C++(++++) UU/A/I/S+/->++ P+>+++ LX>++ 3>++ E(++)>+++ N++ K++>+++++ W--- M+/->+++ V(-) -po+ Y++>+++ !5 j R(-) G''' tv b+>+++ !D e(*) u** h-/--/! f/+/++ r++ n+ y? (as of 9 Aug 1994) Blessed Be Atheism & Sex FAQs at http://www.unm.edu/~xentrac/News/faq/ From nzook at bga.com Wed Aug 2 16:43:14 1995 From: nzook at bga.com (Nathan Zook) Date: Wed, 2 Aug 95 16:43:14 PDT Subject: NYET--attempted formal specs (again) In-Reply-To: <199508021853.LAA10598@ionia.engr.sgi.com> Message-ID: On Wed, 2 Aug 1995, Patrick May wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Nathan Zook writes: > [ . . . ] > > NYET-- Non-Youths Exhibit Temperance. > > > > This is a rising, legitamate concern among parents that their children > > have all-to-easy access to porn on the internet. Last year, there > [ . . . ] > > > > But none of these proposals can ultimately succeed. Here I restate my > > NYET proposal from last year for your consideration. The system is of > > necessity ISP-based. Home-based systems are subject to attacks at > > home. Since many (most?) children are better with computers than > > their parents, these attacks can be expected to succeed. > [ . . . ] > > > > The NYET-software runs as superuser on the ISP's machine. All minor > > accounts have a corresponding configuration file sitting in their > > account owner's parent's directory, which is locked with read/write by > > owner only flags. The correspondence between minor and parent > > accounts sits in a file owned by root and similiarly locked. > > > > The parent sets the configuration file to permit and deny access to > > various parts of the net. Since it is unreasonable for the parent to > [ . . . ] > > Your solution fails against your specified threat. Children who > are more software-proficient than their parents will, in many cases, > be able to access their parents' accounts and modify the configuration > file (or simply use the account to access the blocked areas). > Ultimately, all such systems are "home-based" if any accounts used by > members of the household have or can be granted access to the naughty > bits (tip o' the hat to M. Python). Unquestionably, it is not possible to block this hole entirely. However, that does not mean that this proposal is not still superior, at least on two points. First, by moving the monitoring software to the ISP, the instalation & configuration becomes much easier and more secure for the parent. The monitoring software itself becomes at least as difficult to hack as the rest of unix, and the "Hot Babes Watch" hacks at least are prevented. Secondly, as we move to challenge-response systems, the ability of Jr. to forge parental access drops considerably. The "Last access on" information could clue a parent in. (Jr. could reset the clock before modifying programs at home.) No one on this list is going to claim that a 17-year old who has been hacking since he was ten can be stopped. That doesn't make these efforts doomed from the outset, however. In particular, I want to avoid non-custom "solutions" for minors attempting access. Nathan > While your proposal is obviously marketable, given the success of > Prodigy and the prospects for SurfWatch, it does not appear to be > inherently more secure than schemes that utilize subscriber software. > > Regards, > > Patrick May > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBMB/Jqe5Yg08fDKehAQH16gQAp78uOJX02xNz7/5XYPBcaRZRC8pCWx6K > oUdOxbGta/l1rKrRGWhJ7WLJy9iaopBcbr4YXNOMPL4Va91DEXkJ5rfJKXC+o7Mz > jA0wBujVu0DK+S0C49Ah3OoXxX6H0SorbuscvDF2IIw9aGLSezD49H4/GgWvhklo > Y1Gu5Tfok+Y= > =FsYi > -----END PGP SIGNATURE----- > From banisar at epic.org Wed Aug 2 17:10:32 1995 From: banisar at epic.org (Dave Banisar) Date: Wed, 2 Aug 95 17:10:32 PDT Subject: EPIC Alert 2.08 Message-ID: ============================================================= @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================= Volume 2.08 August 2, 1995 ------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, DC info at epic.org WWW http://epic.org ======================================================================= Table of Contents ======================================================================= [1] Telecom Bill Update [2] New Bill Targets Crypto [3] 2600 FOIA Case on Appeal [4] National Security Surveillance Increases [5] New EPIC Reports Available [6] Upcoming Conferences and Events ======================================================================= [1] Telecom Bill Reaches House Floor ======================================================================= By the time you read this, the House of Representatives may or may not have begun consideration of HR 1555, the so-called "telecommunications reform" bill (the latest estimates are that consideration will begin on the evening of August 2). EPIC has joined with a coalition of public interest organizations in calling for the defeat of this legislation. The coalition includes the Center for Media Education, Computer Professionals for Social Responsibility, Consumer Federation of America, Media Access Project, People for the American Way Action Fund, and Taxpayer Assets Project/Consumer Project on Technology. In a joint statement issued on July 31, the coalition says of the legislation: Specific provisions will directly affect the Internet. Users have been actively opposing one Senate provision to ban all "indecent" communications on computer networks. Given the overwhelming Senate support for that measure, there is substantial risk that any version of the telecommunications bill will contain content restrictions of some sort. Not only will any version of this legislation probably regulate content on the Internet, it will certainly eliminate many important economic safeguards against market power and abuse. The very competitive market that exists for Internet service providers should be emulated for phone and cable companies. Yet the legislation encourages greater monopoly control over all communications services. Related developments: * In a statement released on July 31, President Clinton announced his intention to veto the current version of the telecommunications bill pending in the House. The White House statement noted that, "Instead of promoting open access and diversity of content and viewpoints, [the bill] would allow fewer people to control greater numbers of television, radio and newspaper outlets in every community." * The status of the "Communications Decency Act," which is included in the telecommunications bill passed by the Senate, is unclear in the House. Although the so-called "Exon amendment" language is not currently contained in the House legislation, it is anticipated that advocates of Internet censorship will attempt to attach the CDA to the telecom bill on the House floor. For updated information, check the Voters Telecommunications Watch (VTW) home page at http://www.panix.com/vtw/exon/exon.html. * The following materials are now available at the EPIC home page, http://www.epic.org/telecom_bill/ The full text of the public interest coalition statement, including an analysis of the legislation and Congressional contact information; The White House statement on the House legislation; The "managers' report" on the legislation, describing the current version of the bill; The latest version of the VTW alert on the Communications Decency Act Internet censorship provisions. ======================================================================= [2] New Bill Would Outlaw Non-Escrowed Encryption ======================================================================= On June 27, Sen. Charles Grassley (R-Iowa) introduced the "Anti-Electronic Racketeering Act of 1995." The legislation addresses a broad array of Internet-related issues, including encryption. Under the heading of "Racketeering-related crimes involving computers," the bill would, in effect, criminalize the distribution of all encryption software over the Internet or other computer networks unless "the software at issue used a universal decoding device or program that was provided to the Department of Justice prior to the distribution." Section 2(h)(1) of S.974 would amend Title 18 of the United States Code to make it unlawful to: distribute computer software that encodes or encrypts electronic or digital communications to computer networks that the person distributing the software knows or reasonably should know, is accessible to foreign nationals and foreign governments, regardless of whether such software has been designated as nonexportable. The legislation further provides that: [i]t shall be an affirmative defense to prosecution under this section that the software at issue used a universal decoding device or program that was provided to the Department of Justice prior to the distribution. The legislation is plainly an attempt to mandate the result the Administration sought to achieve with the failed Clipper Chip initiative -- ensuring law enforcement access to *all* encrypted communications through government-escrowed keys. Requiring "knowledge" of accessibility to foreign nationals or governments provides no meaningful protection in a global communications environment. Such knowledge can easily be imputed to any person making encryption software available on the Internet. Criminalizing such distribution "regardless of whether such software has been designated as nonexportable," would effectively outlaw the dissemination of any encryption software that does not provide the government with escrowed keys or some other backdoor. As drafted, the legislation would appear to prohibit the distribution of any program that contains security features, including Netscape Navigator, various digital cash applications and even PKZIP. The Grassley bill was drafted with input from the Department of Justice, suggesting that the Administration may be moving from the initial "voluntary" Clipper approach toward mandatory restrictions on the distribution and use of non-escrowed encryption. Indeed, FBI Director Louis Freeh has indicated on several occasions that domestic uses of encryption will eventually be curtailed. For instance, Freeh said in Congressional testimony on May 11, 1995, ... we're in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want to make sure we have a trap door and key under some judge's authority where we can get there if somebody is planning a crime. The text of the "Anti-Electronic Racketeering Act" can be obtained at http://www.epic.org/crypto/s974.txt. EPIC will continue to monitor the progress of this legislation and will be posting analyses of its other draconian provisions, including those dealing with computer crime, distribution of copyrighted material and searches and seizures of computer systems. ======================================================================= [3] Appeals Court to Decide "2600" FOIA Case ======================================================================= The wheels of justice turn slowly ... In November 1992, a group of young people affiliated with the computer magazine "2600" were confronted by mall security personnel, local police officers and several unidentified individuals in the Pentagon City shopping mall in Virginia. The group members were ordered to identify themselves and to submit to searches of their personal property. Their names were recorded and some of their property was confiscated. Computer Professionals for Social Responsibility (CPSR) filed suit in federal court in early 1993 seeking the release of relevant Secret Service records under the Freedom of Information Act. The litigation of the case is being handled by EPIC. In July 1994, U.S. District Judge Louis Oberdorfer ordered the Secret Service to release the vast majority of documents it maintains on the incident. The government appealed that decision and the appeal is now pending. In a recently filed brief, EPIC and CPSR argue that the withheld documents demonstrate Secret Service misconduct and that the FOIA exemptions cited by the agency do not apply. The Pentagon City incident has been described as an example of over-zealous law enforcement activities directed against so-called computer "hackers." The case raises significant issues of free speech and assembly, privacy and government accountability. Oral argument before the U.S. Court of Appeals for the District of Columbia Circuit is scheduled for September 14, 1995. A copy of the CPSR/EPIC brief can be found at: http://cpsr.org/cpsr/computer_crime/2600_brief_6_95.txt ======================================================================= [4] Secret Court Surveillance Orders Increase, New Chief Judge Chosen ======================================================================= According to Justice Department documents, orders for "national security" electronic surveillance increased in 1994 over the previous year. 576 orders for "national security" electronic surveillance were approved in 1994, an increase of 65 orders over the previous year but still lower than previous peak years of 1984 and 1991. No requests for surveillance were denied or modified. Since its inception in 1979, the Foreign Intelligence Surveillance Court (FISC) has never turned down a request for an electronic surveillance order. The secret court was created by the Foreign Intelligence Surveillance Act of 1977. Last year, the FISC's jurisdiction was expanded to include authorizing physical searches of premises in "national security" cases. FISA Orders 1979-1994 1979 - 207 1980 - 322 1981 - 433 1982 - 475 1983 - 549 1984 - 635 1985 - 587 1986 - 573 1987 - 512 1988 - 534 1989 - 546 1990 - 595 1991 - 593 1992 - 484 1993 - 509 1994 - 576 ------------- A new leader was recently named for the court. U.S. District Court Judge Royce C. Lamberth has been chosen to be the chief judge. Lamberth replaces US District Court Judge Joyce Hens Green, whose term expired earlier this year. Members of the FISC are chosen by Chief Justice William Rehnquist and serve seven year terms. Lamberth was originally appointed to the U.S. District Court by President Ronald Reagan in 1987. Prior to his appointment, he was Chief of the Civil Division of the U.S. Attorney's Office in Washington, D.C. In 1993, he ruled against CPSR in its attempt to obtain classified documents relating to the development of the Digital Signature Standard. Other court members are Wendell A. Miles, Western District of Michigan; Ralph Thompson, Western District of Oklahoma; Charles Schwartz, Eastern District of Louisiana; Earl H. Carroll, District of Arizona; James C. Cacheris, Eastern District of Virginia; and John Keenan, Southern District of New York. ======================================================================= [5] Updated EPIC Reports Available ======================================================================= EPIC has released updates of two of its reports: EPIC Online Guide to Privacy Resources. A comprehensive list of privacy organizations, publications, newsgroups, mailing lists, netsites and conferences related to privacy. Updated August 1, 1995. HTTP://www.epic.org/privacy/online_guide_faq.txt Overview of 104th Congress - Electronic Privacy and Civil Liberties Legislation. A comprehensive listing of all legislation currently pending in Congress that affects privacy and civil liberties. Includes a brief overview, bill number, and status of each bill. Updated August 1, 1995. HTTP://www.epic.org/privacy/legislative_update.txt ======================================================================= [6] Upcoming Privacy Related Conferences and Events ======================================================================= DEF CON III. August 4-6, 1995. Las Vegas. Major hacker conference. Contact: dtangent at defcon.org or http://dfw.net/~aleph1/defcon Surveillance Expo '95. August 8-10. Mclean, Virginia. Sponsored by Ross Engineering. Contact Jim Ross. 703-318-8600. Advanced Surveillance Technologies. Sept. 4, 1995. Copenhagen, Denmark. Sponsored by Privacy International and EPIC. Contact pi at privacy.org or HTTP://www.privacy.org/pi/conference/ 17th International Conference of Data Protection and Privacy Commissioners. September 6-8, 1995. Copenhagen, Denmark. Sponsored by the Danish Data Protection Agency. Contact Henrik Waaben, +45 33 14 38 44 (tel), +45 33 13 38 43 (fax). InfoWarCon '95. September 7-8, 1995. Arlington, VA. Sponsored by NCSA and OSS. Email: Winn at Infowar.Com. "Managing the Privacy Revolution." Privacy & American Business. Oct. 31 - Nov. 1, 1995. Washington, DC. Speakers include C.B. Rogers (Equifax). Contact Alan Westin 201/996-1154. 11th Annual Computer Security Applications Conference: The conference includes technical papers, panels, vendor presentations, and tutorials that address the application of computer security and safety technologies in the civil, defense, and commercial environments. December 11-15, 1995, New Orleans, Louisiana. Contact Vince Reed at (205)890-3323 or vreed at mitre.org. 1996 Computers, Freedom and Privacy Conference. March 27-30, 1996. Cambridge MA. Sponsored by MIT. Contact: cfp96-info at mit.edu or http://web.mit.edu/cfp96. (Send calendar submissions to Alert at epic.org) ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send the message: SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname to listserv at cpsr.org. You may also receive the Alert by reading the USENET newsgroup comp.org.cpsr.announce. Back issues are available via http://epic.org/alert/ or FTP/WAIS/Gopher/HTTP from cpsr.org /cpsr/alert/ and on Compuserve (Go NCSA), Library 2 (EPIC/Ethics). ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government and Computer Professionals for Social Responsibility. EPIC publishes the EPIC Alert and EPIC Reports, pursues Freedom of Information Act litigation, and conducts policy research on emerging privacy issues. For more information, email info at epic.org, WWW at HTTP://epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. (202) 544-9240 (tel), (202) 547-5482 (fax). The Fund for Constitutional Government is a non-profit organization established in 1974 to protect civil liberties and constitutional rights. Computer Professionals for Social Responsibility is a national membership organization of people concerned about the impact of technology on society. For information contact: cpsr-info at cpsr.org If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Your contributions will help support Freedom of Information Act litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan.. Thank you for your support. ------------------------ END EPIC Alert 2.08 ------------------------ _________________________________________________________________________ Subject: EPIC Alert 2.08 _________________________________________________________________________ David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://epic.org Washington, DC 20003 * ftp/gopher/wais cpsr.org From rfreeman at netaxs.com Wed Aug 2 17:34:49 1995 From: rfreeman at netaxs.com (Richard Freeman) Date: Wed, 2 Aug 95 17:34:49 PDT Subject: a hole in PGP Message-ID: <199508030028.UAA11956@access.netaxs.com> On 31 Jul 95 at 20:49, Dr. Frederick B. Cohen wrote: > > History shows that your approach fails. Here are some examples: > > Tens of thousands of people had source to the http daemon from > CERN, and yet none of them noticed a hole that was detected as > it was being exploited only a few months ago. > > Tens of thousands of people have access to sendmail and yet > new holes are found by attackers several times per year on > average. > > Tens of thousands of people have access to the sources of > various versions of hundreds of software packages, yet there > are holes found every day. > I don't think this is a very good analogy. The problems that occur with these programs don't really occur due to a fault the programs themselves so much as in their interactions with other programs. Unix is a very complex OS in the regard that it allows for a lot of program interaction. Same thing with something like windoze - you don't see nearly as many program crashes in DOS as in windoze, because in DOS only one program operates at a time, and it is in an environment of the developer's choosing, rather than the user's. I personally only use pgp on my DOS machine - primarily because it is secure (or at least reasonably so). These wierd interactions are very hard to purposely orchestrate and I doubt that they could be placed into a program which has been ported into so many different OS's. Try reading the source yourself. It is pretty well commented, and it doesn't fork or anything so there won't be any kind of wierd in-program interactions. I personally subscribe to the fact that so long as there aren't any errors in the OS or compiler or machine itself, then the source alone is enough to fully determine the operation of a single-tasking program. I don't pretend to understand the mathematics behind idea and RSA and all that (mostly because I haven't had time to read up on them), but it shouldn't be hard to verify that the program does in fact correctly execute the algorithm. ----------------------------------------------------------------- Richard T. Freeman - finger for pgp key 3D CB AF BD FF E8 0B 10 4E 09 27 00 8D 27 E1 93 http://www.netaxs.com/~rfreeman - ftp.netaxs.com/people/rfreeman From pgf at tyrell.net Wed Aug 2 17:34:58 1995 From: pgf at tyrell.net (Phil Fraering) Date: Wed, 2 Aug 95 17:34:58 PDT Subject: a hole in PGP{n@3 In-Reply-To: Message-ID: <199508030021.AA04754@tyrell.net> Date: Wed, 2 Aug 1995 02:09:25 -0400 (EDT) From: Brian Davis You forgot the NSA's most recent overt act in the PGP conspiracy: it gets PGP declared a munition, harassing PZ, gets lots of bad press, etc., all in order to make Cypherpunks believe that there is no back door, when there really is! Shhhhhhhhh. Don't let on that you know. Just go back to Rot-13 encoding. You forgot to mention that although PGP is "provably" secure, that the NSA engine for breaking it is a quantum computer built with "borrowed" extraterrestrial technology. > DCF EBD P.S.: The Truth Is Out There. From dlv at bwalk.dm.com Wed Aug 2 20:40:34 1995 From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Date: Wed, 2 Aug 95 20:40:34 PDT Subject: "The Net" In-Reply-To: Message-ID: tcmay at sensemedia.net (Timothy C. May) writes: > I saw "The Net" yesterday and was moderately entertained. Lots of leaps of I saw it about 1/2 hour ago. I make a point of seeing every computer-related movie. I don't think real movie-goers would enjoy it much. It's cheap and unprofessional. Lots of running around, but no real car crashes. The acting is terrible. The star should NOT have appeared in a bikini. Yech. > logic, especially the notion that one can be "vanished" by having computer > records changed--I can believe that such changes would screw things up, but > surely even the character played by Sandra Bullock (nicely) would have > human friends and associates to vouch for her. They try to "explain this away" by saying that 1) she lived in the neighborhood for 4 years and never got to know any neighbors (as one of the neighbors tells the police), 2) her mother's got Alzheimers and doesn't recognize her anymore, 3) she telecommutes for a company in another city and only knows 2 people there in real life. One gets killed at the beginning; the other gets fired and she makes no attempt to find him (one of the many loose ends). The computer-related plot is just slightly more plausible. (Movies about financial services, like _Wall St_ usually distort reality much worse than movies about computers. Can you say "creative licence"?) > The portrayal of her job as a "beta tester," with a couple of Mac screens > running and lots of MacTCP connections, was well done. In fact, maybe the > most interesting look at computer screens I've seen. Yes, everything is done on various PowerMacs, including playing Wolfenstein. Could be X terminals. Except for a little Duo she gave her shrink/boyfriend, and a powerbook she used at the beach. IMO, it's better than most such scenes... It's way better than the scene in Wargames where the computer tries to pick 10 digits of a password one by one... Not as good as Sneakers... In a typical suspenseful scene (not a spoiler), the heroine sneaks into an office and sets off a fire alarm. Everyone leaves, including a villaine, who doesn't log off. The heroine receives a new e-mail addressed to the villaine, with the orders to kill the heroine (clearext), signed 'pretorian'. The heroine types 'whois pretorian' and gets an IP address, but no name. The heroine goes through what looks like traceroute and obtains the pretorian's name and picture (but the viewers know his identity from the start, of course). She finishes saving it to a floppy disk moments before the villaine returns to the cubicle. (One of the IP bytes was 344, by the way.) Another time she types "telnet someone at somewhere.mil". Another time she "hot chats" on an her Mac, and hooks up the text to a voice synthesizer. (If they all exchange so much e-mail, why do they bother FedExing diskettes?) > If this was the film I advised a woman screenwriter/researcher about (the > "vanishing" part she was asking me for tips on, 18 months ago), I sure They may have been reading the Risks digest too much. :) One guy is apparently flying his Cessna "by wire", thinks he's approaching the airport, actually hits a smokestack. Another guy gets wrong medications, twice, and dies. All as the result of the vilaines changing computer records, of course. Interestingly, there's NO mention of crypto. Once you know someone's password, or have physical access to the media, you can read and write everything. Once you change some data, it's changed. No digital signatures. However, once the virus melts the villaines' mainframe, their data is gone. No backups. And all the changes they made in other systems are reversed. Reminded me of _The Wizard of Oz_ a bit. In fact, the bad guys were selling everyone a computer security system called "the Gatekeeper" (a Trojan horse, really), but it's not identified as crypto. It sounded like access rights are checked by their server. It involves a Web page with a 'pi' symbol (pi stands for pretorian, of course). Clicking on the pi while pressing control-shift will display much hexadecimal stuff and then let the user in through a backdoor. Hmm. Gatekeeper = Bill Gates = Windows 95? Is that why Apple lent those Macs? :) There's a character named "CyberBob" who's never seen. He only hot-chats and eventually gets killed. His icon looks like MS Bob. I heard only one mention the "the Internet". At the end of the movie, a TV announcer says that the case was cracked because the "programmer analyst Angela Bennett e-mailed the evidence to the FBI from the Internet". (E-mailed from an open-access computer at a computer show, I might add) We were treated to 5 or 6 previews. One was for another movie called "The Hackers", on the same topic, coming this summer. Some kids like to break into systems. The bad guy blackmails someone, frames the kids. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From monty.harder at famend.com Wed Aug 2 21:04:34 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Wed, 2 Aug 95 21:04:34 PDT Subject: Zimmermann legal fund Message-ID: <8AE653E.00030002B8.uuout@famend.com> MB> > an account that can be accessed over the net will be the day I close my US MB> > accounts. MB> MB> Interesting idea ... MB> MB> 1st question or thing I would want to be certain of is the stability of the MB> currency of the realm so to speak. I wouldn't want to bank in a country that MB> had a weak currencey (sp) or was subject to roller coaster economics. Why would the currency of the country be relevant to the bank? There is no reason why banks can not calculate balances in foreign currency. A bank could even permit "vector balances" for accounts, such as: representing Dollars , (Swiss) Franks, Deutschmarks, and Yen, respectively. One could even create a "synthetic currency" set to, say, <.25, .4, .5, 30>, and all deposits and withdrawls would be converted accordingly. This way, if one country blows things, you don't get hit too hard. ObCrypto: Well... This will involve a bit more complicated arrangement of finances, and add in the currency-conversion thing, so it will be even more important to have standardized means of secure communications with your offshore bank. * A Liberal puts your money where his mouth is. --- * Monster at FAmend.Com * From monty.harder at famend.com Wed Aug 2 21:04:40 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Wed, 2 Aug 95 21:04:40 PDT Subject: your mail Message-ID: <8AE653E.00030002B9.uuout@famend.com> AB> I suppose if I were really paranoid I'd feed in fixed starting points AB> for the search to MIT PGP and PGP 2.6.2 to make sure that they come out AB> with the same keys. Or use the non-MIT version to generate your keys, but let the MIT version do your encryption. Nobody can tell where your key came from, can they? * Come to Rosty's Bargain Basement, for a STEAL of a deal! --- * Monster at FAmend.Com * From hallyn at cs.hope.edu Wed Aug 2 21:41:29 1995 From: hallyn at cs.hope.edu (Kenshiro) Date: Wed, 2 Aug 95 21:41:29 PDT Subject: "The Net" In-Reply-To: Message-ID: <9508030441.AA02714@gimli.cs.hope.edu> Tim wrote : > I saw "The Net" yesterday and was moderately entertained. Lots of leaps of ... > > The portrayal of her job as a "beta tester," with a couple of Mac screens > running and lots of MacTCP connections, was well done. In fact, maybe the > most interesting look at computer screens I've seen. (But maybe I'm > biased...) As long as you realize it. :) [after all, what could beat the scene in Jurassic Park : "This is Unix. I know this..." followed by what looks like a 3-d landing into zany-land. In slow motion. ] -- Serue the SUNite (hmm. so it's entertaining, mindless and devoid of reality? I'm there!) From tcmay at sensemedia.net Wed Aug 2 22:35:51 1995 From: tcmay at sensemedia.net (Timothy C. May) Date: Wed, 2 Aug 95 22:35:51 PDT Subject: NYET--attempted formal specs (again) Message-ID: At 11:41 PM 8/2/95, Nathan Zook wrote: ...lots of other threads elided... >Unquestionably, it is not possible to block this hole entirely. However, >that does not mean that this proposal is not still superior, at least on >two points. > >First, by moving the monitoring software to the ISP, the instalation & >configuration becomes much easier and more secure for the parent. The >monitoring software itself becomes at least as difficult to hack as the >rest of unix, and the "Hot Babes Watch" hacks at least are prevented. Knowing that Nathan is a member of the Religious Right (tm ), I think enlisting their support for receiver-level filtering is a GOOD IDEA. I happen to be a Nonbeliever--Allah forfend!--but I have no problems with their beliefs. In fact, most religious groups are distrustful of "The Gubment" deciding what's reasonable and what's not. The thing to do is to get the Mormons, the Baptists, the Muslims, the Rosicrucians, the Davidians (those who survived the BATF action), and the Breatharians, etc., to all agree that they need to "screen the evil out" on _their_ side, not to get "The Gubment" to do it for them. Orrin Hatch, a Mormon, has said that he grew up in Pennsylvania, and he chafed under having to say the school prayers of the Dominant Religious Paradigm. He has said that this makes him skeptical and critical of any efforts to institute religion in classrooms. I don't see any religion in America as being sufficiently dominant that it thinks it can get its particular agenda accepted as the Dominant Religious Paradigm. That is, they all seem suspicious of government involvement. All to the good. Thus, while not a Christian or even any kind of theist, I find much, much less to fear from religious groups in the U.S. than I do from various non-religious groups. (Of course, if the Third Episcopal Transcendentalists succeed in taking power, and begin "purifications" through crucifiction of non-Episcopals, I may modify my charitable opinions...) --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at sensemedia.net | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jim at acm.org Wed Aug 2 22:53:58 1995 From: jim at acm.org (Jim Gillogly) Date: Wed, 2 Aug 95 22:53:58 PDT Subject: "The Net" In-Reply-To: <9508030441.AA02714@gimli.cs.hope.edu> Message-ID: <199508030553.WAA18286@mycroft.rand.org> > hallyn at cs.hope.edu (Kenshiro) writes: > [after all, what could beat the scene in Jurassic Park : "This is Unix. I > know this..." followed by what looks like a 3-d landing into zany-land. > In slow motion. ] Bad example -- it's a real interface to Unix for SGI machines, and you can pick it up from their ftp site. It made perfect sense for the girl (Lex?) to be familiar with it... I'm sure her doting grandfather (or whatever he was) wouldn't have bought her a measly Sparcstation for her home computer. Jim Gillogly Highday, 11 Wedmath S.R. 1995, 05:53 From abostick at netcom.com Wed Aug 2 23:33:55 1995 From: abostick at netcom.com (Alan Bostick) Date: Wed, 2 Aug 95 23:33:55 PDT Subject: Sat phone permit "wire"taps In-Reply-To: <9507310754.AA17446@toad.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <9507310754.AA17446 at toad.com>, hoz at univel.telescan.com (rick hoselton) wrote: [ Somebody else wrote ] > >The most current information on the Rosenbergs, gotten from decrypted Soviet > >communications and declassified US and ex-Soviet files, indicates that Ethel > >Rosenberg > >was probably innocent of spying, and Julius was spying but didn't give away > >any useful atomic secrets, and that the FBI probably knew at the time they > >had Ethel killed that she was innocent. > > WOW! Had them killed? They WERE tried and convicted, you know. Are you > claiming evidence was manufactured? I head David Khan on CSPAN say that > at least one message mentions Ethel Rosenberg. If memory serves, he said > something like "without going in to whether evidence was sufficient to > convict, and without going in to whether they should have been executed, > these transcripts show that they were spying for the Soviets" > (I'm not sure that's accurate enough for quotation marks, but that's the > basics of what he said. I have it on VCR. > > Do you have additional information? I'll agree the FBI hasn't always behaved > honorably, and maybe they aren't entitled to the benefit of the doubt here. This is old news. Julius spied, but didn't provide any useful information. The FBI framed Ethel to try to get Julius to cop a plea ("Sing, or we fry her!") Julius stuck to his principles, and both Ethel and Julius were convicted in a rigged trial with a trained seal of J. Edgar Hoover's as judge. The Soviets had quality knowledge about the atomic bomb well before Julius Rosenberg was in a position to pass any information along. Klaus Fuchs, the German refugee scientist who was a self-acknowledged Communist from day one, was in on the most important atomic secret, that a U235 bomb was practical, from the earliest days of the MAUD Committee, the wartime British group of physicists that performed the first calculations and that was the seed of talent around which the Americans' Manhattan Project coalesced. Alan Bostick | "Oh. You come to Heaven without a fortune?" Seeking opportunity to | "Yes." develop multimedia content. | "Unfortunate." Finger abostick at netcom.com | Roger Zelazny, LORD OF LIGHT for more info and PGP public key -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBMCAM4eVevBgtmhnpAQHuNAL+OPVd24WG+Ev4KwwSAPc6h5VDrUlasHxt hHLpz4Rjajt1Zbp8nSFM+jnemnjLKfbFCZZ6FLzXR4aXn/dM0z0C//wFanDD5+Dv URGqxo+IJ+KTwiOqIAEx0+lVChaeDq8c =2xoq -----END PGP SIGNATURE----- From jirib at sweeney.cs.monash.edu.au Thu Aug 3 00:59:27 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Thu, 3 Aug 95 00:59:27 PDT Subject: Provably Correct Crypto? In-Reply-To: Message-ID: <199508030758.RAA10894@sweeney.cs.monash.edu.au> Hello Ray Cromwell , patl at lcs.mit.edu and tcmay at sensemedia.net (Timothy C. May) and cypherpunks at toad.com > At 4:15 PM 8/1/95, Ray Cromwell wrote: ... > >PGP, but in the algorithm itself. RSA-in-4-lines-perl is probably > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > >provably correct. To guard against trapdoors in PGP, you should > ^^^^^^^^^^^^^^^^^ ... [emphasis tcmay] To which tcmay responded: > This doesn't seem likely. I mean, doesn't "RSA-in-4-lines-of-Perl" *of > necessity* make use of external library/utility functions? Such as the "dc" > math routines for the PRNG? Part of its compactness is that it makes use of > available libraries. ... AFAIK (my 4 lines might differ from yours), there is no PRNG in the 4 lines of perl. The key is supplied as a parameter, and no guidance to its generation is given in the implementation. You are right about the dc, but it only uses that for modular exponentiation, which is a lot easier to prove correct than PRNG. Which is not to say that it *has* been proven. I guess that makes me a nit-picker... Jiri -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) From futplex at pseudonym.com Thu Aug 3 02:06:05 1995 From: futplex at pseudonym.com (Futplex) Date: Thu, 3 Aug 95 02:06:05 PDT Subject: NYET--attempted formal specs (again) In-Reply-To: Message-ID: <9508030905.AA15886@cs.umass.edu> Nathan Zook writes: > The NYET-software runs as superuser on the ISP's machine. All minor > accounts have a corresponding configuration file sitting in their > account owner's parent's directory, which is locked with read/write by > owner only flags. The correspondence between minor and parent > accounts sits in a file owned by root and similiarly locked. Just a minor technical comment: Based on my rather limited experience lurking on the firewalls list, I believe the preferred security-conscious method of running such daemons involves _not_ giving them su/root privileges. Dr. FBC's thttp, for example, runs as a user named, e.g., "www" with pretty ordinary privileges. They are also often run in a chroot()ed "jail", so that the process can't see any directories outside the tree artifically rooted in its home directory. You'd then need some mechanism for the `rents to submit configuration updates to the imprisoned daemon, I suppose. Perhaps digitally-signed email.... -Futplex "Before you started tokin' you used to have a brain, but now you don't get even the simplest of things...." -Offspring From Michael at umlaw.demon.co.uk Thu Aug 3 03:35:22 1995 From: Michael at umlaw.demon.co.uk (Michael Froomkin) Date: Thu, 3 Aug 95 03:35:22 PDT Subject: US vs Overseas Banks Message-ID: <2982@umlaw.demon.co.uk> In message "Ed Carp [khijol SysAdmin]" writes: > Why should they give a damn who you are? IMO, it's none of their > business. Hell, they're making $$$ on *your* deposits, it's time they > stopped being such shits about it. It's probably bad for business if your bank gets a reputation as "check-bouncers-R-Us". Knowing your customers may make it less likely they bounce checks; it certainly makes collecting (if you honor the check) much easier. -- Michael Froomkin until Aug 6: michael at umlaw.demon.co.uk U.Miami School of Law London, England mfroomki at umiami.ir.miami.edu <-- this will still find me PO Box 248087 Coral Gables, FL 33124-8087 "Rain in parts, then dry" --BBC See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html From frissell at panix.com Thu Aug 3 03:49:03 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 3 Aug 95 03:49:03 PDT Subject: US vs Overseas Banks In-Reply-To: Message-ID: On Wed, 2 Aug 1995, Douglas Barnes wrote: > Mostly they are afraid that you will get checks under a fake name, and > bounce a lot of them, which ends up costing them a lot of money, even > though they don't pay off on them. (Most of the costs of any financial > transaction system come from handling exceptions). They really worry that you will divert real checks payable to the account name you are using, deposit them, collect the dough, and disappear. They will then be on the hook because they paid on a false endorsement and the institution that deals with the false endorser gets stuck. >They are also > under obligation to provide accurate SSN or Business Tax-ID information > to the government on any interest-bearing account, so that you are > forced to declare it on your income taxes. They are also under an obligation to obtain identity information from everyone who opens accounts (even non-interest-bearing). Many Midwest banks still don't. The rules don't specify exact ID requirements so there is some slop here. They say you have to use the same ID requirements to open an account that you (the bank) would use to cash a check. If you shop around, you can find friendly banks even today. DCF "'The Internet made me do it' -- Janet on how a call to arms on the nets caused her to send in the tanks." From wilcoxb at nagina.cs.colorado.edu Thu Aug 3 04:26:18 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Thu, 3 Aug 95 04:26:18 PDT Subject: Using private keys on "insecure" multi-user systems for fun and profit! Message-ID: <199508031126.FAA09549@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- [The following is being posted to alt.security.pgp, sci.crypt, and cypherpunks and e-mailed to my friend Sebastian. -Bryce] Ed Pugh writes that he doesn't sign all his e-mail because he doesn't have a decent off-line news/mail setup. I strongly suggest to Ed, and all others who have this complaint (of whom there seem to be many), that they go ahead and generate a "reduced security" key pair for use on-line. That is, the private key will be accessed while you are on-line so that it is easy for you to use it for routine signing and encryption/decryption. There are at least 3 good reasons to do this: 1. Even though a hacker or sysadmin on your system can then read your mail or fake mail from you, at least a hacker or sysadmin on *my* system can't read my mail to you or fake mail from you to me. 2. "Think of it as a form of solidarity." If everyone used these "reduced security" keys, and the hypothetical Big Brother police organizations want to routinely scan e-mail for keywords or something, they would have to secretly get access to every ISP and freenet in the country! By transmitting your e-mail in the clear you are making their job a lot easier. 3. The more people have "-----BEGIN PGP SIGNED MESSAGE-----" in their UseNet posts and e-mail, the more people will say "Hey what is this PGP stuff?" or "Hey, everyone seems to be using PGP, maybe I should get in on it." By using a "reduced-security" private key you are gaining some of the advantages of public-key cryptography for yourself as well as contributing to its widespread acceptance in net.society. (You might think that most people on the Internet know about PGP, but this is not true. Only a fraction have even heard of it, and only a *small* fraction have any understanding of it. A small fraction of *that* population uses it regularly, which is what I am trying to change.) Ed wrote that he downloads text to his home computer and signs it with his high-security private key there when he feels that it is important enough. He should continue to do this! I have one key which I keep on my home computer (and which my more paranoid friends like to use) and one which I keep on colorado.edu computers. (Both keys have signed each other, by the way.) I know that Zimmermann specifically warns against what I am suggesting in pgpdoc1.txt, and I think that it is a mistake for him to do so. In short, there is no reason why every PGP-aware individual should not at least clearsign if not encrypt every message which he or she transmits. There are several advantages to doing this and no disadvantages. The greatest threat to security is that people don't use it! Help change that by encrypting/signing *all* of your output. Bryce In alt.security.pgp, Ed Pugh wrote: > >Not to mention the fact that it is a major PITA for those of us who >do not have a decent off-line news/mail program. My main connection >to the net from home is the National Capital FreeNet here in Ottawa. >It is the main reason why I do not sign my posts. I do (and have done) >if I feel that a posting is somehow "important" enough to warrant a >signature, but those tend to be *very* rare. > >From home, I use a dial-up access with a PC terminal emulator program >(I use TELIX). > >The three or four postings in this thread which were encrypted had to >be down-loaded (using screen capture), then decrypted in DOS. It would >be nice to have a decent off-line reader/editor but .... . > >Please let's keep postings in the clear. If I feel a need to verify a >signature, I will (using the method above). -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta Unix script iQCVAwUBMCCx3PWZSllhfG25AQHDJQQAriQoxQoUKzT9OuF/Vo29phj/2FmwhsAR XobTIeYp0ViD0/SHF7FiZPCjuAYx8vCtzUfiC1ZIkiKa3t13aGT3phPY1JN2ZHdV u7vBJE8syGT8iJ3iw+d0TtnL0bA92/FZ3o1wfy8nCT/8ujbsgC31LWKaC+Bip4Ui ckTYXXx1PYs= =nvP/ -----END PGP SIGNATURE----- From futplex at pseudonym.com Thu Aug 3 05:43:42 1995 From: futplex at pseudonym.com (Futplex) Date: Thu, 3 Aug 95 05:43:42 PDT Subject: Transport Layer Security (Was: Re: "Cypherpunks Write Code" as a Putdown) In-Reply-To: <9507210900.AA25179@snark.imsi.com> Message-ID: <9508031243.AA18140@cs.umass.edu> Perry writes: > I believe that between IPSP for the > links and MOSS (and SHTTP using MOSS for document security) we should > have the whole thing wrapped up in a couple of years. Problems still > to solve include security for the internet's routing protocols, > protection against denial of service attacks, etc. Could someone say a bit more about the perceived difficulties associated with secure network routing protocols ? TIA. I am not at all optimistic about defeating DoS attacks.... [...] > Those people who would rather work than talk are invited to start > reading the internet drafts (some of which are soon to be RFCs) and > help out with the effort. I suspect that a big push from about 25 > people could manage to implment just about everything we want and then > we could go on and live the rest of our lives. > > There is a lot of real hard work to do in the next year or two and I > invite members of the community to quit waiting for the CryptoRapture > in which the X-Ists bring down the cypher systems of the future, and > help us actually do the job so that we'll see this stuff in our > lifetime. (just felt this was worth quoting) -Futplex From jlasser at rwd.goucher.edu Thu Aug 3 07:53:05 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Thu, 3 Aug 95 07:53:05 PDT Subject: NYET--attempted formal specs (again) In-Reply-To: Message-ID: On Wed, 2 Aug 1995, Timothy C. May wrote: > In fact, most religious groups are distrustful of "The Gubment" deciding > what's reasonable and what's not. Unless, of course, at that moment they happen to BE "The Gubment." Not always then, but sometimes. Jon ------------------------------------------------------------------------------ Jon Lasser (410) 494-3253 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From sunder at escape.com Thu Aug 3 08:06:35 1995 From: sunder at escape.com (Ray Arachelian) Date: Thu, 3 Aug 95 08:06:35 PDT Subject: "Codebreakers" on PBS in NYC???? In-Reply-To: <0au49c1w165w@bwalk.dm.com> Message-ID: On Mon, 31 Jul 1995, Dr. Dimitri Vulis wrote: Anyone know if this will show up in NYC anytime? > bart at netcom.com (Harry Bartholomew) writes: > > > For the Bay Area, on KQED at 8 p.m. Tuesday. The NOVA show > > "The World War II codebreaking efforts known as Enigma and Purple" > > If this is the rerun of the show Nova had in march 94, then I highly > recommend it. I taped it and showed it to the undergrad class on computer > security I taught that semester. The kids loved it. =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From rjc at clark.net Thu Aug 3 08:10:59 1995 From: rjc at clark.net (Ray Cromwell) Date: Thu, 3 Aug 95 08:10:59 PDT Subject: Transport Layer Security (Was: Re: "Cypherpunks Write Code" as a Putdown) In-Reply-To: <9508031243.AA18140@cs.umass.edu> Message-ID: <199508031510.LAA13014@clark.net> > > Perry writes: > > I believe that between IPSP for the > > links and MOSS (and SHTTP using MOSS for document security) we should > > have the whole thing wrapped up in a couple of years. Problems still > > to solve include security for the internet's routing protocols, > > protection against denial of service attacks, etc. > > Could someone say a bit more about the perceived difficulties associated > with secure network routing protocols ? TIA. > > I am not at all optimistic about defeating DoS attacks.... It seems to me that many of these attacks can be defeated by anti-spam routines (with exponential time buildup) and economic mechanisms. That is, you pay "credits", which can possibly be based on real money, for each access. When you use them up, you must contact the service to request more. Coupled with authentication, this makes DoS tough because you must request more credits for your ID, however, if you use them up quicker than average, you must justify why you need them again so soon. Anti-spam routines have been successful on IRC and MUDS against DoS. Each "request" is measured against the time since the last request. If the time is less than the delay, the request is denied (and with exponential buildup, you double the delay so that even "needling" attacks where a DoS attack finds your delay and transmits just under that, has trouble) If the resource is disk space, or network memory buffers, or whatever, you impose similar timing sensitive constraints. This covers most spam based DoS. -Ray From Gerstein at scsu.ctstateu.edu Thu Aug 3 08:13:14 1995 From: Gerstein at scsu.ctstateu.edu (Adam J. Gerstein) Date: Thu, 3 Aug 95 08:13:14 PDT Subject: Using MacPGP to revoke a key... Message-ID: Sorry to bother y'all with such an amateur question, but I can't find this in TFM, so I figured I'd ask those who are more in the know..... Anyway, I'm considering revoking my public key because it's been out there a while and I'm feeling the urge to change to a larger key, but I'm not clear on how to revoke the old one. Do I just make a text file with my new key in it, explain that I'm revoking the old one, sign it with my new key and then post it to the list? Or do I just send it to a keyserver? Again, I'm sorry to be asking y'all about something so easy. I don't want to start a whole new thread about this, so if you've got something helpful to add, please send it via private mail. Thanks, adam "Practice safe HEX - always use a keyboard condom" - anon PGP Key available by finger or mail with the sub: PGPKEY +-------------------------------------------------------+ |(e)Mail me: | MacGeek at eWorld.com | | Gerstein at scsu.ctstateu.edu | AGerstein at aol.com | +-------------------------------+-----------------------+ EWWWWW! - Betsy Shop smart! Shop S-Mart! - Ash From sunder at escape.com Thu Aug 3 08:15:25 1995 From: sunder at escape.com (Ray Arachelian) Date: Thu, 3 Aug 95 08:15:25 PDT Subject: "The Net" In-Reply-To: Message-ID: On Wed, 2 Aug 1995, Timothy C. May wrote: > The portrayal of her job as a "beta tester," with a couple of Mac screens > running and lots of MacTCP connections, was well done. In fact, maybe the > most interesting look at computer screens I've seen. (But maybe I'm > biased...) Don't forget the Wolf 3D "beta" she removed the virus out of. :-) She was actually using ResEdit in one of the scenezez, but don't know why they kept on flashing all those hex dump black screenz. After all, all they had to do was install MacsBug on the machine and hit the programmer's switch... instant way to show code, and would have been even more realistic... (though some would use McNosey or The Debugger instead.) > The cheesy climax, involving a computer virus, was especially egregious. > But tension has to be gotten somehow, I suppose, and most moviegoers will > not be terribly excited by the "real stuff." All in all, some good tension. Except for having the "ESC key" virus travel to the Dept. Of Justice mainframe from a Mac (I'd like to see a virus do pull that one off!) The rest was fairly believable to some extent. The moral of 'The Net' was of course that you shouldn't trust your machine's security to some off the shelf package 'Gatekeeper.' Trust only 'Cypherpunk' Brand Software ;-) She made some very big mistakes in her actions. First, there are such things as backups, she could have convinced her lawyer to go to the DMV and force them to restore her records from tape. Her fingerprints and photograph would appear... or more than likely look her up in the paper files. I'm sure she got her first license waay back before they stored graphics on machines from the timeframe of the movie, her age, etc. Shouldn't have been too hard to pull that off. It may be easy to modify a series of computers and alter all records with a full set of back doors, but you can't change backups that are in the vaults of a government agency that easily. :-) > Ironically, I saw a second movie the same day..."Under Siege II." It had a > lot of crypto, as well. Things like "Going secure" on cellphone > conversations with the Arabs purchasing the terrorist actions. Things are starting to look up for us if Joe Bloe sees these movies and learns about security and crypto -- even if it's by watching movies. don't forget in the Net, Angela used several cell phones which led straight to her even though they were stolen... and of course the bad guy was listening in on all her conversations. :-) Also how did she get into the Moscone Convention Center without a badge; I didn't see her swipe one from someone... just snuck right in.. The thing that I liked most about this is the parralel between James Gregg and Bill Gates. :-) Not quite as obvious and forward as it should have been. All Mac's and no Windoze 95 screens anywhere!!!! I think Bill is well pissed about that. ===== ! ! ! ! =================================================================93======= + ^ + | Gate Keeper | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |mozzart at ghost.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From perry at panix.com Thu Aug 3 08:17:06 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 3 Aug 95 08:17:06 PDT Subject: Transport Layer Security (Was: Re: "Cypherpunks Write Code" as a Putdown) In-Reply-To: <9508031243.AA18140@cs.umass.edu> Message-ID: <199508031445.KAA08364@panix4.panix.com> By the way, I'm very disappointed that this sort of topic doesn't come up here more often. I perceive that it may be because lots of people on this list are cyphergroupies and not actually tuned in to the technical issues of securing every-day communication. Futplex writes: > Could someone say a bit more about the perceived difficulties associated > with secure network routing protocols ? TIA. ^^^^???? > I am not at all optimistic about defeating DoS attacks.... The people building the new routing protocols (BGP, OSPF, etc) have included cryptographic security provisions in them that will work regardless of whether IPSEC is available. Some of these have to be hand configured but thats not actually a problem since peering in many of these systems has to be hand configured in the first place. I had a long talk with the Area Director for routing and such in the bar at the last IETF meeting and he gave me the impression the routing people are acutely aware of the problem and hope to assure that it disappears with time. Given cryptographic security on the routing packets, denial of service attacks directed against routing become hard. Photuris has built in protection against denial of service against it, by the way. With luck, we will be down to dealing with very crude denial of service attacks like packet flooding and hopefully we can come up with reasonable mechanisms to stop them in the ordinary case. Perry PS Again, I strongly encourage people to get involved in the efforts to secure the internet with IPSEC, MOSS and similar things. WE NEED YOU! From ACLUNATL at aol.com Thu Aug 3 08:23:27 1995 From: ACLUNATL at aol.com (ACLUNATL at aol.com) Date: Thu, 3 Aug 95 08:23:27 PDT Subject: ACLU Opposes Exon-Like Speech Crimes in Managers Amend. to House Telco Bill Message-ID: <950803110530_47017838@aol.com> **PLEASE WIDELY REDISTRIBUTE THIS DOCUMENT UNTIL SATURDAY AUGUST 5, 1995** 8/2/95 ACLU Cyber-Liberties Alert: Oppose Exon-Like Speech Crimes in the Managers Amendment to the House Telco Bill ----------------------------------------------------------------- The House is expected to begin considering the telecommunications bill (HR 1555) tonight, August 2, 1995, and to vote on the bill by Friday, August 5th. The managers for the telco bill on the House floor -- Representatives Bliley (R-VA), Hyde (R-IL), and Dingell (R-MI) will be introducing an omnibus "Managers Amendment" to HR 1555. The Managers Amendment would create, among many other unrelated changes, new Exon-like speech crimes that would censor the Internet. To prevent online censorship and preserve free speech and privacy rights on the Internet, we urge you to voice your opposition to this dangerous amendment. The Managers Amendment would add an entirely new Exon-like provision to the existing federal obscenity laws. The provision would make it a crime to "intentionally communicate by computer ... to any person the communicator believes has not attained the age of 18 years, any material that, in context, depicts or describes, in terms patently offensive as measured by contemporary community standards, sexual or excretory activities or organs." (18 U.S.C. 1465) This provision, like the Exon amendment passed by the Senate, would effectively reduce all online content to that which is suitable only for children. It also raises the same questions about service provider liability that were raised by the Exon amendment. The Managers Amendment would also make it a crime to "receive" material from overseas "by computer," thereby subjecting both Internet users and service providers to new prosecutions (18 U.S.C. 1462). In addition, these new provisions, like the Exon amendment, would cover private e-mail. Finally, the criminal code changes in the Managers Amendment would reduce all online speech to the obscenity standards of the most restrictive community in the United States -- unless the courts clarified the relevant "community standards" for cyberspace (and we're losing the cases in court so far). If the House adopts the Managers Amendment, both the House and Senate versions of the telco bill will include severe attacks on cyber-liberties. This would make it difficult for the conference committee to avoid some kind of severe online censorship provisions in the final version of the telecommunications deregulation bill. The Cox/Wyden amendment, which has received widespread support, will be offered as a separate amendment to HR 1555. Cox/Wyden is far preferable in approach to either the Exon amendment in the Senate telco bill or the Exon-like speech crime provisions in the Managers Amendment to the House telco bill. Cox/Wyden also prohibits FCC censorship of Internet speech. However, the ACLU remains concerned about certain ambiguities and some genuine problems in the Cox/Wyden bill. When Cox/Wyden is adopted by the House, we will work with the conference committee to resolve these concerns, but we are troubled that they have not been resolved up to now. Representative Cox has committed again to working out these problems. We hope this will prove successful. But an affirmative vote on Cox/Wyden will not stop online censorship, especially if the Exon-like Managers Amendment is also approved by the House!! **Please call your Representative today to express your opposition to the speech crime provisions in the Managers Amendment to the telco bill (HR 1555). Express your support for the approach of the Cox/Wyden amendment.** In addition to lobbying on the telco bill, and to lobbying the Rules Committee to prevent floor action on either the Exon amendment or the Exon-like new speech crimes provisions, the ACLU delivered the following letter to Republican members and some Democrats in the House of Representatives today: ------------------ RE: Important Statements by Conservatives and Others on Unconstitutional Provisions of Telecommunications Deregulation Legislation (H.R. 1555 in the House) Dear Representative: On behalf of the American Civil Liberties Union, we are pleased to provide the enclosed statements from The Wall Street Journal, the Cato Institute, Speaker Newt Gingrich, the Center for Democracy and Technology and the Interactive Working Group. All address the importance of leaving American citizens free to decide -- not have some government bureaucracy control -- what they wish to watch on television or access by computer. While we do not agree with everything in any one of these statements, we hope that you will find them of assistance as the House considers telecommunications legislation. You will be asked to vote on House amendments paralleling those so devastatingly critiqued in these materials. We urge your attention to two amendments that we believe are clearly unconstitutional. The first amendment (included as item #41 in the managers amendment) would, similar to the now heavily discredited Exon amendment, unconstitutionally interfere with the free market and free speech approach that has turned the Internet into the incredible source of entrepreneurial promise and educational impact it is today. Although the July 31st memorandum on the managers amendment claimed that this provision "creates criminal liability for intentionally sending obscenity over computers," the amendment in fact deals with more expression than just obscenity as the Supreme Court has defined it. Instead the amendment mixes elements of both obscenity (which the Supreme Court has said is not constitutionally protected) and indecency (which is First Amendment-protected speech) and seeks to make it a Federal crime for anyone to communicate such material to someone under 18. This provision of the managers amendment is clearly unconstitutional for all the reasons so eloquently expressed in the enclosed materials. It is also silly. Does the Congress of the United States really intend that the Federal criminal justice system will be used to send two 17-year-olds to Federal prison for five years because their online dating chatter took an overly salacious turn? This provision is, further, profoundly unwise policy. It is another example of what, in the Senate/Exon context, the Wall Street Journal referred to as the "ham-handed approach" or resorting to the "big-bureaucracy method to solve problems." More importantly, this government-dictated control would interfere with the implementation of parental control technologies (including those in use today; see the CDT report) because software developers would wait to deploy their products widely or develop improvements until the inevitable legal challenges to the combined obscenity/indecency provision are finally resolved. This Federal criminal law approach would be another "constitutional glue factory" that, for example, in telephones took a decade to untangle before that law could take effect. Meanwhile, consenting adults will have their own free speech limited to "child-proof" e-mail, and parents will be deprived of meaningful technology to control what their children access on the Internet. We urge you to vote against this Big Government, anti-private sector and unconstitutional addition to the Federal criminal code by voting against the managers amendment. We also ask that you oppose the so-called "V-chip" amendment proposed by Representative Markey. The "V-chip" amendment would also stifle other approaches and actually serve to lessen, not increase, effective parental control over what their children watch on television. The Markey amendment would operate to censor broadcast and cable television programs, putting time slots or channels under the power of a Federal government ratings authority. Despite assertions to the contrary, the plain language of the amendment requires the formation of such a Federal government authority, to be established by the Federal Communications Commission as an advisory committee to form rules to identify and rate programming. The actual censorship would be effectuated through the mandatory installation in television sets of "V-chips." The ACLU opposes the "V-chip" amendment because it would install an unconstitutional government-run system designed to censor First Amendment-protected expression on television. The amendment would have the effect of actually usurping control from parents in favor of a government approval panel. Under this regime, when the "V-chip" is activated, government-mandated technology would operate to block an entire television program based on expression that a government rating authority -- rather than the parents -- finds to be violent, sexual or otherwise inappropriate. We urge you to vote against the Markey "V-chip" amendment. Once the free enterprise system has identified a market (e.g., for parental control technologies), private sector development works much faster and provides a greater range of choices than having a government bureaucracy foist its choice for a "winning technology" on parents and other consumers. The Markey "V-chip" amendment would strangle development of the new technologies that will give parents much more precise control over what their children watch. The Coburn amendment, on the other hand, would review and encourage this private sector development of parental control technology for televisions, and we believe that it merits your support. As the Wall Street Journal concluded, "The more forward-moving solution is to empower parents and encourage good corporate citizenship." We appreciate this opportunity to express our reasons for opposing both the Markey "V-chip" amendment and these criminal code changes in the managers amendment. We hope you find the enclosed materials helpful as the House considers telecommunications deregulation. Sincerely yours, Laura W. Murphy, Director Washington National Office Donald Haines Legislative Counsel From sunder at escape.com Thu Aug 3 08:24:38 1995 From: sunder at escape.com (Ray Arachelian) Date: Thu, 3 Aug 95 08:24:38 PDT Subject: "The Net" In-Reply-To: Message-ID: On Wed, 2 Aug 1995, Dr. Dimitri Vulis wrote: > I saw it about 1/2 hour ago. I make a point of seeing every computer-related > movie. I don't think real movie-goers would enjoy it much. It's cheap and > unprofessional. Lots of running around, but no real car crashes. The acting is > terrible. The star should NOT have appeared in a bikini. Yech. Why not, she had the right 'assets' for that scene, no? 8-D > They try to "explain this away" by saying that 1) she lived in the neighborhood > for 4 years and never got to know any neighbors (as one of the neighbors tells > the police), 2) her mother's got Alzheimers and doesn't recognize her anymore, > 3) she telecommutes for a company in another city and only knows 2 people there > in real life. One gets killed at the beginning; the other gets fired and she > makes no attempt to find him (one of the many loose ends). The computer-related > plot is just slightly more plausible. Makes sense, too many geeks without a real-world-life out there. > In a typical suspenseful scene (not a spoiler), the heroine sneaks into an > office and sets off a fire alarm. Everyone leaves, including a villaine, who > doesn't log off. The heroine receives a new e-mail addressed to the villaine, > with the orders to kill the heroine (clearext), signed 'pretorian'. The heroine > types 'whois pretorian' and gets an IP address, but no name. The heroine goes > through what looks like traceroute and obtains the pretorian's name and picture > (but the viewers know his identity from the start, of course). She finishes > saving it to a floppy disk moments before the villaine returns to the cubicle. > > (One of the IP bytes was 344, by the way.) The security was laughable. But consider that most of corporate Amerika is this way. Very few care about security. Here at work I have to fight extra hard with idiots who log in and leave their machines -- users with Supervisory access! All sorts of shit like that... Re: ip #'s: Yeah, it's like all the phone numbers in every movie are 555-xxxx. Probably they didn't want to get sued by posting a real net address and get sued. > Another time she types "telnet someone at somewhere.mil". Another time she > "hot chats" on an her Mac, and hooks up the text to a voice synthesizer. That was after she got the milnet address though nice email address that can be telnetted into. But the voice synths are possible. Apple does provide that capability. You'd have to get the irc client to use it. Don't know of any that do off the top of my head but I haven't looked for it either. It wasn't much of a "hot" chat. It could have been much steamier. The sex content of this movie was pretty lame though... > (If they all exchange so much e-mail, why do they bother FedExing diskettes?) More secure to fedex a disk. Nobody on the net can read what's not on the net. ;-) Now if the author of this movie knew about pgp... totally different story. > Interestingly, there's NO mention of crypto. Once you know someone's password, > or have physical access to the media, you can read and write everything. Once > you change some data, it's changed. No digital signatures. Yeah, that was quite bad. > In fact, the bad guys were selling everyone a computer security system called > "the Gatekeeper" (a Trojan horse, really), but it's not identified as crypto. > It sounded like access rights are checked by their server. It involves a Web > page with a 'pi' symbol (pi stands for pretorian, of course). Clicking on the > pi while pressing control-shift will display much hexadecimal stuff and then > let the user in through a backdoor. Hmm. Gatekeeper = Bill Gates = Windows 95? > Is that why Apple lent those Macs? :) That was my impression too. > There's a character named "CyberBob" who's never seen. He only hot-chats > and eventually gets killed. His icon looks like MS Bob. Yeah, death to MS-Bob... >:-) > I heard only one mention the "the Internet". At the end of the movie, a TV > announcer says that the case was cracked because the "programmer analyst > Angela Bennett e-mailed the evidence to the FBI from the Internet". > (E-mailed from an open-access computer at a computer show, I might add) Not unlikely. A lot of trade shows do provide machines with net access as demos of the internet. Though it's usually manned by the ISP and not out in the open. =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From sunder at escape.com Thu Aug 3 08:29:20 1995 From: sunder at escape.com (Ray Arachelian) Date: Thu, 3 Aug 95 08:29:20 PDT Subject: a hole in PGP In-Reply-To: <199507312340.TAA02533@toxicwaste.media.mit.edu> Message-ID: Agreed. If PGP has a hole it in it's not in the sources, nor in the executables. Any hole would be a breaking of the RSA or IDEA cyphers by the TLA's who wouldn't talk about it, or the availablity of enough super fast hardware to brute force it. It wouldn't be that PGP, it's sources, or algorithms have holes. It would be that there is a way to factor RSA that as of yet we don't know about. And hell, that's as likely as meeting Elvis at your local 7-11. ;-) =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From sunder at escape.com Thu Aug 3 08:38:26 1995 From: sunder at escape.com (Ray Arachelian) Date: Thu, 3 Aug 95 08:38:26 PDT Subject: Australia next to ban PGP In-Reply-To: <199508011940.VAA05285@ping1.ping.be> Message-ID: Does this have anything to do with the fact that there's an NSA base smack in the middle of Australia? (See Puzzle Palace) =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From sunder at escape.com Thu Aug 3 08:48:35 1995 From: sunder at escape.com (Ray Arachelian) Date: Thu, 3 Aug 95 08:48:35 PDT Subject: building libraries In-Reply-To: <199507310521.WAA08413@ix4.ix.netcom.com> Message-ID: On Sun, 30 Jul 1995, Bill Stewart wrote: > If you did everything in an RSAREF-compatible manner, that would help; > I think somebody outside the US has written an RSAREF-clone. > Some problems include building programs that have generic-callout hooks > instead of crypto-specific hooks (so that they don't get bitten by ITAR), > while still maintaining reasonable efficiency and convenience. One way to achieve this is to provide multi-layered generic "compression" hooks which get called in this manner: Compress[x](char *bufferin, size_t insize, char *bufferout, size_t *osize); Then you chain several of these by alternating the in/out buffers, say something like this: for (i=0; iTHAT< be exportable? =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From dmandl at panix.com Thu Aug 3 08:48:35 1995 From: dmandl at panix.com (dmandl at panix.com) Date: Thu, 3 Aug 95 08:48:35 PDT Subject: NYET--attempted formal specs (again) In-Reply-To: Message-ID: On Thu, 3 Aug 1995, Jon Lasser wrote: > On Wed, 2 Aug 1995, Timothy C. May wrote: > > > In fact, most religious groups are distrustful of "The Gubment" deciding > > what's reasonable and what's not. > > Unless, of course, at that moment they happen to BE "The Gubment." > > Not always then, but sometimes. > > Jon Precisely. *Everyone* hates the government--everyone outside of it, that is. Anarchist/libertarian types are often too quick to accept people or groups as "one of us" just because they're "against the government," whatever that means. Most of them are just waiting to gain power, at which time their true agenda will become clear soon enough, if it isn't already. The relevant example here is the religious fundamentalist kook Pat Robertson, who IMHO cypherpunks are a little too quick to accept at his word. Robertson holds some pretty blatantly fascistic views--and this is not hyperbole. See for example the long piece about him in the New York Review of Books a few months back. A journalist friend of mine is also working on a piece about one of Robertson's gurus--a fascist (again, no exaggeration) from the 30's or 40's whose book Robertson quotes from on a regular basis. I've seen the book in question, and it's pretty strong stuff. When I learned about this connection I wasn't particularly surprised. Personally, I don't care whether Robertson has opposed Clipper or not. I won't complain, I guess, but it doesn't change my views on him. I'm sure many serial killers and neo-nazis opposed Clipper too. Fine, but it doesn't exactly make us best buds. --Dave. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From sunder at escape.com Thu Aug 3 08:49:52 1995 From: sunder at escape.com (Ray Arachelian) Date: Thu, 3 Aug 95 08:49:52 PDT Subject: building libraries In-Reply-To: <199507311348.JAA04346@petrified.cic.net> Message-ID: Perhaps we could convince Bill Gates to bundle RSAREF with all his Windoze OS's? Ditto for Apple? =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From samman at CS.YALE.EDU Thu Aug 3 09:03:46 1995 From: samman at CS.YALE.EDU (Rev. Ben) Date: Thu, 3 Aug 95 09:03:46 PDT Subject: "Codebreakers" on PBS in NYC???? In-Reply-To: Message-ID: > > bart at netcom.com (Harry Bartholomew) writes: > > > > > For the Bay Area, on KQED at 8 p.m. Tuesday. The NOVA show > > > "The World War II codebreaking efforts known as Enigma and Purple" > > > > If this is the rerun of the show Nova had in march 94, then I highly > > recommend it. I taped it and showed it to the undergrad class on computer > > security I taught that semester. The kids loved it. IS there anyone out there that can copy this for me? I'd be glad to mail you an extra VHS tape for your effort. BEn. From sunder at escape.com Thu Aug 3 09:23:12 1995 From: sunder at escape.com (Ray Arachelian) Date: Thu, 3 Aug 95 09:23:12 PDT Subject: Noise: PBS under the Republicans (fwd) Message-ID: Date: Sun, 30 Jul 1995 11:09:47 -0400 From: Sal Denaro To: sunder at escape.com Subject: PBS under the Republicans // Ray, you may want to forward this to the list. -------------------------------- A TYPICAL DAILY PBS SCHEDULE IF THE PUBLIC BROADCASTING LEADERS CAVE IN TO REPUBLICAN PRESSURE 8:00 am Morning Stretch: Arnold Schwarzenegger does squats while reciting passages of "Atlas Shrugged." 9:00 am Mr. Rogers' Segregated Neighborhood: King Friday sings "Elitism is neat." The House Un-American Activities investigation of Mr. McFeely continues. Mr. Rogers explains why certain kids can't be his neighbor. 10:00 am Sesame Street: Jerry Falwell teaches Big Bird to be more judgemental. Oscar the Grouch plays substitute for Rush Limbaugh. Bert and Ernie are kicked out of the military. Jesse Helms bleaches all the Muppets white. 11:00 am Square One: A MathNet episode "Ernest Does Trickle-Down." Jim Varney explains how cutting taxes for the rich and spending more on defense will balance the budget. Noon Washington Week in Review: Special guest Senator Bob Dole, explaining why the current pension crisis, budget deficit, bank closings, farm foreclosures, S & L bailouts, inflation, recession, job loss, and trade deficit can all be blamed on someone else. 1:00 pm Where in the world is Carmen San Diego? Guest detective Pat Buchanan helps kids build a wall around the U.S. 2:00 pm William F. Buckley's Firing Line: Guests George Will, Rush Limbaugh, John Sununu, Pat Buchanan, James Kilpatrick, Mona Charen, G. Gordon Liddy, Robert Novak, Bay Buchanan, Pat Robertson, Joseph Sobran, Paul Harvey, Phyllis Schafly, Maureen Reagan, and John McLaughlin bemoan the need for more conservative media voices. 3:00 pm Nature: Join James Watt and Charlton Heston as they use machine guns to bag endangered species. 4:00 pm NOVA: "Creationism: Discredited, but what the hell?" 5:00 pm Newt Ginrich News Hour: Clarence Thomas and Bob Packwood present in-depth personal reports on sexual harassment. Pat Buchanan says he is being shut out from national exposure. 6:00 pm Mystery Theater: Hercule Poirot, Jane Marple, and Sherlock Holmes team up to investigate Whitewater. 7:00 pm Great Performances: Pat Buchanan is a guest conductor of Wagner's "Prelude to a Cultural War." 8:00 pm Masterpiece Theater: Ibsen's "A Doll's House." Phyllis Schafly adds to this classic with an added scene where Nora gladly gives up her independence while her husband chains her to the stove. 9:30 pm Washington Week in Review: Guests George Will, Rush Limbaugh, John Sununu, Pat Buchanan, James Kilpatrick, Mona Charen, G. Gordon Liddy, Robert Novak, Bay Buchanan, Pat Robertson, Joseph Sobran, Paul Harvey, Phyllis Schafly, Maureen Reagan, and John McLaughlin discuss liberal media bias. 10:00 pm Adam Smith's Money World: How to Profit from Ozone Depletion 10:30 pm Nightly Business Report: Wall Street celebrates the end of all laws regarding antitrust, consumer protection, work-place safety, environmental protection, minimum wage and child labor. 11:00 pm Insights of Dan Quayle 11:01 pm Sign-Off From hfinney at shell.portal.com Thu Aug 3 09:26:31 1995 From: hfinney at shell.portal.com (Hal) Date: Thu, 3 Aug 95 09:26:31 PDT Subject: Object Oriented Crypto API Message-ID: <199508031625.JAA11761@jobe.shell.portal.com> I enjoyed Ray's message about the crypto library interface. I haven't had time to study it closely, but I have a couple of quick comments: I thought Wei's library looked pretty easy to use already. Maybe Ray could show an example of what would be needed with Wei's library to do some "typical" crypto function, say encrypting a message with someone else's RSA key. Then we could compare it with how the same function would look with Ray's proposed interface. The other point is that there needs to be the ability to encrypt only a bit of a message at a time. Particularly with public key the first message may be special in that it generates a session key which is used for the remainder. So an interface for piecewise encryption and decryption is necessary. I hope we will see more discussion about the library. Hal From perry at panix.com Thu Aug 3 09:37:01 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 3 Aug 95 09:37:01 PDT Subject: Noise: PBS under the Republicans (fwd) In-Reply-To: Message-ID: <199508031636.MAA00571@panix4.panix.com> What, exactly, does this have to do with cryptography? .pm Ray Arachelian writes: > Date: Sun, 30 Jul 1995 11:09:47 -0400 > From: Sal Denaro > To: sunder at escape.com > Subject: PBS under the Republicans > > // Ray, you may want to forward this to the list. > > -------------------------------- > A TYPICAL DAILY PBS SCHEDULE IF THE PUBLIC BROADCASTING LEADERS CAVE IN > TO REPUBLICAN PRESSURE From loofbour at cis.ohio-state.edu Thu Aug 3 10:10:16 1995 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Thu, 3 Aug 95 10:10:16 PDT Subject: There's a hole in your crypto... In-Reply-To: <199508021251.IAA08192@detroit.freenet.org> Message-ID: <199508031709.NAA29005@colon.cis.ohio-state.edu> Nathan Zook writes: > > And is there any way to build trusted system out of small, verifiable > > pieces? Since the way they're connected could also be questioned, I > > suspect that when you put enough of them together it's just as bad as > > the case of a single, monolithic program. But this isn't my area, so > > I don't know. > > No. This was essentially proved during the first third of this century. Well, I haven't gotten a reply from Nathan Zook on this assertion, so can anyone else back it up with some references? Perhaps we're discussing different contexts, but proving correct systems composed of correct components is still a subject of active research. nathan From Andrew.Spring at ping.be Thu Aug 3 10:33:41 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Thu, 3 Aug 95 10:33:41 PDT Subject: There's a hole in your crypto, dear Eliza dear Eliza... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >How do I know PGP IS secure? I don't. That doesn't mean I don't use it or Doesn't the NSA certify the security of cryptosystems? I wonder what they'd say about PGP? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMB/gUI4k1+54BopBAQEozAP/dTYfpk4aENquuhdmmAqWKFtHhcPFsj47 BL6F9QpA61eGaJ8T8hiuBlq9RBj8KYtQ0881CwLmiSztv1+uJxWWS11hb26l0zeD tZ3I9JXgFJSC4Pkv2i84D5VbnFfL0W+7yWFsgJUgg++c9UUDVW7xcwSmUfVrqgE+ hVuFyCK/cDM= =NXYL -----END PGP SIGNATURE----- -- Thank you VERY much! You'll be getting a Handsome Simulfax Copy of your OWN words in the mail soon (and My Reply). PGP Print: 0529 C9AF 613E 9E49 378E 54CD E232 DF96 Thank you for question, exit left to Funway. From frissell at panix.com Thu Aug 3 10:46:15 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 3 Aug 95 10:46:15 PDT Subject: EU Data Protection Message-ID: <199508031725.NAA27264@panix.com> Could I bother the members of this list with a request that anyone who has a copy of (this week's or a recent) Computerworld, look and see if I'm quoted in an article by Mitch Betts on the European Union's humorous decree on Euro-wide data protection. I was interviewed last Thursday. The decree (July 24th) threatens to cut off data flows to any nation that doesn't adopt Eurosclerotic data protection standards. It will be quite humorous when their Visa and ATM authentications start to fail. DCF "Member of the "unorganized militia of the US" who was going to make it to Waco in '93 but couldn't afford the 5,000 gallons of fuel for the turbine of his M1A1." From adam at bwh.harvard.edu Thu Aug 3 11:22:19 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Thu, 3 Aug 95 11:22:19 PDT Subject: Object Oriented Crypto API In-Reply-To: <199508031625.JAA11761@jobe.shell.portal.com> Message-ID: <199508031821.OAA05692@bwnmr5.bwh.harvard.edu> | I enjoyed Ray's message about the crypto library interface. I haven't | had time to study it closely, but I have a couple of quick comments: I thought it was very well done as well, with one ommission, other than the one Hal noted. There should be a compress function, becuase messages should be compressed before encryption takes place. Giving the library a zip() call also makes it possible to suggest the library in more circumstances. When people ask 'where can I snarf some compression code?' we can point them to a library that does strong crypto as well. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From nzook at bga.com Thu Aug 3 11:33:59 1995 From: nzook at bga.com (Nathan Zook) Date: Thu, 3 Aug 95 11:33:59 PDT Subject: NYET--attempted formal specs (again) In-Reply-To: <9508030905.AA15886@cs.umass.edu> Message-ID: On Thu, 3 Aug 1995, Futplex wrote: > Nathan Zook writes: > > The NYET-software runs as superuser on the ISP's machine. All minor > > accounts have a corresponding configuration file sitting in their > > account owner's parent's directory, which is locked with read/write by > > owner only flags. The correspondence between minor and parent > > accounts sits in a file owned by root and similiarly locked. > > Just a minor technical comment: > Based on my rather limited experience lurking on the firewalls list, I > believe the preferred security-conscious method of running such daemons > involves _not_ giving them su/root privileges. Dr. FBC's thttp, for example, > runs as a user named, e.g., "www" with pretty ordinary privileges. They are > also often run in a chroot()ed "jail", so that the process can't see any > directories outside the tree artifically rooted in its home directory. You'd > then need some mechanism for the `rents to submit configuration updates to > the imprisoned daemon, I suppose. Perhaps digitally-signed email.... > > -Futplex > "Before you started tokin' you used to have a brain, but now you don't get > even the simplest of things...." -Offspring > I bow before superior wisdom, such as this.... Nathan From kelli at zeus.towson.edu Thu Aug 3 11:46:14 1995 From: kelli at zeus.towson.edu (K. M. Ellis) Date: Thu, 3 Aug 95 11:46:14 PDT Subject: Pat Robertson Fears E-cash? In-Reply-To: <9508021741.AA05602@toad.com> Message-ID: On Wed, 2 Aug 1995, Peter Trei wrote: > The relevant verses are in Revelations 13, where some of the actions > by which The Beast can be recognized are given. Among them are: > > 16 And he causeth all, both small and great, rich and poor, free and > bond, to receive a mark in their right hand, or in their foreheads: > 17 And that no man might buy or sell, save he that had the mark, or > the name of the beast, or the number of his name. > > Millenialist Christians tend to regard this as a method by which > the faithful will be shut out of the economy, since the pious will > refuse such a 'mark'. > > E-cash is a bit of a reach from this, but some of them (eg, > Robertson), extend the verses to cover all forms of trackable > transactions. I suspect that if someone could get him to realize the > privacy aspects of true anonymous ecash, he'd like it. > > I read in the New York Times that a lot of fundamentalist Christians fear the e-cash revolution because they believe that eventually everyone will be required to bear a tattooed bar code on their right hand which would contain all a person's information: name, d.o.b., birthplace, etc. Such a tattoo would also be used to deduct e-cash from a person's "account" when they made purchases. It's still a bit of a stretch; they're using the book of Revelations to back up this theory. kelli at zeus.towson.edu http://zeus.towson.edu/~kelli/ GAT d? H+ s+++:-- !g p? !au a- w++@ !v@ c++++ UL++ P+ L+ 3 E---- N+ K W--- M-- V-- po- Y++ t+ 5-- jx R G'''' tv- b+++ D-- B e+ u** h* f++ r--- n+ z** Diverse Sexual Orientation Coll.Towson State University DSOC at zeus.towson.edu BigBrotherSystemsBBS........BigBrotherIsWatchingYou.......(410)494-3253#11 From stewarts at ix.netcom.com Thu Aug 3 11:46:57 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 3 Aug 95 11:46:57 PDT Subject: NYETSCAPE Message-ID: <199508031844.LAA05026@ix4.ix.netcom.com> In a copyrighted article, >Copyright 1995, Nathan Zook. All rights reserved. Nathan discusses his suggested directions for elder-controlled filtering of kids' net access. (Could be parents, or schoolocrats in loco.) >The system is of necessity ISP-based. Home-based systems are subject to attacks That's probably necessary; it's certainly the efficient way. A third approach is Exon's "Censor the whole net, unless perverts can find ways to talk to each other without any chance of kids hearing them", which is morally unacceptable. The interesting question is how much overlap develops between this and emerging reputation/filtering services for adults, for which the filtering criteria are interestingness-related rather than offensiveness-related. > [ multiple rating services ] Yep. For market reasons, as well as moral, aesthetic, and practical ones. >The NYET-software runs as superuser on the ISP's machine. [...] >The parent sets the configuration file to permit and deny access to >various parts of the net. And any kid who can break that dialog (e.g. by tapping the parent's session to get the parent's password) won't be stopped by any wimpy restrictions :-) An important consideration is that filtering has to be application-specific. Some sites can be cut off entirely (presumably *.penthouse.com), but most filtering needs to be more granular, and has different time-scales. You're certainly not going to block access to the whole Library of CONgress just because there are a few dirty book titles in the on-line card catalog. For instance, ftp files and static web pages are pretty easy to rate and filter if you've got a herd of adults to go surfing them. Dynamic web pages are tougher - do you default to open access, closed-unless-rated, or just use a no-dirty-words-and-no-pictures blocker? Usenet - some newsgroups obviously would get blocked, some would get individual articles filtered by humans, and technical groups would probably with automatic filters to censor certain posters and certain words, with occasional human monitoring to detect the occasional uses of comp.nerdy.detailed or comp.binaries.eniac for posting pornography or whatever. Filtering does slow down conversation, but enough paid moderators could probably keep up. But what about chat-programs, IRC, etc.? You really _can't_ censor that stuff in real-time and have a meaningful flow of conversation, except for trivial dirty-word filters which can be exonized around. Sure, you could have adults watching to say "Hey, cut that out down there!", and making sure channel names don't have politically incorrect words in them. And maybe you can have kids-only chat rooms - but what happens when the kids either start talking like Beavis and [Exon'd]head, or start talking about (gasp!) sex or (double-gasp!) sexual orientation? Do you tell their mom? And then there are wide-open technologies like telnet (which can do almost anything) and email (slower, but goes everywhere) - do you try to restrict those? One major technology that would be needed for this sort of application is authentication, whether it's digital-signature-based or just automatic packet-labelling with applications that maintain labels, so that you can be sure who posted what within PoliticallyCorrectNet, know whose mom to call if little FooBar has been misbehaving, whose posting privileges to block or reading to restrict if their mom grounds them, or, on the positive side, to encourage people to take responsibility for their postings and remind them that this kind of service only works if everybody agrees, up-front, to be Good Citizens. But how do you manage this technically - require outgoing connections to all go through proxies? (You need firewalls anyway.) But do you require connections from users to go through an authentication proxy before connecting to internal destinations as well, or is it adequate to use IPv6 with mandatory authentication and only add proxy service where it's needed? And what about encryption? (And stego? Do some of those MIDI postings have NASTY WORDS in them if you play them BACKWARDS? Oh, no!) We probably need to understand the politics of this sort of service to find a way to position encryption as a Good Thing, probably as part of the authentication system - there's a very high risk that it'd either be banned, or at least Clipperized with a hierarchical authentication system. Of course, if you're banning encryption, or just trying to monitor what's going on on the net, there's the language problem - English and Spanish are a start, but it's probably hard for the average ISP to have the right mix of people to tell whether an IRC channel is really speaking Finnish or Hawai'ian or Tuvan or whether it's just stego. This is probably a Good Thing - while some services will probably restrict the languages that people post in (either because they're Real American monoculturalists or because they're providing a heavily-monitored service and don't have the bucks for 5000 languages), others will be pushed toward encouraging responsibility instead. >I feel it necessary to reiterate the importance of the government >waiting for a market solution to this problem. Yeah! #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- # Crypto in 3-4 lines of perl --> http://dcs.ex.ac.uk/~aba/ From liberty at gate.net Thu Aug 3 12:21:04 1995 From: liberty at gate.net (Jim Ray) Date: Thu, 3 Aug 95 12:21:04 PDT Subject: There's a hole in your crypto... Message-ID: <199508031918.PAA16067@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Andrew Spring wrote: >>How do I know PGP IS secure? I don't. That doesn't mean I don't use it or > >Doesn't the NSA certify the security of cryptosystems? >I wonder what they'd say about PGP? Their consultant, Prof. Dorothy Demming(sp?), has been asked this very question about PGP, and she deftly avoided comment on both PGP and IDEA. [I believe this was on NPR, but I'm not certain.] The emergence of NSA from absolutely secret agency to semi-public status (writing letters, P.R. concerns, opening a museum, etc.) at the same time as the general availability of what's considered by many [including me] to be strong, free, cryptography "for the masses" is interpreted by many [including me] as an implicit NSA comment on the availability of strong crypto in general, and on the availability of PGP in particular. JMR - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMCEc4m1lp8bpvW01AQG/xQP/YJDZekZBS2S9behLbFEVKdGcMgxagji7 r54EZa7mzQOObtGbi8ucnKZFm0ut7puxcNfJgaGcMmboEaeyo/vlOYeICDBaouLY I5/RJQwLjiBPcSWeDTSVDbiH4dvszaKrwYo/xC5WA8pv2kbZFEdou5HpHiiof0dV cTCvF4j90oo= =sNKQ - -----END PGP SIGNATURE----- Regards, Jim Ray "The people will again respect the law when the law again respects the will of the people." Jim Ray, Campaign '92 - ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 - ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMCEg2CoZzwIn1bdtAQH2IQF/e+BP6NnoaQxHgm8bsZQpOLqW5rb4xcMa aHrUYlP3bYDwv49HYRlz+GQMDTCm2OII =QYNV -----END PGP SIGNATURE----- From rah at shipwright.com Thu Aug 3 12:21:20 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 3 Aug 95 12:21:20 PDT Subject: Pat Robertson Fears E-cash? Message-ID: >I read in the New York Times that a lot of fundamentalist Christians fear >the e-cash revolution because they believe that eventually everyone will >be required to bear a tattooed bar code on their right hand which >would contain all a person's information: name, d.o.b., birthplace, >etc. Such a tattoo would also be used to deduct e-cash from a person's >"account" when they made purchases. It's still a bit of a stretch; >they're using the book of Revelations to back up this theory. Ah, the perils of book entry. And they had the inventer of digital bearer certificates right there to talk to. Tsk. Tsk. Cheers, Bob ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From ic58 at jove.acs.unt.edu Thu Aug 3 12:48:31 1995 From: ic58 at jove.acs.unt.edu (Childers James) Date: Thu, 3 Aug 95 12:48:31 PDT Subject: Pat Robertson Fears E-cash? In-Reply-To: Message-ID: On Thu, 3 Aug 1995, K. M. Ellis wrote: > On Wed, 2 Aug 1995, Peter Trei wrote: > > > The relevant verses are in Revelations 13, where some of the actions > > by which The Beast can be recognized are given. Among them are: > > [Deletia] > > > > E-cash is a bit of a reach from this, but some of them (eg, > > Robertson), extend the verses to cover all forms of trackable > > transactions. I suspect that if someone could get him to realize the > > privacy aspects of true anonymous ecash, he'd like it. > I read in the New York Times that a lot of fundamentalist Christians fear > the e-cash revolution because they believe that eventually everyone will > be required to bear a tattooed bar code on their right hand which > would contain all a person's information: name, d.o.b., birthplace, > etc. Crapola. They fear the unknown, and read their own personal prejudices and beliefs into something they don't understand. Maybe I'll start going to church and explain to the believers about the benefits of crypto *against* such Revalationary measures. I'm sure they would be interested in the work Chaum has done regarding truly anonymous transactions. Hell, maybe we could set up a Dining Christians net. "Freedom is meaningless unless | ic58 at jove.acs.unt.edu - James Childers you can give to those with whom| No man's freedom is safe you disagree." - Jefferson | while Congress is in session EA 73 53 12 4E 08 27 6C 21 64 28 51 92 0E 7C F7 From ic58 at jove.acs.unt.edu Thu Aug 3 12:53:23 1995 From: ic58 at jove.acs.unt.edu (Childers James) Date: Thu, 3 Aug 95 12:53:23 PDT Subject: There's a hole in your crypto... In-Reply-To: <199508031918.PAA16067@bb.hks.net> Message-ID: On Thu, 3 Aug 1995, Jim Ray wrote: > >Doesn't the NSA certify the security of cryptosystems? > >I wonder what they'd say about PGP? > > Their consultant, Prof. Dorothy Demming(sp?), has been asked this very > question about PGP, and she deftly avoided comment on both PGP and IDEA. > [I believe this was on NPR, but I'm not certain.] The emergence of NSA > from absolutely secret agency to semi-public status (writing letters, > P.R. concerns, opening a museum, etc.) at the same time as the general > availability of what's considered by many [including me] to be strong, > free, cryptography "for the masses" is interpreted by many [including me] > as an implicit NSA comment on the availability of strong crypto in > general, and on the availability of PGP in particular. I'm afraid I don't follow. Are you saying that the NSA is assuming a more public role because (apparently) stong crypto is now widely available to the public? I don't see the connection between A and B if this is what you are claiming. Unless they're gearing up for a PR campaign... I wonder how the NSA has been portrayed in Hollywood in the past. I've just seen them mentioned in one movie I can think about ("Crimson Tide"). Anyone else know of references? "Freedom is meaningless unless | ic58 at jove.acs.unt.edu - James Childers you can give to those with whom| No man's freedom is safe you disagree." - Jefferson | while Congress is in session EA 73 53 12 4E 08 27 6C 21 64 28 51 92 0E 7C F7 From gate at id.WING.NET Thu Aug 3 13:04:29 1995 From: gate at id.WING.NET (The Gate) Date: Thu, 3 Aug 95 13:04:29 PDT Subject: Did Clinton Authorize Electronic Warfare Against Davidians? (fwd) Message-ID: Does this belong? ____________________________|||||||||||||||||||||______________________________ R. Leland Lehrman at The Gate, New Haven, CT. http://id.wing.net/~gate/gate.html God, Art, Technology and Ecology Research and Development >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Do you love the Mother?>>>>>>>>>>>>>>>>>>>>>>>> ---------- Forwarded message ---------- Date: Thu, 3 Aug 1995 11:41:53 -0700 (PDT) From: Steve Wingate To: snet Subject: Did Clinton Authorize Electronic Warfare Against Davidians? (fwd) DID CLINTON AUTHORIZE ELECTRONIC WARFARE AGAINST THE BRANCH DAVIDIANS? Carol Valentine of Waco Remembrance in a release dated 7/18/95 asserts that the U. S. government engaged in electronic warfare against the Branch Davidians during the siege at Waco. Actions included jamming SOS signals being transmitted by the Davidians, jamming incoming radio and TV signals, dismantling Mt. Carmel's ham radio tower and using sophisticated British military hardward (perhaps manned by British military personnel) to monitor the Branch Davidians every action and word. Jamming of Radio and TV Signals President Clinton may have personally approved the radio and TV jamming operations during the 51-day siege. Jamming of radio and TV signals is strictly prohibited by S law and can be carried out only in extreme situations such as war of national security emergencies. President Clinton himself would have had to sign the order. George Zimmerlee of Marietta, Georgia has asked Presidnet Clinton for a copy of the order bearing his signature. The White House has refused to provide it, saying that the White House is not covered by the Freedom of Information Act. The FBI jammed TV and radio signals as part of its psychological warfare on the Davidians. Signals were jammed almost completely during the day and night to prevent the Davidians from hearing news of support from other Americans. The only signals permitted into Mt. Carmel's airspace during the siege were those carrying FBI news conferences in which David Koresh was held up to scorn and the religious views of the Davidians were ridiculed. Through listening devices, the FBI then studied the Branch Davidian responses to the briefings: "You could hear them yelling and screaming about (FBI agent) Ricks and (BATF agent) Troy, yelling and screaming about (how) people were lying about them. That came mostly from Schneider", an FBI official told the Dallas Morning News. The jamming equipment was supplied by the Federal Communications Commission. Morse Code Signals Jammed On the night of March 14, 1993 and on the following night, Morse Code messages were flashed by Branch Davidians switching an overhead light on and off. The message came from the fourth floor of the Mt. Carmel Center. The flashing lights were picked up by TV cameras, caputred on video tape and later analyzed. Associated Press issued a report stating that it had analyzed the transmissions and that the message was this: SOS SOS SOS FBI BROKE NEGOTIATIONS. WANT NEGOTATIONS FROM THE PRESS. The MorseCode transmissions were also studies by Zimmerlee, who designs and builds prototype electronic equipment. He is an amateur radio operator, and holds an FCC General Radiotelephone (Operator) License. "Much of what the Branch Davidians transmitted has been lost", says Zimmerlee. Apparently the government was alerted of the Brnach Davidian plans by listening devices planted inside Mt. Carmel. On the night the signal began, the FBI focused stadium lights into the room from which the signals were being transmitted. The Morse Code signals were obscured by the much brighter stadium lights. In addition, a tank was pulled up directly between the light and the TV cameras. The cameras also began panning back and forth so that viewing the signal was interrupted during crucial transmission periods. Interfering with SOS signals violates several international laws, including the International Telecommunications Convention of Atlantic City, 1947 (Article 44) and the UN International Covenant on Civil and Political Rights, Part III, Article 19. The message met the International Telecommunication Union Rules (Article 37) definition of a distress signal. Davidians Wayne Martin or Jeff Little, now both dead, probably sent the code, says Zimmerlee. Both were ham radio operators, knew Morse code and had a proficiency of 20 words per minute. "they were sending cohenert, very readable code--exquisitly good, it was very readable", says Zimmerlee. Ham Radio Tower Dismantled According to Zimmerlee's research, Mt. Carmel was an FCC licensed ham radio station. QST Magazine says Branch Davidian Wayne Martin had talked about the existence of a ham radio tower at Mt. Carmel with another amateur operator at Waco. The tower was an inverted "V" 14 megahertz, wire dipole antenna with which Martin claimed to have made worldwide contact. During the siege an FBI agent told Associated Preess that the FBI intended to knock down Mt. Carmel's ham radio station. In a letter to Rep. Newt Gingrich on April 21, 1994 the FBI admitted that "The Branch Davidians had the means to send and receive communications, and the FBI took steps to deny those communications . .."FCC has also told Zimmerlee that it has a classified document pertaining to the amateur radio station or its operators. Yet footage of the Mt. Carmel Center on the day of the original BATF raid does not show a ham radio tower. "The tower was apparently pulled up even before helicopter gunships begin firing into Mt. Carmel by a government operative inside Mt. Carmel. My conclusion is that the raid on Mt. Carmel was a Military Operation, not a search. Communications in this Military Operation was a high priority target. The government has lied about the nature and purpose of the raid. Evidence of jamming shows that there was something extremely danagerous about permitting the Branch Davidians to communicate with the outside world," says Zimmerlee. Use of Foreign Military Equipment As reported by Linda Thompson in "Waco, the Big Lie", the British government supplied the FBI with a multi-sensor surveillance aircraft, equipped with forward looking infra-red radar and a low light television camera. According to an article in "The London Sunday Times" March 21, 1993, "the siege has become a focal point for the world's Special Forces eager to see the latest equipment being applied to a real crisis. Observer teams from the American Delta Force and British Special Air Services have already visited Waco". The London Times also says fibre-optic cables were inserted within the building at Mt. Carmel and were used to relay a full-color picture of a whole room from a lens measuring no more than one-eighth of an inch. Government agents had infiltrated Mt. Carmel before the raid and replaced normal telephones with converted sets which double as microphones to relay all converation inside a room, said The Times. * Steve Wingate / CITIZEN'S INTELLIGENCE ACCESS BBS / 415.927.2435 / MindNet From trei Thu Aug 3 13:09:55 1995 From: trei (Peter Trei) Date: Thu, 3 Aug 95 13:09:55 PDT Subject: There's a hole in your crypto... Message-ID: <9508032009.AA15757@toad.com> > Nathan Zook writes: > > > And is there any way to build trusted system out of small, verifiable > > > pieces? Since the way they're connected could also be questioned, I > > > suspect that when you put enough of them together it's just as bad as > > > the case of a single, monolithic program. But this isn't my area, so > > > I don't know. > > No. This was essentially proved during the first third of this century. > Well, I haven't gotten a reply from Nathan Zook on this assertion, so > can anyone else back it up with some references? Perhaps we're > discussing different contexts, but proving correct systems composed of > correct components is still a subject of active research. > nathan I suspect that he's referring to Godels' Theorem, which shows that in any complete logic system it's possible to make undecidable statements. I'm not at all sure if this can be extended to computer programs. Even if it can, I suspect it only applies to contrived cases. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From perry at panix.com Thu Aug 3 13:14:24 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 3 Aug 95 13:14:24 PDT Subject: Did Clinton Authorize Electronic Warfare Against Davidians? (fwd) In-Reply-To: Message-ID: <199508032014.QAA13009@panix4.panix.com> The Gate writes: > Does this belong? > > DID CLINTON AUTHORIZE ELECTRONIC WARFARE > AGAINST THE BRANCH DAVIDIANS? No, it doesn't belong, and deliberately being a jerk by posting the whole thing with a "does this belong at the beginning" isn't a way to win friends and influence people. I'm beginning to wonder if the conspiracy idiots on this list are here from the NSA to keep any real work getting done. Are there any cypherpunks left here, or is it all just cryptogroupies? Some of us want to see cryptography deployed, not conspiracy theories about Waco, Vincent Foster, or your mother. Perry From trei Thu Aug 3 13:26:21 1995 From: trei (Peter Trei) Date: Thu, 3 Aug 95 13:26:21 PDT Subject: a hole in PGP Message-ID: <9508032026.AA16303@toad.com> Sunder writes: > Agreed. If PGP has a hole it in it's not in the sources, nor in the > executables. Any hole would be a breaking of the RSA or IDEA cyphers by > the TLA's who wouldn't talk about it, or the availablity of enough super > fast hardware to brute force it. > It wouldn't be that PGP, it's sources, or algorithms have holes. It > would be that there is a way to factor RSA that as of yet we don't know > about. And hell, that's as likely as meeting Elvis at your local 7-11. ;-) One little mental game I sometimes play (when I'm bored with deciding what to do when I win the lottery :-) is: What would you do if you could crack RSA? Let's suppose you've stumbled upon a very fast factoring algorithm - you can crack all of the RSA challenges on your home PC in minutes. What do you do next? Possibilities: * Post the algorithm to the net [anonymously?]. * Post the solutions to the challenges [anonymously?]. * Apply for a patent. * Sit on it. * Write an article for Cryptologia, get the Draper medal. * Try to cut a deal with RSA * Try to cut a deal with NSA * Try to cut a deal with KGB/Sadam/etc. * Try to keep it a trade secret, but profit from it. * Escrow a OTP encoded description of the algorithm, and the OTP, with different (unknown to each other) lawyers, with orders to post them to sci.crypt if you vanish or die mysteriously. It's sort of fun to speculate... Peter PS:I'm still waiting for the SSL challenge to start. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From danisch at ira.uka.de Thu Aug 3 13:26:35 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Thu, 3 Aug 95 13:26:35 PDT Subject: Object Oriented Crypto API Message-ID: <9508031542.AA03277@elysion.iaks.ira.uka.de> Good idea. I would have some suggestions, but first an important question: Is it to be discussed on the Cypherpunks list? Hadmut From s5cromw at watson.ibm.com Thu Aug 3 13:36:49 1995 From: s5cromw at watson.ibm.com (Ray Cromwell) Date: Thu, 3 Aug 95 13:36:49 PDT Subject: Object Oriented Crypto API In-Reply-To: <9508031542.AA03277@elysion.iaks.ira.uka.de> Message-ID: <9508032035.AA20799@play.watson.ibm.com> > > > Good idea. > > I would have some suggestions, but first > an important question: > > Is it to be discussed on the Cypherpunks list? I don't see why not. It's related to crypto, and it's related to writing code. Or has the cypherpunks list degenerated into an arena where the top subjects are the Waco hearings, paranoid government/NSA rumors, US vs German censorhip, and irrelevent political messages? -Ray >From owner-cypherpunks Thu Aug 3 14:35:14 1995 From tcmay at sensemedia.net Thu Aug 3 13:44:22 1995 From: tcmay at sensemedia.net (Timothy C. May) Date: Thu, 3 Aug 95 13:44:22 PDT Subject: NSA, NRO, and Keeping Secrets Message-ID: At 7:50 PM 8/3/95, Childers James wrote: >I'm afraid I don't follow. Are you saying that the NSA is assuming a more >public role because (apparently) stong crypto is now widely available to >the public? I don't see the connection between A and B if this is what >you are claiming. > >Unless they're gearing up for a PR campaign... I wonder how the NSA has >been portrayed in Hollywood in the past. I've just seen them mentioned in >one movie I can think about ("Crimson Tide"). Anyone else know of references? The NSA has been mentioned in many recent movies, even in television shows (like "The X Files"). I haven't been keeping a list, but the last Clancy movie, "A Clear and Present Danger," had references. And in more than one movie the reference to "NSA agents" doing various things is made. The NSA has a high profile today. "No Such Agency" is clearly marked as an exit on the Baltimore-Washington highway, and of course even has a museum open to the public. Even the National Reconnaissance Organization is public knowledge, partly because of the Burrows book "Deep Black," and partly because of the controversy over the huge building out near Dulles Airport. Some things are mostly secret, though. The cover of Consular Operations was almost blown some years back by former agent Ludlum, but ConsOps has faded back into obscurity. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at sensemedia.net | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From virgie2 at ais.net Thu Aug 3 14:35:14 1995 From: virgie2 at ais.net (Dorothy Voss) Date: Thu, 3 Aug 95 14:35:14 PDT Subject: ALERT: House to Vote This Week on Net-Censorship Bills (fwd) Message-ID: ---------- Forwarded message ---------- Date: Tue, 1 Aug 1995 17:43:34 -0400 From:editor at cdt.org To: policy-posts at cdt.org Subject: ALERT: House to Vote This Week on Net-Censorship Bills HOUSE TO VOTE THIS WEEK ----------------------- The House of Representatives will vote late Thursday or Early Friday (Aug 3 or 4) on whether to add the Cox/Wyden Internet Freedom and Family Empowerment Act as an amendment to the House Telecommunications Reform Bill (HR 1555). The Cox/Wyden amendment is a direct attack on the Exon/Coats Communications Decency Act (CDA). House passage of the Cox/Wyden amendment is the last chance we have to defeat the Exon/Coats CDA. If the House fails to pass Cox/Wyden, the Exon bill will likely become law. We must act now to head off this possibility. Please take a moment to contact your member of Congress and urge them to support the Cox/Wyden legislation (described in the alert below). The attached alert is from a coalition organized by the Voters Telecommunications Watch (VTW) which includes CDT, EFF, EPIC, and other online advocacy organizations. This may be your last chance to make your voice heard on this critical issue, so please call before Friday August 4. ======================================================================== CAMPAIGN TO STOP THE EXON/COATS COMMUNICATIONS DECENCY ACT (SEE THE LIST OF CAMPAIGN COALITION MEMBERS AT THE END) Update: -Latest News: House vows to vote on Telecomm bill (which includes the CDA) this week before recess! -What You Can Do Now *** THIS IS YOUR LAST CHANCE TO MAKE A DIFFERENCE. *** *** THE HOUSE WILL VOTE ON THE COMMUNICATIONS DECENCY *** *** ACT THIS WEEK. IF WE LOSE, IT WILL BECOME LAW. *** CAMPAIGN TO STOP THE UNCONSTITUTIONAL COMMUNICATIONS DECENCY ACT July 30, 1995 PLEASE WIDELY REDISTRIBUTE THIS DOCUMENT WITH THIS BANNER INTACT REDISTRIBUTE ONLY UNTIL August 14, 1995 REPRODUCE THIS ALERT ONLY IN RELEVANT FORUMS Distributed by the Voters Telecommunications Watch (vtw at vtw.org) ________________________________________________________________________ CONTENTS The Latest News What You Can Do Now What is Cox/Wyden? (HR1978) Chronology of the CDA For More Information List Of Participating Organizations List of the House of Representatives ________________________________________________________________________ THE LATEST NEWS This week the House of Representatives will choose between ANTI-FREE-MARKET PRO-CENSORSHIP LEGISLATION (the Exon/Coats Communications Decency Act) and ANTI-CENSORSHIP PRO-PARENTAL-CONTROL LEGISLATION (the Cox/Wyden Internet Freedom and Family Empowerment Act - HR1978). THIS IS YOUR LAST CHANCE AS A CITIZEN TO MAKE A DIFFERENCE. IF WE LOSE THIS VOTE, THE COMMUNICATIONS DECENCY ACT, ALREADY PASSED BY THE SENATE, WILL BECOME US LAW. The vision of a cyberspace ONLY FIT FOR CHILDREN will become reality. The Communications Decency Act will be offered by supporters of conservative pro-censorship groups THIS WEEK. They will try and amend HR1555 to include the Communications Decency Act and remove any other net-friendly language such as the Leahy/Klink study. ________________________________________________________________________ WHAT YOU CAN DO NOW 1. THERE'S NO TIME FOR EMAIL OR SNAIL MAIL. CALL OR FAX YOUR REPRESENTATIVE NOW. 2. Find your rep (instructions below) and urge them to oppose the Communications Decency Act and support parental control legislation (the Cox/Wyden "Internet Freedom and Family Empowerment Act" HR1978) Figure out who your Rep is; feel free to use the following sample. ** See Instructions Below On How To Obtain Your Rep's Phone and Fax Number ** SAMPLE PHONE CALL (Y=You, S=Rep's Staffer) S:Rep. Snark's office, may I help you? Y:Hi, As your constituent I'd like to urge Rep Snark to oppose Internet censorship legislation such as the Exon/Coats Communications Decency Act and support parental control bills such as the Cox/Wyden Internet Freedom and Family Empowerment Act - HR1978. S:Anything else? Y:Yes, where does Rep. Snark stand on this issue? S:Rep. Snark supports HR1978. Y:Thank you! Take the response you get and mail it to vtw at vtw.org. We'll be totalling up the responses and counting votes. Send it to us with the subject line of "house call". $ Mail vtw at vtw.org Subject: house call I live in Ohio and I called Rep Snark. Snark's staffer said he favors HR1978 too! . Mail sent... $ SAMPLE FAX Dear Representative Snark, As your constituent I'd like to urge Rep Snark to oppose Internet censorship legislation such as the Exon/Coats Communications Decency Act and support parental control bills such as the Cox/Wyden Internet Freedom and Family Empowerment Act - HR1978. Sincerely, 3. Ask your Internet Service Provider or Sysop to put the following message into their "message of the day". We also encourage you to forward the following short announcement to relevant mailing lists where a copy of this alert would be too long for the list. 8/1/95: The Communications Decency Act (CDA) will be voted on by the House of Representatives this week. IT IS CRUCIAL THAT YOU CALL YOUR REPRESENTATIVE NOW. To get a copy of the alert, send mail to vtw at vtw.org with "send alert" in the subject line, gopher -p 1/vtw/exon/alert gopher.panix.com, or URL:gopher://gopher.panix.com:70/00/vtw/exon/alert 4. Forward a copy of this alert to your friends until the "freshness date" above. THIS IS CRUCIAL. WE NEED TO GENERATE CALLS OF SUPPORT OR THE COMMUNICATIONS DECENCY ACT WILL BECOME LAW. 5. Congratulate yourself! You've done your part to save cyberspace. ________________________________________________________________________ HOW TO FIND YOUR REPRESENTATIVE'S PHONE AND FAX NUMBER: 1. If you don't remember your representative's phone number, send email to reps at cdt.org You will automatically receive a list of all 435 members of the House of Representatives with phone and fax numbers. 2. OR, call the Capitol Switchboard (+1.202.225.3121) and ask to be connected to your Rep's office. If you don't remember who your Rep. is, the operator can tell you when provided with your zipcode. ________________________________________________________________________ WHAT IS COX/WYDEN? Cox/Wyden (HR1978) is legislation intended to prevent the Federal Communications Commission (FCC) from imposing content regulations on cyberspace and encourage private sector development and deployment of parental control technologies. Throughout HR1978's history, civil liberties advocates from ACLU, CDT, EPIC & PFAW have examined the bill and recommended modifications to ensure that the bill does not negatively impact your privacy or civil liberties. Although several questions still remain, Representatives Cox and Wyden are committed to addressing these concerns. As the legislation moves to the House/Senate conference committee, civil liberties advocates will continue to submit changes to the Representatives' staffers throughout the conference process where the House bill and the Senate-approved Communications Decency Act are reconciled. ________________________________________________________________________ CHRONOLOGY OF THE COMMUNICATIONS DECENCY ACT House vote to occur before Friday August 4, 1995. Jun 30, '95 Cox and Wyden introduce the "Internet Freedom and Family Empowerment Act" (HR 1978) as an alternative to the CDA. Jun 21, '95 Several prominent House members publicly announce their opposition to the CDA, including Rep. Newt Gingrich (R-GA), Rep. Chris Cox (R-CA), and Rep. Ron Wyden (D-OR). Jun 14, '95 The Senate passes the CDA as attached to the Telecomm reform bill (S 652) by a vote of 84-16. The Leahy bill (S 714) is not passed. May 24, '95 The House Telecomm Reform bill (HR 1555) leaves committee in the House with the Leahy alternative attached to it, thanks to Rep. Ron Klink of (D-PA). The Communications Decency Act is not attached to it. Apr 7, '95 Sen. Leahy (D-VT) introduces S.714, an alternative to the Exon/Gorton bill, which commissions the Dept. of Justice to study the problem to see if additional legislation (such as the CDA) is necessary. Mar 23, '95 S314 amended and attached to the telecommunications reform bill by Sen. Gorton (R-WA). Language provides some provider protection, but continues to infringe upon email privacy and free speech. Feb 21, '95 HR1004 referred to the House Commerce and Judiciary committees Feb 21, '95 HR1004 introduced by Rep. Johnson (D-SD) Feb 1, '95 S314 referred to the Senate Commerce committee Feb 1, '95 S314 introduced by Sen. Exon (D-NE) and Gorton (R-WA). ________________________________________________________________________ FOR MORE INFORMATION Web Sites URL:http://www.panix.com/vtw/exon/ URL:http://epic.org/ URL:http://www.eff.org/pub/Alerts/ URL:http://www.cdt.org/cda.html URL:http://outpost.callnet.com/outpost.html FTP Archives URL:ftp://ftp.cdt.org/pub/cdt/policy/freespeech/00-INDEX.FREESPEECH URL:ftp://ftp.eff.org/pub/Alerts/ Gopher Archives: URL:gopher://gopher.panix.com/11/vtw/exon URL:gopher://gopher.eff.org/11/Alerts Email: vtw at vtw.org (put "send alert" in the subject line for the latest alert, or "send cdafaq" for the CDA FAQ) cda-info at cdt.org (General CDA information) cda-stat at cdt.org (Current status of the CDA) ________________________________________________________________________ LIST OF PARTICIPATING ORGANIZATIONS In order to use the net more effectively, several organizations have joined forces on a single Congressional net campaign to stop the Communications Decency Act. American Communication Association * American Council for the Arts * Arts & Technology Society * Association of Alternative Newsweeklies * biancaTroll productions * Californians Against Censorship Together * Center For Democracy And Technology * Centre for Democratic Communications * Center for Public Representation * Citizen's Voice - New Zealand * Cloud 9 Internet *Computer Communicators Association * Computel Network Services * Computer Professionals for Social Responsibility * Cross Connection * Cyber-Rights Campaign * CyberQueer Lounge * Dutch Digital Citizens' Movement * ECHO Communications Group, Inc. * Electronic Frontier Canada * Electronic Frontier Foundation * Electronic Frontier Foundation - Austin * Electronic Frontiers Australia * Electronic Frontiers Houston * Electronic Frontiers New Hampshire * Electronic Privacy Information Center * Feminists For Free Expression * First Amendment Teach-In * Florida Coalition Against Censorship * FranceCom, Inc. Web Advertising Services * Friendly Anti-Censorship Taskforce for Students * Hands Off! The Net * Human Rights Watch * Inland Book Company * Inner Circle Technologies, Inc. * Inst. for Global Communications * Internet On-Ramp, Inc. * Internet Users Consortium * Joint Artists' and Music Promotions Political Action Committee * The Libertarian Party * Marijuana Policy Project * Metropolitan Data Networks Ltd. * MindVox * MN Grassroots Party * National Bicycle Greenway * National Campaign for Freedom of Expression * National Coalition Against Censorship * National Gay and Lesbian Task Force * National Public Telecomputing Network * National Writers Union * Oregon Coast RISC * Panix Public Access Internet * People for the American Way * Republican Liberty Caucus * Rock Out Censorship * Society for Electronic Access * The Thing International BBS Network * The WELL * Voters Telecommunications Watch (Note: All 'Electronic Frontier' organizations are independent entities, not EFF chapters or divisions.) ________________________________________________________________________ End Alert ======================================================================= From jweis at primenet.com Thu Aug 3 14:41:13 1995 From: jweis at primenet.com (Jason Weisberger) Date: Thu, 3 Aug 95 14:41:13 PDT Subject: SSLeay - Whats the story... Message-ID: <199508032140.OAA09085@usr2.primenet.com> Maybe I miss it, but when did this arrive? Is anyone testing it? From hal9001 at panix.com Thu Aug 3 14:42:41 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Thu, 3 Aug 95 14:42:41 PDT Subject: "The Net" Message-ID: At 21:30 8/2/95, Dr. Dimitri Vulis wrote: >Not as good as Sneakers... Which has the classic in-gag of the Hero and Villain sitting down on the Villain's Cray (used to do code cracking presumably) with no indication (except to those who recognize it as a Cray and get the gag) of its significance or use. From zeus at pinsight.com Thu Aug 3 14:47:04 1995 From: zeus at pinsight.com (J. Kent Hastings) Date: Thu, 3 Aug 95 14:47:04 PDT Subject: 900# "Mind Your 0wn Business" Message-ID: <199508032146.OAA15372@utopia.pinsight.com> -- [ From: J. Kent Hastings * EMC.Ver #2.5.02 ] -- Howdy, y'all: Remember when I said we should establish 900#s to sell privacy information? Here's my attempt: -----BEGIN PGP SIGNED MESSAGE----- ANNOUNCING: The "MIND YOUR 0WN BUSINESS" audiotext program. 1 - 9 0 0 - C A N - M Y 0 B (1-900-226-6902) Note the zero digit, not the letter "O." The Feds say you can't have privacy, but we say you CAN "Mind Your 0wn Business!" And now we have a 900 number to reveal new methods to defend your privacy from criminals and tyrants. Sponsored by The Agorist Institute. The cost of each call is just 99 cents per minute, average cost $2.97, average length 3 minutes. You must be at least 18 to call or have parental permission. (The total cost is less than what you'd be charged per minute on most psychic or sex lines). The line will be updated by the 1st of each month. By September 1, 1995, our message will be recorded by a professional audio producer, but for now, you get to hear me read the first script. Don't be surprised if we update it during August. Kent J. Kent Hastings, Assistant Director of The Agorist Institute zeus at pinsight.com -- http://www.pinsight.com/~zeus/agorist/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMCE9ijTxxI221vktAQH9uQP+PmeMh8fAp6xFumDMnAE21GtWEq6eAtyd YnQAAxsFrX6xOFFiZI9F7RSe5l82RzwcxFilh3U572bmWnfqq/lGmki/EcZOvOfV EwY6Uxn59jxHeKzL/qYS0CgqmcIYfKWczDQdXahFStDu6nKFAMqYUMTr6Y4POEcp /lZGVdkseD0= =Q/hE -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy//L2kAAAEEAOnvjIRkD5n6TVQXPhVjZcgA5gWGkCcpa2Po8dpBWyQ/AHHU c9FPDhYFz9jLnZPw/GCri6UvLEhMKCiUqvSp0tn9j4O06q4My1w8aKmNK6SZVCCB 2qcO4srPPOHsg/9lxEjwCZCYOmbNjOj8CSfSOxyleRfRD/8gpDTxxI221vktAAUR tCRKLiBLZW50IEhhc3RpbmdzIDx6ZXVzQHBpbnNpZ2h0LmNvbT6JAJUDBRAwDy9e ZDiKtuS2yAEBATW0A/9EC4tJsoMc6DZzimr4vWRuSXokP7jZinvmTPnB6VRTGMb2 mi+iGJri7cosGzfSPdza71jny0bofYh5D1T81l+w9tC2stKYpauXnXnM1kptinFy ACVOcZlQgs76CWGp27FM3OxmX7NrCRi45a4B6Lp++8LvqSrWQhkfY0K8BZ37sIkA lQMFEC//MEfebp7zC/wzWQEB+p8EAIhUH1Z7/y3K0wxMSHYeeQ+qLcK92XLdHCwA uJ7TF68EfpROxwPAFk1IW6MBI2pM9QLj5vMdA3dIPXQUICAY2BhgmdCF74kYUzkA XG+27B1298wcioUQgvZrsJ1Prl74o7Ta4T6rAjVWBeqUeOuV74prf0sI36aPiDJ5 vvGHt0i9 =RBUs -----END PGP PUBLIC KEY BLOCK----- It's rough now, but should become more useful in the next few months. Kent -- "Put pages for your business on the World Wide Web, just $5 per month!" J. Kent Hastings -- zeus at pinsight.com -- http://www.pinsight.com/~zeus/ From rsalz at osf.org Thu Aug 3 14:53:55 1995 From: rsalz at osf.org (Rich Salz) Date: Thu, 3 Aug 95 14:53:55 PDT Subject: There's a hole in your crypto... Message-ID: <9508032153.AA23045@sulphur.osf.org> > The emergence of NSA >from absolutely secret agency to semi-public status (writing letters, >P.R. concerns, opening a museum, etc.) at the same time as the general >availability of what's considered by many [including me] to be strong, >free, cryptography "for the masses" is interpreted by many [including me] >as an implicit NSA comment on the availability of strong crypto in >general, and on the availability of PGP in particular. Call me stupid, but what is the implicit comment? /r$ From liberty at gate.net Thu Aug 3 15:07:12 1995 From: liberty at gate.net (Jim Ray) Date: Thu, 3 Aug 95 15:07:12 PDT Subject: There's a hole in your crypto... Message-ID: <199508032204.SAA17985@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- On Thu, 3 Aug 1995, James Childers wrote: >On Thu, 3 Aug 1995, Jim Ray wrote: > >I'm afraid I don't follow. Are you saying that the NSA is assuming a more >public role because (apparently) stong crypto is now widely available to >the public? yep. Sorry if I was unclear. Possibly even the recent Rosenburg revelations are related, though they were reported in the media [in Miami at least] as coming from "the CIA" rather than from the NSA. >I don't see the connection between A and B if this is what >you are claiming. I do, but I am told I'm "paranoid." If I were running the NSA, I would _NOT_ leave an obvious connection anyway, but those who know me say I'm not exactly "NSA material." ;-) > >Unless they're gearing up for a PR campaign... Which is my theory. "They," for me, includes FBI director Freeh, whose post OK City mass-murder paranoid anti-crypto comments I saw on C-SPAN. [Hence my PGP comment below.] >I wonder how the NSA has >been portrayed in Hollywood in the past. I've just seen them mentioned in >one movie I can think about ("Crimson Tide"). Anyone else know of references? Sorry, I'm almost movie-illiterate these days, but I do plan to see "the Net" soon,and I promise NOT to post my "review" unless I can add anything meaningful to the previous ones, which is doubtful. > >"Freedom is meaningless unless you can give to those with whom you >disagree." - Jefferson Agreed. "Liberty is like love, in that you can't have any until you give it all away." [Unknown author, aprox. quote] JMR - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMCE+5W1lp8bpvW01AQFV8QQAmW853KKBf9xba6B1/+reAAT1wu/UQD+f ly8hNMen1NQWEERHJ5fyGOmC0oikJ3tepzh+5KLfegOTLqkZ8/omnYj2euKFNlVH uSLs/f0PuLMWnPvpv/ntSVheJ8xA4u/PEz+WspLDKg7+nm/E4BP1Rb6PM79wsdKE fb3wRuOcCmY= =K5fD - -----END PGP SIGNATURE----- Regards, Jim Ray "The people will again respect the law when the law again respects the will of the people." Jim Ray, Campaign '92 - ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 - ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMCFHgioZzwIn1bdtAQHcbwGAxhmZ8SCA9eF5WGGVNVOnudcqmkyHtrsn inY/IoGrB8maPP4h/IdGzVrdddcOCkpH =Gz8W -----END PGP SIGNATURE----- From bailey at computek.net Thu Aug 3 15:22:47 1995 From: bailey at computek.net (Mike Bailey) Date: Thu, 3 Aug 95 15:22:47 PDT Subject: Did Clinton Authorize Electronic Warfare Against Davidians? (fwd) In-Reply-To: <199508032014.QAA13009@panix4.panix.com> Message-ID: On Thu, 3 Aug 1995, Perry E. Metzger wrote: > > The Gate writes: > > Does this belong? > > > > DID CLINTON AUTHORIZE ELECTRONIC WARFARE > > AGAINST THE BRANCH DAVIDIANS? > > No, it doesn't belong, and deliberately being a jerk by posting the > whole thing with a "does this belong at the beginning" isn't a way to > win friends and influence people. > > I'm beginning to wonder if the conspiracy idiots on this list are here > from the NSA to keep any real work getting done. Are there any > cypherpunks left here, or is it all just cryptogroupies? > > Some of us want to see cryptography deployed, not conspiracy theories > about Waco, Vincent Foster, or your mother. > Who told you about my mother ?? It is all lies ... my mother has never been to Waco and I'm sure the NSA is involved in a misinformation campaign and cover-up 8-) .sig withheld to stump the aoler's. From strick at yak.net Thu Aug 3 15:42:08 1995 From: strick at yak.net (strick at Jihad) Date: Thu, 3 Aug 95 15:42:08 PDT Subject: Java, Netscape, OpenDoc, and Babel In-Reply-To: <199508011956.MAA01495@comsec.com> Message-ID: <199508032138.VAA00125@jihad.yak.net> > But in which framework or language, given the profusion of frameworks and > languages? > > We had some TCL advocates a while back (Strick, Hal...)...any reaction to Java? TCL solved my specific problem at that time. Unfortunately I haven't studied Java. PM's comments (as usual) intrigue and bother me; I need to study it. TCL's biggest problem is that it's slow -- it's designed to be used in the parts where speed doesn't really matter -- and it sounds like java sovles that. Perry -- do you have the same basic objection to Safe-TCL that you do do to Java? I would think so. strick > And so it goes. > > --Tim May From eay at mincom.oz.au Thu Aug 3 15:53:01 1995 From: eay at mincom.oz.au (Eric Young) Date: Thu, 3 Aug 95 15:53:01 PDT Subject: SSLeay - Whats the story... In-Reply-To: <199508032140.OAA09085@usr2.primenet.com> Message-ID: On Thu, 3 Aug 1995, Jason Weisberger wrote: > Maybe I miss it, but when did this arrive? Is anyone testing it? I started writting the library back at the start or april. It has been available for ftp for a month or 2 now but I'm still working on it. I have only mentioned it on a few mailing lists and am holding off its anouncment on sci.crypt until we have the windows 3.1 DLL working fully (well, we have it working now but I'm still cleaning things up a bit :-). It even compiles under DOS :-) It is a free (for comercial and non-comercial use) complete implementation of netscapes SSL v 2. The SSL part of the library is quite small, most of the rest is support routines for the x509 environment. I have routines for DES (my libdes library), RC4, IDEA, RSA, MD2, MD5. I have support routines to generate RSA private keys and I have programs to generate, and certify x509 certificates. Tim Hudson has put SSL in ftp, telnet, Moasic, httpd etc. These patches are available from the same ftp site. For those in the USA, you can build to use RSAref and can build with RC4 and or IDEA removed. All code in this 'library' has been written by me from publicaly available material. Documentation of the non SSL part is quite small since I have mostly been coding and nearly all of this work has been done outside of my normal work hours. People have been using the library quite a bit, and we can interoperate with netscape secure servers and their clients (if we have a certificate signed by netscape). Have a play and please send me any comments :-) http://www.psy.uq.oz.au/~ftp/Crypto/ ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/ ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/ eric -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups that the message contents :-) From liberty at gate.net Thu Aug 3 16:27:57 1995 From: liberty at gate.net (Jim Ray) Date: Thu, 3 Aug 95 16:27:57 PDT Subject: There's a hole in your crypto... Message-ID: <199508032325.TAA18780@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Rich Salz wrote: >Call me stupid, but what is the implicit comment? I'm not sure, and I do not wish to speculate just now, with so many people on this list who are so much better qualified to speculate on the NSA's motivations than I am. Perhaps my word "implicit" was poorly chosen. Anyway, going from silence to non-silence counts for _something_, and I doubt this kind of step was taken without high level thought or consul- tation or infighting, considering the NSA's former near-monopoly on strong cryptograpy capabilities. PS I doubt *anyone* on this list is stupid, though all of us probably do stupid things from time to time... ;-) JMR - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMCFYTm1lp8bpvW01AQGWYgP+NRdp4rfJ2PhFdiKQkOH1W9mV74l1Z7c9 hiPCLKbdkl8uq3lc53cS57wibF6XsuF2+cfcImsT2I0/C3jvijOgVOD917XJJrul CbD9yEUuYL0DTeCc+pUSvdNiAsaKzXgaZE99d0tyHgo6Y3VTUMkP911kpyHrSCHF aOWAJFTu+CM= =XSiz - -----END PGP SIGNATURE----- Regards, Jim Ray "The people will again respect the law when the law again respects the will of the people." Jim Ray, Campaign '92 - ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 - ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMCFayCoZzwIn1bdtAQHXjgGArZLvrCRLpWOGf9CEwPJw+599uR/1UTir kZBwiMrsg724XmEgTnpZYD6bvISv8Fdw =X31m -----END PGP SIGNATURE----- From tcmay at sensemedia.net Thu Aug 3 16:36:05 1995 From: tcmay at sensemedia.net (Timothy C. May) Date: Thu, 3 Aug 95 16:36:05 PDT Subject: Appropriate Topics? Message-ID: At 8:35 PM 8/3/95, Ray Cromwell wrote: >> Good idea. >> >> I would have some suggestions, but first >> an important question: >> >> Is it to be discussed on the Cypherpunks list? > > I don't see why not. It's related to crypto, and it's related to >writing code. Or has the cypherpunks list degenerated into an arena >where the top subjects are the Waco hearings, paranoid government/NSA >rumors, US vs German censorhip, and irrelevent political messages? As I see things, talking about Ray's ideas for an object-oriented crypto library is a big part of what this list is for. (Ditto for Wei Dai's code, for Hal's code, and so on.) However, it's a mistake to think that the _only_ thing appropriate for the list is talking about code (of either kind). Not that Ray said this. It seems to me the list is pretty well-balanced between several different kinds of topics: * crypto -- RSA, Diffie-Hellman, entropy, randomness, denial of service attacks, and so on. * software -- PGP implementations, hooks to other programs, MIME, Unix, C++, Java, TCL, etc. * policy -- Exon, EFF, Perl t-shirts, law, export, etc. (The worst of these are the long policy analyses forwarded to this list from other places.) * cultural -- movies with crypto or security themes, books, comments, humor, etc. * speculation -- tax effects, money laundering, crypto anarchy, etc. * rants and conspiracies -- coverups, NSA, Waco, black helicopters, Masons, etc. (the worst of these rants are long, rambling conspiracy theories forwarded to this list from other places...these are probably the items that least belong here). (Note that the two serious problems--policy statements and conspiracy rants forwarded from other places--share a common point: they are not written for the Cypherpunks list by Cypherpunks...they are just stuff forwarded, with only tangential interest to the list. And they tend to be long.) Are these themes appropriate? Some folks want to read posts on one topic, some on others, etc. It's a fact that highly-specialized or detailed posts about, say, crypto libraries, will not get as many general comments--in real life or on this list--as a reference to a current movie will get. That's the nature of things. I could go on about why this is so, but I think you all know why. The "Cypherpunks write code" mantra, sometimes cited by those who dislike the discussions they see, has a broader interpretation. To wit, instead of asking others to write the code you want to see, try writing it yourself. And this directly relates to postings: instead of asking for a different kind of post, one should just _write_ that kind of post! People will talk about what they want to talk about. If they get _too_ far off into themes only distantly related to the ostensible themes of this list, then usually some slight peer pressure will work. Plus, if people don't respond, the threads die. The noise messages of the form "This is not about writing code; this does not belong on Cypherpunks" are misguided. The list is made up of people who have crypto and privacy concerns broader than just writing C++ code for Sparcstations. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at sensemedia.net | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From pgf at tyrell.net Thu Aug 3 16:42:11 1995 From: pgf at tyrell.net (Phil Fraering) Date: Thu, 3 Aug 95 16:42:11 PDT Subject: Object Oriented Crypto API In-Reply-To: <9508031542.AA03277@elysion.iaks.ira.uka.de> Message-ID: <199508032337.AA13225@tyrell.net> Date: Thu, 3 Aug 1995 17:42:29 +0200 From: danisch at ira.uka.de (Hadmut Danisch) X-Sun-Charset: US-ASCII Sender: owner-cypherpunks at toad.com Precedence: bulk Good idea. I would have some suggestions, but first an important question: Is it to be discussed on the Cypherpunks list? Hadmut He's right. There's nothing about aliens, Waco, or Whitewater. From perry at jpunix.com Thu Aug 3 16:50:53 1995 From: perry at jpunix.com (John Perry) Date: Thu, 3 Aug 95 16:50:53 PDT Subject: the Mix-L mailing list Message-ID: <199508032350.SAA02475@jpunix.com> -----BEGIN PGP SIGNED MESSAGE----- Hello Everyone, I just discovered earlier this morning that in transitioning to a newer version of the FreeBSD OS, the majordomo code that runs the mix-l mailing list had become slightly broken. I'm not sure if subscription requests were being processed correctly. The list is fixed now. If you have tried to subscribe to mix-l in the past and have gotten no response, please try again. send email to majordomo at jpunix.com with the BODY (not subject) of the message being: subscribe mix-l if you are interested in knowing about the goings-on with the development and operation of the Mixmaster remailer code. - -- John Perry - KG5RG - perry at jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMCFgvaghiWHnUu4JAQGijQf+LfBnZZh9SBNg+X16FFrqugMdoiTljXRV 09SQ5bzw31a6eZ3GMNhZpkCP4oYu/f6bYELJiWeAuBXc6BUGP8TsUDRR2ydYeZyv Pl5u/JBmozu3KQx05b+E3RscQcVVqWxy2zZGNri0eA6yKt9yd3HvuCzBWIFQflov /CkhA/Y3HalcNNc2jzQkdiwufSK8ke/N020su25UYg1foIeHL7Zc0mskHAILcsjl 7wwqmVxgbXabdAETCZF8Hhv2czVHF0GXkXKOukW79j10R5ny0cOXf1r8nwBTLzvO XWjjcokOlYwrGIYtBAmtzbLbRy/VS9D7m56pqWb2y5nbBOV3E0Qp/w== =HfwW -----END PGP SIGNATURE----- From ian at bvsd.k12.co.us Thu Aug 3 17:03:51 1995 From: ian at bvsd.k12.co.us (Ian S. Nelson) Date: Thu, 3 Aug 95 17:03:51 PDT Subject: Noise: PBS under the Republicans (fwd) In-Reply-To: Message-ID: <199508040003.SAA12916@bvsd.k12.co.us> > // Ray, you may want to forward this to the list. > > A TYPICAL DAILY PBS SCHEDULE IF THE PUBLIC BROADCASTING LEADERS CAVE IN > TO REPUBLICAN PRESSURE > > 8:00 am Morning Stretch: Arnold Schwarzenegger does squats while > reciting passages of "Atlas Shrugged." [bs deleted] > > Why am I seeing this with the cp list? From jcaldwel at iquest.net Thu Aug 3 17:49:03 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Thu, 3 Aug 95 17:49:03 PDT Subject: There's a hole in your crypto, dear Eliza dear Eliza... In-Reply-To: Message-ID: Andrew Spring wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > > >How do I know PGP IS secure? I don't. That doesn't mean I don't use it or > > Doesn't the NSA certify the security of cryptosystems? > I wonder what they'd say about PGP? Hmm, I wonder if they have done such a certification and if an FOIA could elicit a response. -- So you may wonder -- "But what does that have to do with me?" Answer: I have locked horns with "The Devil", buddy boy, and compared to him, you ain't sh**. Brian Francis Redman to Chip Berlet From dlv at bwalk.dm.com Thu Aug 3 17:53:53 1995 From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Date: Thu, 3 Aug 95 17:53:53 PDT Subject: "The Net" In-Reply-To: Message-ID: <9o809c19w165w@bwalk.dm.com> Ray Arachelian writes: > On Wed, 2 Aug 1995, Dr. Dimitri Vulis wrote: > > terrible. The star should NOT have appeared in a bikini. Yech. > > Why not, she had the right 'assets' for that scene, no? 8-D Tastes vary. If she were my friend, I'd recommend stuffing that bra. :) :) :) (With something steganographic, of course. :) > > In a typical suspenseful scene (not a spoiler), the heroine sneaks into an > > office and sets off a fire alarm. Everyone leaves, including a villaine, wh > > doesn't log off. > > is this way. Very few care about security. Here at work I have to fight > extra hard with idiots who log in and leave their machines -- users with > Supervisory access! I once was a consultant at a small financial services firm, and a (young, disturbed) user was going around playing stupid pranks on unattended PCs. I mandated the use of screenblankers that kicked in after 3 minutes of inactivity and required a password to get back. The user would then reboot the PCs; some password was needed to get onto the LAN, but he'd mess with the local config.sys's. He eventually got fired and I do something else. > > (One of the IP bytes was 344, by the way.) > Re: ip #'s: Yeah, it's like all the phone numbers in every movie are > 555-xxxx. Probably they didn't want to get sued by posting a real net > address and get sued. I see! I remember reading that they discovered in the 30's that if they used a real phone number in a movie, some people would actually dial it to see what it is in real life, so all the phone numbers are in the nonexistent 555 exchange. I guess if a valid IP number were used, some folks would ping it or something. I guess byte values>255 are the IP equivalent of 555. Better than 127.0.0.1 - someone might telnet to 127.0.0.1, then ask mgm/ua whose address this is. :) > > "hot chats" on an her Mac, and hooks up the text to a voice synthesizer. > > can be telnetted into. But the voice synths are possible. Apple does > provide that capability. You'd have to get the irc client to use it. My 6yr-old's IBM Aptiva comes with a sound board and the software that reads English text and pronounces it in much more lifelike manner than the gizmo in the movie. That gizmo sounded annoyingly computer-like, but had intonations obviously coming from a human actor. > it either. It wasn't much of a "hot" chat. It could have been much > steamier. The sex content of this movie was pretty lame though... Hotter than any I've had in many, many years... So, will they ever show some real X-rated hot chat in a real R-rated movie? :) > > (If they all exchange so much e-mail, why do they bother FedExing diskettes > > More secure to fedex a disk. Nobody on the net can read what's not on > the net. ;-) Now if the author of this movie knew about pgp... totally > different story. Better yet, if they were shown sending each other PGP-encrypted e-mail over the Cypherpunks Anonymous Remailer Network... :) :) Maybe in the next movie. > > (E-mailed from an open-access computer at a computer show, I might add) > > Not unlikely. A lot of trade shows do provide machines with net access > as demos of the internet. Though it's usually manned by the ISP and not > out in the open. The notion is very realistic (but the flashy displays in the movie were not). At the recent PC Expo at the Javitz Center in NYC, there were tens of PCs running various Web browsers to try out. No one was watching over most of them. I entered the URL telnet://uunet.uu.net:119, and sure enough, got connected. It accepted 'IHAVE', but I was too lazy to type in an entire Usenet article. I (and the heroine) could have telnetted to someone's port 25 just as easily. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jcaldwel at iquest.net Thu Aug 3 17:54:03 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Thu, 3 Aug 95 17:54:03 PDT Subject: a hole in PGP In-Reply-To: <9508032026.AA16303@toad.com> Message-ID: Peter Trei wrote: > What would you do if you could crack RSA? > * Post the algorithm to the net [anonymously?]. I don't care about anonymous, I'd love to see RSA squirm and would want them to know who did it. > * Try to cut a deal with NSA Nah, I want to see them scrambling to update thier crypto and leave us the hell alone. -- So you may wonder -- "But what does that have to do with me?" Answer: I have locked horns with "The Devil", buddy boy, and compared to him, you ain't sh**. Brian Francis Redman to Chip Berlet From stripes at va.pubnix.com Thu Aug 3 19:52:43 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Thu, 3 Aug 95 19:52:43 PDT Subject: "The Net" In-Reply-To: <9o809c19w165w@bwalk.dm.com> Message-ID: In message <9o809c19w165w at bwalk.dm.com>, Dr. Dimitri Vulis writes: [...] >The notion is very realistic (but the flashy displays in the movie were not). >At the recent PC Expo at the Javitz Center in NYC, there were tens of PCs >running various Web browsers to try out. No one was watching over most of them >I entered the URL telnet://uunet.uu.net:119, and sure enough, got connected. >It accepted 'IHAVE', but I was too lazy to type in an entire Usenet article. >I (and the heroine) could have telnetted to someone's port 25 just as easily. That's odd. "uunet.uu.net" has had no A records for over a year. Perhapse you mean "news.uu.net"? At a recent the-net-is-hot-and-we-want-in show I appear to have torqued off some sales drones 'cause I managed to get their Kosak-mode web browser to give me a telnet. They had left a "search the net" link on their pages (pointing to Lycos or Info Seek - I don't remember which), and I used it to locate one of my pages which has a "type the URL" field (it issues a redirrect). I guess they didn't realise that if they give you a "global" search box you can get anywhere as long as you remember enough of the text on the page... From rsalz at osf.org Thu Aug 3 20:43:05 1995 From: rsalz at osf.org (Rich Salz) Date: Thu, 3 Aug 95 20:43:05 PDT Subject: Java, Netscape, OpenDoc, and Babel Message-ID: <9508040342.AA23479@sulphur.osf.org> >Perry -- do you have the same basic objection to Safe-TCL that you do >do to Java? I would think so. Safe-TCL comes from a different starting place. For example, the original intent was to actually remove all the dangerous operations such as file manipulation. As Perry's explained, this is different, and better, then just having the run-time "guarantee" that all file I/O is in a "Safe" place. Claimer: I invented safe-tcl, started by creating a mailing list with Ousterhout and Borenstein. Disclaimer: I walked away in disgust with the announcement of "enabled mail" so they may have broken things. /r$ From enzo at ima.com Thu Aug 3 20:45:17 1995 From: enzo at ima.com (Enzo Michelangeli) Date: Thu, 3 Aug 95 20:45:17 PDT Subject: SSLeay - Whats the story... In-Reply-To: <199508032140.OAA09085@usr2.primenet.com> Message-ID: On Thu, 3 Aug 1995, Jason Weisberger wrote: > Maybe I miss it, but when did this arrive? Is anyone testing it? You may take a look at http://www.psy.uq.oz.au/~ftp/Crypto/ My initial enthusiasm has somewhat vanished when I've realized that a free SSL implementation doesn't automatically allow to build a Netsite-compatible server: without a certificate issued by Verisign on behalf of Netscape Communications, Netscape Navigator won't talk to it. As SSL has some intrinsic points of weakness, I don't see the point of sticking to it to secure the TCP layer. For details, see also http://petrified.cic.net/~altitude/ssl/ssl.saga.html On the other hand, the CryptoTCP approach (see the file ctcp.0.9.tar.gz at ftp://utopia.hacktic.nl/pub/crypto) looks promising. Is anybody working on it? I'm interested in exchanging ideas, as I'm thinking of adding CryptoTCP client capabilities to a SOCKS 4.2 daemon. I see three major areas for improvement: 1. A better PRNG for the session key 2. Authentication of the D-H key exchange with digital signatures, a` la Photuris 3. Less "hard-wired" structure: at present, for example, the module size for D-H calculations is fixed at 1024 bits. 1. and 2. are relatively easy, but 3. would require a lot of work. Also, being able to negotiate different encryption algorithm in addition to triple-DES wouldn't be bad. From monty.harder at famend.com Thu Aug 3 20:45:35 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Thu, 3 Aug 95 20:45:35 PDT Subject: a hole in PGP Message-ID: <8AE74C9.00030002C3.uuout@famend.com> DF> How is it "unscholarly, unprofessional, needlessly personal, and just DF> plain insulting" to question the idea that hundreds of thousands of DF> people are trusting their freedom to software that is probably not ^^^^^^^^ This is where you go too far. You have no basis for assigning such a probability. While the incentives for releasing a crippled version are there, the program has been subjected to intense scrutiny. As time goes on, the failure to detect the kind of weaknesses you describe only increases trust in the algorithms. But if you are paranoid, get a hold of one of the international versions, use it to generate your keypairs, and then use MIT PGP to encrypt and decrypt your communications. Nobody can know what version you are using to make keys. Hell, if you are seriously paranoid, get the source code for key generation, and compile your own stand-alone keymaker. Post it to some .binaries thing via a remailer, and be happy that you foiled the dastardly plot. And send a copy to me, while you're at it. With source. I can compile my own from it that way. [Uh-oh. Sounds like "C'punks write code...."] * Everyone should have a cause. I have a cause. It's smut. I'm for it --- * Monster at FAmend.Com * From altitude at cic.net Thu Aug 3 21:55:54 1995 From: altitude at cic.net (Alex Tang) Date: Thu, 3 Aug 95 21:55:54 PDT Subject: SSLeay - Whats the story... In-Reply-To: Message-ID: <199508040455.AAA18486@petrified.cic.net> On Thu Aug 3 23:45:04 1995: you scribbled... > > On Thu, 3 Aug 1995, Jason Weisberger wrote: > > > Maybe I miss it, but when did this arrive? Is anyone testing it? > > You may take a look at http://www.psy.uq.oz.au/~ftp/Crypto/ > > My initial enthusiasm has somewhat vanished when I've realized that a > free SSL implementation doesn't automatically allow to build a > Netsite-compatible server: without a certificate issued by Verisign on > behalf of Netscape Communications, Netscape Navigator won't talk to it. > As SSL has some intrinsic points of weakness, I don't see the point > of sticking to it to secure the TCP layer. just wondering but...What are the intrinsic points of weakness? ...alex... From rjc at clark.net Thu Aug 3 22:17:39 1995 From: rjc at clark.net (Ray Cromwell) Date: Thu, 3 Aug 95 22:17:39 PDT Subject: Java, Netscape, OpenDoc, and Babel In-Reply-To: <9508040342.AA23479@sulphur.osf.org> Message-ID: <199508040517.BAA05467@clark.net> > > >Perry -- do you have the same basic objection to Safe-TCL that you do > >do to Java? I would think so. > > Safe-TCL comes from a different starting place. For example, the original > intent was to actually remove all the dangerous operations such as > file manipulation. As Perry's explained, this is different, and better, > then just having the run-time "guarantee" that all file I/O is in a > "Safe" place. Uh, no. There is no difference between this and Java. File I/O operations can be added to any Safe-TCL restricted interpreter via "declareharmless". The trusted and untrusted interpreters don't run in separate process spaces, nor is it chrooted(). Perry's criteria is that a failure can not result in the interpreter gaining priveleges it doesn't have. In Safe-TCL this is possible because there is no protection between the trusted and untrusted interpreters. It's possible that a bug could cause the interpreter to use an operating system privelege the model clearly wasn't supposed to have. (e.g., what if, by chance, the restricted and unresstricted interpreter pointers get swapped or given to a function in reverse argument order within an application? Kaboom, the safe-tcl script executes with full priveleges) This is much less secure than Java. First of all, there is no "declareharmless" in Java. The only way to access any low-level I/O in Java is via a class interface, and the "final" keyword on the Java i/o classes prevent any subclasses from overriding these methods. You can not tell the Java runtime to add a new privelege to the interpreter like in Safe-TCL. The only way to extend Java is to create "native" C-code methods and link them in. Java relies on its class loader and byte-code verifier to make sure unauthorized code is attempting execution (such as overriding a system method) It's not as secure as chroot() the Java runtime and running it in a separate process with only a pipe to communicate with the outside O/S, but I feel it is a lot safer than Safe-Tcl. (not to denigrate Safe-TCL, I am using it in a large project, but this is MHO) Finally, all you have to do to remove all I/O ability from Java is delete the File I/O classes from the class hierarchy on your disk where HotJava runs. Most apps don't use any File I/O anyway. (Java forces file i/o to only be allowed in ~/.hotjava or wherever an environment variable points) Java has no built in I/O primitives in the language itself. -Ray From rjc at clark.net Thu Aug 3 22:32:46 1995 From: rjc at clark.net (Ray Cromwell) Date: Thu, 3 Aug 95 22:32:46 PDT Subject: Appropriate Topics? In-Reply-To: Message-ID: <199508040532.BAA08605@clark.net> > > At 8:35 PM 8/3/95, Ray Cromwell wrote: > > >> Good idea. > >> > >> I would have some suggestions, but first > >> an important question: > >> > >> Is it to be discussed on the Cypherpunks list? > > > > I don't see why not. It's related to crypto, and it's related to > >writing code. Or has the cypherpunks list degenerated into an arena > >where the top subjects are the Waco hearings, paranoid government/NSA > >rumors, US vs German censorhip, and irrelevent political messages? > > As I see things, talking about Ray's ideas for an object-oriented crypto > library is a big part of what this list is for. (Ditto for Wei Dai's code, > for Hal's code, and so on.) > > However, it's a mistake to think that the _only_ thing appropriate for the > list is talking about code (of either kind). Not that Ray said this. Right, I wasn't saying that. I was being sarcastic. I have my mailbox filled up everyday by noisey messages like that PBS under the Republican's post (which is old, I saw it months ago), discussions of the newest conspiracy behind the Randy Weaver incident, etc, without uttering a peep. I just hit 'd' and go on. So I post a message about crypto and coding, and all of a sudden I get accused of not being on topic. I obviously put some time and thought into my message, I experienced a weird sort of ironic feeling when I saw the comment (about being off topic) Kinda like, "what is this world coming too when an annoying 800 line policy analysis forward, and discussions of the OJ trial are considered 'signal'" I don't think the only valuable contribution to c'punks is writing code, in fact, I'm not writing code, I'm discussing theoretical abstractions. All kinds of posting types from t-shirts, to meetings, to political activism are valuable. In order to write code, you must think about and discuss what you are going to write first. In order to fight politically, you must have discussion and debate. What I don't think is valuable are these massive forwards, subscriptions of cypherpunks to Web servers, and 2-line followups with snide remarks. Decrease the entropy. ;-) -Ray From dlv at bwalk.dm.com Thu Aug 3 22:50:13 1995 From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Date: Thu, 3 Aug 95 22:50:13 PDT Subject: "The Net" In-Reply-To: Message-ID: "Josh M. Osborne" writes: > That's odd. "uunet.uu.net" has had no A records for over a year. > Perhapse you mean "news.uu.net"? Yes, sorry. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at sensemedia.net Thu Aug 3 23:40:51 1995 From: tcmay at sensemedia.net (Timothy C. May) Date: Thu, 3 Aug 95 23:40:51 PDT Subject: RSA has been proved correct Message-ID: Serendipity strikes. I was reading the logic programming/theorem proving chapter of my new Russell and Norvig book on AI, and came across something I once knew about but had forgotten: the Boyer-Moore theorem prover was applied to the RSA algorithm and the correctness of it was verified. Correctness in the sense of showing that outputs match formal specs, for all inputs. The paper is: Boyer, R.S and Moore, J.S. (1984). Proof checking the RSA public key encryption algorithm, "American Mathematical Monthly," 91(3):181-189. Now this does not mean: - that implementations cannot have flaws, backdoors, etc. - that larger systems which use RSA cannot have flaws, backdoors, etc. What it says is that there is hope that formal verification of critical modules is possible. I can't imagine too many areas of software engineering that are more critical to modularize and verify than crypto and digital money sorts of things. Huge monolithic programs are vastly more difficult--probably intractable--to verify. The "crypto library" project(s)--I use the plural because there have been several such projects--are good ideas. Small modules that do one thing and one thing only are best for building larger modules robustly. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at sensemedia.net | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From enzo at ima.com Fri Aug 4 01:03:23 1995 From: enzo at ima.com (Enzo Michelangeli) Date: Fri, 4 Aug 95 01:03:23 PDT Subject: SSLeay - Whats the story... In-Reply-To: <199508040455.AAA18486@petrified.cic.net> Message-ID: On Fri, 4 Aug 1995, Alex Tang wrote: > > just wondering but...What are the intrinsic points of weakness? Perry Metzger and Mark Chen have recently expressed some criticism, and Adam Shostack, around the end of May, posted a review that hilighted a number of potential problem areas. Personally, I especially dislike the use of RC4-40 (yes, other algorithms are supported, but not using the export version of Netscape Navigator); the excessively large portion of the handshaking data exchanged as cleartext; and the limitations in certificate management (no provisions for verifying the revocation status with a CA). From eay at mincom.oz.au Fri Aug 4 01:50:54 1995 From: eay at mincom.oz.au (Eric Young) Date: Fri, 4 Aug 95 01:50:54 PDT Subject: SSLeay - Whats the story... In-Reply-To: Message-ID: On Fri, 4 Aug 1995, Enzo Michelangeli wrote: > On Fri, 4 Aug 1995, Alex Tang wrote: > Perry Metzger and Mark Chen have recently expressed some criticism, and > Adam Shostack, around the end of May, posted a review that hilighted a > number of potential problem areas. Do you have a copy of this? > Personally, I especially dislike the use of RC4-40 (yes, other algorithms > are supported, but not using the export version of Netscape Navigator); Totaly agree, hell, I going to give the option for users and server to specify at run time which ciphers never to use :-). > the excessively large portion of the handshaking data exchanged as > cleartext; and the limitations in certificate management (no provisions > for verifying the revocation status with a CA). The clear text I don't like, I agree. But then when used for http, everything begins with a GET anyway. The CRL verification is again to me a matter of implementation. Currently my library does not support CRL (but I can load and manipulate them). It is simply a function of the infrastructure to go with the library. SSL v3 of the spec does alow for CRL to be passed along with the certificate heigherachy (a PKCS-7 object). I'm mostly concered with any objections raised with the protocol, not the particular implementation around right now. With my library I fully intend to make it possible to refuse to authenticate the server unless a current CRL is present. Anyway, I'm intersted in hearing people complains so I can attempt to make sure none of the fixable problems are in my library :-) eric -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups that the message contents :-) From mnorton at cavern.uark.edu Fri Aug 4 02:35:49 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Fri, 4 Aug 95 02:35:49 PDT Subject: Noise: PBS under the Republicans (fwd) In-Reply-To: <199508031636.MAA00571@panix4.panix.com> Message-ID: On Thu, 3 Aug 1995, Perry E. Metzger wrote: > > What, exactly, does this have to do with cryptography? > > .pm If you have to ask, you can't afford it. MacN From enzo at ima.com Fri Aug 4 04:31:05 1995 From: enzo at ima.com (Enzo Michelangeli) Date: Fri, 4 Aug 95 04:31:05 PDT Subject: SSLeay - Whats the story... In-Reply-To: Message-ID: On Fri, 4 Aug 1995, Eric Young wrote: > Do you have a copy of this? Yes, I've forwarded it to you separately. > The clear text I don't like, I agree. But then when used for http, > everything begins with a GET anyway. Well, ssh and Photuris shows that a better way is possible: do a D-H key exchange, then handle anything else (including the authentication of the D-H transaction) on the newly established encrypted channel. From pgf at tyrell.net Fri Aug 4 04:42:44 1995 From: pgf at tyrell.net (Phil Fraering) Date: Fri, 4 Aug 95 04:42:44 PDT Subject: Noise: PBS under the Republicans (fwd) In-Reply-To: Message-ID: <199508041138.AA22941@tyrell.net> Date: Thu, 3 Aug 1995 18:04:50 -0500 (CDT) From: Mac Norton Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cypherpunks at toad.com Precedence: bulk On Thu, 3 Aug 1995, Perry E. Metzger wrote: > > What, exactly, does this have to do with cryptography? > > .pm If you have to ask, you can't afford it. MacN Oh, I get it! PBS is a steganography engine for all of those big foundations? From jya at pipeline.com Fri Aug 4 05:34:55 1995 From: jya at pipeline.com (John Young) Date: Fri, 4 Aug 95 05:34:55 PDT Subject: PRA_fix Message-ID: <199508041234.IAA00106@pipe2.nyc.pipeline.com> 8-4-95. NYPaper: "A Contract Is Awarded To Improve Navigation." The Federal Aviation Administration yesterday awarded a contract to greatly improve a navigation system that would let civilians pinpoint their locations anywhere in the United States to within 21 feet. The augmentation would consist of 36 receiving stations in the United States, each fixed in a precisely surveyed spot. Each station would listen electronically for the signals given off by the halo of satellites, and calculate what the satellites were saying about the station's location. But the station, bolted down, would not rely on the satellites to determine its location; it would already know that precisely. The central office, listening to all 36 stations, would establish a correction factor. It would radio the correction factor to a different satellite, one in geosynchronous orbit over the United States, meaning that its position did not change relative to the earth's surface. The geosynchronous satellite would radio a correction factor back to planes in flight, or any other user. The plane would also receive signals from the G.P.S. satellites, calculate a position, apply the correction factor and fix its location. PRA_fix From jya at pipeline.com Fri Aug 4 05:40:37 1995 From: jya at pipeline.com (John Young) Date: Fri, 4 Aug 95 05:40:37 PDT Subject: WYE_not Message-ID: <199508041240.IAA00566@pipe2.nyc.pipeline.com> Absent crypto, but present priv-gov fee-fame combat: The New Yorker of July 31 writes on the indictment of six lawyers in Miami on drug-conspiracy charges. "The Thin White Line: Federal indictment in Miami depicts six defense lawyers as virtual traitors in the war on drugs. Is the government overreaching?" WYE_not (about 28K, in two parts) From rah at shipwright.com Fri Aug 4 05:43:34 1995 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 4 Aug 95 05:43:34 PDT Subject: SURVEY: Money on the Internet Message-ID: I saw this in sci.econ. I filled it out, but mostly I'm interested in the results. The survey seems pretty thorough, mostly crypto-aware, and it includes a question about the value of anonymity... Cheers, Bob Hettinga : From: weiler at ic.ac.uk (Mr R.M. Weiler) : Newsgroups: sci.econ : Subject: SURVEY: Money on the Internet : Date: 31 Jul 1995 11:15:02 GMT : Organization: Imperial College of Science, Technology and Medicine, London : Lines: 18 : Sender: r.m.weiler at ic.ac.uk : Followup-To: : Message-ID: <3vidvm$lnm at oban.cc.ic.ac.uk> : NNTP-Posting-Host: sg1.cc.ic.ac.uk : : Hi there! : : I am doing a research on the use of money on the Internet. I would : appreciate it if you could answer a short survey on this subject, found at : the following Web site: : : http://graph.ms.ic.ac.uk/money : : I would also appreciate any remark on this survey. Please tell your friend : about it, too. : : Many thanks! : : Roy Weiler : The Management School : Imperial College : e-mail: r.m.weiler at ic.ac.uk -- Robert Hettinga (rah at shipwright.com) "There is no difference between Shipwright Development Corporation someone who eats too little 44 Farquhar Street and sees Heaven and someone Boston, MA 02331 USA who drinks too much and sees (617) 323-7923 snakes." -- Bertrand Russell Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf From perry at panix.com Fri Aug 4 05:46:47 1995 From: perry at panix.com (Perry E. Metzger) Date: Fri, 4 Aug 95 05:46:47 PDT Subject: FIPS number for SHA - The Next Generation Message-ID: <199508041246.IAA11750@panix2.panix.com> Since I last asked a while back, have the folks at NIST published a new version of the SHA FIPS with the small modifications made to it to "repair" the defect? I need the information for an RFC that is being submitted to the RFC editor today so its kind of important... Perry From rsaeuro at sourcery.demon.co.uk Fri Aug 4 05:49:21 1995 From: rsaeuro at sourcery.demon.co.uk (rsaeuro - General) Date: Fri, 4 Aug 95 05:49:21 PDT Subject: ANNOUNCE:- RSAEURO Version 1.00 Message-ID: <12@sourcery.demon.co.uk> ANNOUNCE:- RSAEURO Version 1.00 =============================== What is RSAEURO? ---------------- RSAEURO is a cryptographic toolkit providing various functions for the use of digital signatures, data encryption and supporting areas (PEM encoding, random number generation etc). To aid compatibility with existing software, RSAEURO is call-compatible with RSADSI's "RSAREF(tm)" toolkit. RSAEURO allows non-US residents to make use of much of the cryptographic software previously only (legally) available in the US. RSAEURO contains support for the following: * RSA encryption, decryption and key generation. Compatible with 'RSA Laboratories' Public-Key Cryptography Standard (PKCS) #1. * Generation and verification of message digests using MD2, MD4, MD5 and SHS (SHS currently not implemented in higher-level functions to maintain compatibility with PKCS). * DES encryption and decryption using CBC (1, 2 or 3 keys using Encrypt-Decrypt-Encrypt) and DESX(tm), RSADSI's secure DES enhancement. * Diffie-Hellman key agreement as defined in PKCS #3. * PEM support support for RFC 1421 encoded ASCII data with all main functions. * Key routines implemented in assembler for speed (80386 and 680x0 currently supported). International Use ----------------- IMPORTANT NOTICE: Please do not distribute or use this software in the US it is 'illegal' to use this toolkit in the US, as PKP have a patent to public-key cryptography. If you are a US resident, please use the RSAREF toolkit instead. Ftp Sites --------- RSAEURO can be found at ftp://ftp.dsi.unimi.it/pub/security/crypt/code ftp://ftp.ox.ac.uk/pub/crypto/misc Author Details -------------- With comments and suggestions, please address them to Stephen Kapp, at 'rsaeuro at sourcery.demon.co.uk' ---------------------------------------------------------------------------- RSAEURO: rsaeuro at sourcery.demon.co.uk RSAEURO Bugs: rsaeuro-bugs at sourcery.demon.co.uk RSAEURO - Copyright (c) J.S.A.Kapp 1994-1995. All Trademarks Acknowledged. ---------------------------------------------------------------------------- From rah at shipwright.com Fri Aug 4 05:55:45 1995 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 4 Aug 95 05:55:45 PDT Subject: PRA_fix Message-ID: > 8-4-95. NYPaper: > > > "A Contract Is Awarded To Improve Navigation." [snip] > The geosynchronous satellite would radio a correction > factor back to planes in flight, or any other user. The > plane would also receive signals from the G.P.S. > satellites, calculate a position, apply the correction > factor and fix its location. This is called an active location system, and it was originally disigned by G.K. O'Neill (The Princeton Physics Prof., Space Studies Institute founder, the guy who came up with all those spiffy space-settlement ideas in the late seventies -- see Babylon 5 for a picture ;-) -- and the inventor of the mass driver, among other things), under the name of Geostar, in the early 1980's. It's accuracy was supposed to be 6 inches in 2 dimensions, and 6 feet in 3 diminsions. The FAA didn't like it because they didn't invent it, the DOD hated it because they wanted to commercialize GPS and they didn't want anything so accurate for civilian purposes. The transponders were going to be beensy little things about the size of pagers relying on high-energy burst transmissions. ObCrypto/Privacy: It relied on a fast computer on the ground to calculate where you were, it allowed short messages, and presumably it was going to send them in the clear. It also had a "panic" button function, where someone in trouble could summon help no matter where they were. ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From perry at panix.com Fri Aug 4 06:10:51 1995 From: perry at panix.com (Perry E. Metzger) Date: Fri, 4 Aug 95 06:10:51 PDT Subject: Java, Netscape, OpenDoc, and Babel In-Reply-To: <199508032138.VAA00125@jihad.yak.net> Message-ID: <199508041310.JAA02958@panix4.panix.com> strick at Jihad writes: > Perry -- do you have the same basic objection to Safe-TCL that you do > do to Java? I would think so. I do, but not as strongly. The language is much more constrained and actually does have a lot of the evil bits ripped clear out (or at least they could be ripped out.) Perry From danisch at ira.uka.de Fri Aug 4 07:20:07 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Fri, 4 Aug 95 07:20:07 PDT Subject: RSA has been proved correct Message-ID: <9508041418.AA21187@elysion.iaks.ira.uka.de> Mmmh, correctness does not mean "it's a nice thing". It just means that something fulfills the specs. Do you know which specs were fed into the prover? The specs could be as weak as - RSA must terminate if fed with the number 42 - x ^ (e * d) = x mod n for all x from 0..(n-1) Hadmut From danisch at ira.uka.de Fri Aug 4 07:46:45 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Fri, 4 Aug 95 07:46:45 PDT Subject: NRC Panel, Law Enforcement questions Message-ID: <9508041309.AA20627@elysion.iaks.ira.uka.de> Hello Jim, I apologize that I didn't answer immediately. I have subscribed to several mailing lists and sometimes get some hundred mails a day. I don't have the time to read everything and therefore I have to select. I didn't read this thread, but I found it in my archives. > I wonder, and perhaps my kind friend Hadmut can help me here, if there is > an English translation of any and all Nazi-era German laws/regs regarding > cryptography. As I [dimly] recall, Enigma was born as a private enterprise > and the patent was only later taken over by government and classified after > it was offered for sale to businesses (without much luck). These laws, if > they exist, might make for interesting reading in side-by-side comparison > with either Sen. Grassley's latest proposals, or with anything regarding > cryptography coming from our paranoid FBI director. I fear I have to disappoint you. :-( First of all I don't know of any english translation of such laws. The only english translation of law I know about is the translation of our current basic law. It might be easier to find english translations in english or american libraries than in german libraries. Second, I don't know whether they had a certain law about cryptography. AFAIK Enigma was a commercial product first and was taken over by the government. But I don't know they way they did. Third, there was no need to have laws. I don't want to restart the discussion, but the Nazis didn't understand laws as so important. I have read a book about their justice some time ago. The 'idea' and the 'public feeling' was seen as more important than laws. But perhaps another telecommunication law may be interesting. It was forbidden to receive foreign radio senders. If they came into the house and the radio was tuned to foreing frequencies, you got into serious trouble. I just don't know where to find the text of the law. regards Hadmut From rjc at clark.net Fri Aug 4 07:59:58 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 4 Aug 95 07:59:58 PDT Subject: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel) In-Reply-To: <199508041310.JAA02958@panix4.panix.com> Message-ID: <199508041459.KAA11345@clark.net> > > > strick at Jihad writes: > > Perry -- do you have the same basic objection to Safe-TCL that you do > > do to Java? I would think so. > > I do, but not as strongly. The language is much more constrained and > actually does have a lot of the evil bits ripped clear out (or at > least they could be ripped out.) The same applies to Java. Anything can be ripped out of Java by removing the classes with the "native" methods on the local side. The class loader will barf at an object that references a class that doesn't exist. In fact, since that class contains the only way possible to access that privelege (it encapsulates all the nasty unix system calls you don't want to allow) there is no way for the untrusted code to call for instance, open(), because it doesn't know the address of it. Java does compile-time emasculation. (the compiler I'm speaking of is the Java compiler which must be run from the shell. The compiler is not a part of the browser) Now Safe-TCL has another mode of failure altogether. First of all, the way the interpreter is made "safe" is to take a fully working tcl interpreter (with full priveleges) at run time, and use TclDeleteCommand() to remove offending commands. Safe-TCL is not emasculated at compile time, but at run time. Now what if this removal-of-dangerous-commands process fails sometime, or fails to remove just a single command, because of say, a fence-post error, and that command just happens to be 'exec'? Furthermore, two interpreters are created, a "safe" one and an "unsafe" one. It is very possible for a programmer to accidently pass the pointer to the wrong interpreter. You should be nervous of an unsafe interpreter ever existing at all. Lastly, "declareharmless" allows priveleges to be added to Safe-TCL at run time, vs Java which only allows that by recompiling Java classes. If by any means, a trusted interpreter ever gets to execute this command, all is lost. One last comment: Java is a language specification, not an implementation specification. Sun wants Java to be a free and open language with other vendors creating compilers and runtime environments. Whether or not the Java runtime executes in a separate process space, chrooted(), etc is an implementation detail. In fact, I'm not totally sure that Hotjava doesn't do this already. Implementation details are not documented in the Java papers available at the Java home page. You have to read more than just the Java whitepaper to get an estimation of its security. -Ray From remailer at spook.alias.net Fri Aug 4 08:39:48 1995 From: remailer at spook.alias.net (NSA Spook) Date: Fri, 4 Aug 95 08:39:48 PDT Subject: to usura Message-ID: <199508041537.KAA14043@ valhalla.phoenix.net> usura cfs coming send note to list if you receive From Chris.Brenton at newsedge.com Fri Aug 4 08:59:51 1995 From: Chris.Brenton at newsedge.com (Chris Brenton) Date: Fri, 4 Aug 95 08:59:51 PDT Subject: to usura Message-ID: <9508041202.AA14456@herne.newsedge.com> Original-From: NSA Spook Original-Date: Fri, 4 Aug 1995 10:37:00 -0500 >usura >cfs coming >send note to list if you receive Thank you for posting this to the list. I needed some more useless mail... From ACLUNATL at aol.com Fri Aug 4 09:42:23 1995 From: ACLUNATL at aol.com (ACLUNATL at aol.com) Date: Fri, 4 Aug 95 09:42:23 PDT Subject: House Adopts Exon-Like Speech Crimes, Also Adopts Cox/Wyden Amendment Message-ID: <950804121746_47881732@aol.com> 8/4/95 ACLU Cyber-Liberties Alert: House Adopts Exon-Like Speech Crimes, Also Adopts Cox/Wyden Amendment --------------------------------------------------------- At 9:10 am today, the House of Representatives voted to adopt an omnibus "Managers Amendment" to the telecommunications bill (HR 1555), which included new Exon-like speech crimes that would censor the Internet. At 11:58 am, the House of Representatives voted 420 to 4 to adopt the Cox/Wyden amendment to the telco bill. The Cox/Wyden amendment, however, was not designed to -- and does not -- affect the Exon-like speech crimes provisions added to the telco bill by the House. Speech Crimes Provisions in Managers Amendment: The Managers Amendment containing the new speech crimes provisions also contained some forty other unrelated amendments. The Exon-like provisions were not a focus of the debate, and it is likely that most members cast their votes for reasons unrelated to these provisions. The Managers Amendment adds an entirely new Exon-like provision to the existing federal obscenity laws. The provision would make it a crime to "intentionally communicate by computer ... to any person the communicator believes has not attained the age of 18 years, any material that, in context, depicts or describes, in terms patently offensive as measured by contemporary community standards, sexual or excretory activities or organs." (18 U.S.C. 1465) This provision, like the Exon amendment passed by the Senate, would effectively reduce all online content to that which is suitable only for children. It also raises the same questions about service provider liability that were raised by the Exon amendment. The Managers Amendment would also make it a crime to "receive" prohibited material "by computer," thereby subjecting both Internet users and service providers to new prosecutions (18 U.S.C. 1462). Assuming that the House telco bill (HR 1555) is approved (which is highly probable by 3 pm today), both the House and Senate versions of the telco bill will include severe attacks on cyber-liberties. Cox/Wyden Amendment: The ACLU has supported the general approach of the Cox/Wyden amendment because it prohibits FCC regulation of content on the Internet and generally supports private sector initiatives, not government censorship, on cyberspace. As the ACLU has said before, there are several ambiguities and some real problems with the Cox/Wyden amendment. The two sponsors have committed to working with us on resolving the problems. (See previously posted ACLU Online Analysis of the Cox/Wyden Bill.) ----------------------------------------------------------- For the online community to take comfort in what is done in the final telco bill in the conference committee, at a minimum the following must occur: 1. The Senate's Exon/Coats amendment (the Communications Decency Act) must be rejected -- that is, deleted from the bill, not merely modified in some way. 2. The House's Exon-like speech crimes amendment must be rejected -- that is, deleted from the bill, not merely modified in some way. 3. The ambiguities and problems in the Cox/Wyden amendment must be resolved and then the Cox/Wyden amendment as modified should be included in the telco bill. The ACLU urges all those who care about free speech and personal privacy to focus their energized efforts on all three fronts of the fight. The ACLU will continue to fight all aspects of the cyber-censorship battle, including the Exon-like speech crimes provisions just passed by the House, the Exon/Coats amendment in the Senate, the Dole/Grassley anti-computer pornography bill, the Grassley anti-electronic racketeering bill, and the Feinstein anti-explosives information amendment to the counter-terrorism bill. From hfinney at shell.portal.com Fri Aug 4 10:02:55 1995 From: hfinney at shell.portal.com (Hal) Date: Fri, 4 Aug 95 10:02:55 PDT Subject: Java and Safe-TCL security Message-ID: <199508041701.KAA10421@jobe.shell.portal.com> The safe-tcl mailing list has not been active for a few months. I think a lot of interest has transferred to Java. One problem is that safe-tcl was oriented around email, so it lacks facilities for accessing web pages. I agree with Ray that the security of safe-tcl leaves something to be desired. I implemented a safe-tcl mail filter which would automatically run incoming mail scripts which were in safe-tcl format. This would be a generalization of a remailer, so that users could write scripts which would determine when the remailing would occur, etc. However I ran into a number of problems, particularly related to persistent storage (e.g. disk file access). This is a hard problem for a "safe" system to solve. One solution is to just forbid it, but beyond that you need to have rules about how much disk space a script can use, whether they can access each other's space, etc. There are some nice applications if they can do so, for example the telescript model where two software agents come together and exchange some information. Another tricky issue is if you are going to let the script talk to the outside world via email or tcp connections. How do you prevent abuse of this feature (sending junk email, or connecting to a web page and entering bogus data into a form)? But again, without this capability the script is pretty much limited to drawing pretty pictures on your screen, which isn't very useful. Here is one message I sent to the safe-tcl list earlier this year describing some of these problems in a little more detail. Note that there were also several bugs in the implementation which left security holes, things being checked in the wrong context and such. This is similar to what Ray was citing. Hal > From owner-safe-tcl at CS.UTK.EDU Fri Feb 10 22:30:35 1995 > X-Resent-To: safe-tcl at CS.UTK.EDU ; Sat, 11 Feb 1995 01:22:02 EST > Date: Fri, 10 Feb 1995 22:21:28 -0800 > From: Hal > To: safe-tcl at CS.UTK.EDU > Subject: setconfigdata and delivery time > Status: R > > The spec appears to allow delivery-time scripts to do setconfigdata. > This is a mechanism for a script to store persistent data. One application > would be a telescript-like interaction between scripts. Some data could > be stored by one script and later read by another. More interesting, a > script could even store some script, perhaps some or all of itself, into this > persistent store. That script could then be read and eval'd by a later > script. This way scripts could in effect call subroutines in each other, > providing somewhat similar functionality to telescript's procedure calls > between agents. > > At activation time the user gets asked whenever a script does > getconfigdata, although oddly not when a script does setconfigdata. > Also, the .safetcl.conf file is written on any getconfigdata after the > user has supplied or confirmed a database value. This will have the > side effect of writing out any setconfigdata values which have been > previously set by the script. > > At delivery time the current implementation will not ask the user since > there is no user to ask, which causes the writing out of the config data > base never to happen. So there is actually no way for a delivery time > script to set a persistent value right now. It would be easy to change > the code to allow delivery time scripts to set persistent values with > setconfigdata. > > However, this does open up a possible avenue for abuse. There is > presently no limit on how much data is written with setconfigdata. And > actually if the idea above were used where scripts put themselves into > the database for later running then the database could legitimately be > quite large. The problem would arise if a script abused this capability > by filling the disk with junk database entries. > > Maybe something is needed analogous to AutoConfirmMailHook to determine > whether a given SafeTcl_setconfigdata should be able to go out to the > disk. It would want to be given the data as input and possibly also > the size of the current database. Maybe there should be a counter of how > many times the current script has written to the database (or perhaps the > hook could retain this information itself). > > Two other points: as mentioned before the use of the database to retain > "system" information conflicts with its use for this purpose. If > database entries like "mailer" or "external-site" are changed and saved > to .safetcl.conf, that could break later invocations of swish. I think > this system data should be somewhere else (or else there needs to be > another form of persistent store for scripts). > > Secondly, the code right now checks the SafeTcl_evaluation_time > variable in the restricted interpreter to decide whether it should ask > the user. This is not reliable as the untrusted script could change > SafeTcl_evaluation_time. In other places the code checks > SafeTcl_InterfaceStyle and if it is empty then it doesn't ask. That > seems safer. > > Hal Finney > hfinney at shell.portal.com From whitaker at sgihub.corp.sgi.com Fri Aug 4 10:07:03 1995 From: whitaker at sgihub.corp.sgi.com (Russell Whitaker) Date: Fri, 4 Aug 95 10:07:03 PDT Subject: SuperMac Sentinel: Customer Support tale Message-ID: <199508041706.KAA20363@extropia.csd.sgi.com> jfg at fuente.engr.sgi.com (John Gibbon) wrote: >I got this from a friend, who got it from a friend, > who got it from a friend ... > > -------------------------------------- >SuperMac records a certain number of technical support calls at >random, to keep tabs on customer satisfaction. By wild "luck", they >managed to catch the following conversation on tape. > >Some poor SuperMac TechSport got a call from some middle level >official from the legitimate government of Trinidad. The fellow spoke >very good English, and fairly calmly described the problem. > >It seemed that was a coup attempt in progress at that moment. However, >the national armoury for that city was kept in the same building as >the Legislature, and it seems that there was a combination lock on the >door to the armoury. Of the people in the capitol city that day, only >the Chief of the Capitol Guard and the Chief Armourer knew the >combination to the lock, and they had already been killed. > >So, this officer of the government of Trinidad continued, the problem >is this. The combination to the lock is stored in a file on the >Macintosh, but the file has been encrypted with the SuperMac product >called Sentinel. Was there any chance, he asked, that there was a >"back door" to the application, so they could get the combination, >open the armoury door, and defend the Capitol Building and the >legitimately elected government of Trinidad against the insurgents? > >All the while he is asking this in a very calm voice, there is the >sound of gunfire in the background. The Technical Support guy put the >person on hold. > >A phone call to the phone company verified that the origin of the call >was in fact Trinidad. Meanwhile, there was this mad scramble to see >if anybody knew of any "back doors" in the Sentinel program. As it >turned out, Sentinel uses DES to encrypt the files, and there was no >known back door. The Tech Support fellow told the customer that aside >from trying to guess the password, there was no way through Sentinel, >and that they'd be better off trying to physically destroy the lock. > >The official was very polite, thanked him for the effort, and hung up. >That night, the legitimate government of Trinidad fell. One of the >BBC reporters mentioned that the casualties seemed heaviest in the >capitol, where for some reason, there seemed to be little return fire >from the government forces. > > > -- Russell Earl Whitaker whitaker at sgi.com Webmaster, Silicon Junction Silicon Graphics, Inc. Mountain View, CA =============================================================== http://reality.sgi.com/employees/whitaker From buster at klaine.pp.fi Fri Aug 4 10:23:52 1995 From: buster at klaine.pp.fi (Kari Laine) Date: Fri, 4 Aug 95 10:23:52 PDT Subject: EU Data Protection Message-ID: <199508041723.AA07790@personal.eunet.fi> > Date: Thu, 03 Aug 1995 13:25:25 -0400 > To: cypherpunks at toad.com > From: Duncan Frissell > Subject: EU Data Protection > Could I bother the members of this list with a request that anyone who has a > copy of (this week's or a recent) Computerworld, look and see if I'm quoted > in an article by Mitch Betts on the European Union's humorous decree on > Euro-wide data protection. I was interviewed last Thursday. The decree > (July 24th) threatens to cut off data flows to any nation that doesn't adopt > Eurosclerotic data protection standards. Excuse me - what the f**k is this? Does it bear some truth in it or is it just a bad joke? If it is not a joke where to get the damn text - thanks. Sorry for the language but this does sound just the thing I have heard some rumours of and which certainly would result in banning strong crypto. Regards Kari Kari Laine buster at klaine.pp.fi LAN Vision Oy Tel. +358-0-502 1947 Sinikalliontie 14 Fax +358-0-524 149 02630 ESPOO BBS +358-0-502 1576/1456 FINLAND From droelke at spirit.aud.alcatel.com Fri Aug 4 10:29:20 1995 From: droelke at spirit.aud.alcatel.com (Daniel R. Oelke) Date: Fri, 4 Aug 95 10:29:20 PDT Subject: NIST/NCSSC National Information Systems Security Conference Message-ID: <9508041729.AA04377@spirit.aud.alcatel.com> A couple of days ago I got a booklet about the "18th National Information Systems Security Conference (formerly the National Computer Security Conference) " being held October 10-13 in Baltimore. Just a little excerpt about it: One of the tracks is "The Internet and Beyond" Several of the sessions look rather interesting. The "Management and Administration" track includes at least two sessions by D. Denning of Georgetown Univ. One of them is "Legalities: Will Encryption Keep Out Hackers" and the other is "Critical Factors of Key Escrow Encryption Systems". The first of those has a panel of S. Bellovin of AT&T, M. Higgins of DISA, S. Kent of BBN, and E. Spafford of COAST. So, is this a converence that is really worth something, or something that the management heads might learn something at? ;-) I guess that ordering my personal set of the Rainbow books gets me on more lists than I thought :-) Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX http://spirit.aud.alcatel.com:8081/~droelke/ From frissell at panix.com Fri Aug 4 10:42:24 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 4 Aug 95 10:42:24 PDT Subject: EU Data Protection Message-ID: <199508041742.NAA21367@panix.com> At 04:43 PM 8/4/95 +0002, Kari Laine wrote: >Excuse me - what the f**k is this? Does it bear some truth in it >or is it just a bad joke? If it is not a joke where to get the damn >text - thanks. Sorry for the language but this does sound just >the thing I have heard some rumours of and which certainly >would result in banning strong crypto. http://snyside.sunnyside.com/cpsr/privacy/privacy_international/internationa l_laws/ec_data_protection_directive_1995.txt Has the preliminary text. The final won't be up for a while but won't be that different. Also try: http://www.open.gov.uk/dpr/dprhome.htm The UK Data Protection Registrar's home page. They've been trying to control electronically stored records since 1984. DCF From rjc at clark.net Fri Aug 4 11:12:25 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 4 Aug 95 11:12:25 PDT Subject: Java and Safe-TCL security In-Reply-To: <199508041701.KAA10421@jobe.shell.portal.com> Message-ID: <199508041812.OAA23036@clark.net> > > The safe-tcl mailing list has not been active for a few months. I think > a lot of interest has transferred to Java. One problem is that safe-tcl > was oriented around email, so it lacks facilities for accessing web > pages. > > I agree with Ray that the security of safe-tcl leaves something to be > desired. I implemented a safe-tcl mail filter which would automatically > run incoming mail scripts which were in safe-tcl format. This would be a > generalization of a remailer, so that users could write scripts which > would determine when the remailing would occur, etc. However I ran into > a number of problems, particularly related to persistent storage (e.g. > disk file access). This is a hard problem for a "safe" system to solve. Hal, One of the designs I have one the drawing board is to store per-script persistent data in a dbm file, and allow scripts to import/export data from/to a shared tuple-space. I would limit the data storage to 1024 bytes (to make it portable, some DBM libraries have this limit) Scripts could store variables via a new command added to the interpreter like 'SafeTcl_putvar varname value', and access valuables with 'SafeTcl_getvar varname', 'SafeTcl_varlist'. Also, there would be a 'SafeTcl_read_variables' which could be executed at the beginning of the script to reload all stored variables. Scripts could talk to other scripts by means of a SafeTcl_export -value value scriptname1 scriptname2 ... The other script(s) could check for any incoming imports and use SafeTcl_import to retrieve the value. (when the last import is done, the data is garbage collected. Also, there would be a timestamp so that old data would be purged after a time limit anyway) An example might be, a calendar application in your mailbox which maintains your weekly schedule. An incoming message script (agent), could "export" some data to this calendar script which would correspond to some command. For instance, asking if you would like to have dinner at a certain time. If the calendar agent says yes, it could send a reply agent to inform your calendar. The calendar could be programmed to wakeup every so often and check for imports, or the interpreter could just be made to "wakeup" any script that got an import immediately. Telescript's checkpointing of execution state is of course, much cleaner. Too bad they don't know how to market a programming language. If anyone writes an enabled-mail java runtime, the same things could be done a lot easier. The problem with all safe "agent" designs is that the programming language itself isn't enough. There needs to be a meta-agent language for querying capabilities of local environments. -Ray From nobody at REPLAY.COM Fri Aug 4 11:15:43 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 4 Aug 95 11:15:43 PDT Subject: PC E-cash (NewsClip) Message-ID: <199508041815.UAA27253@utopia.hacktic.nl> Secret Service Says Student Used PC To Print Money Lubbock, Tex., Aug. 3 -- PC graphics programs have come a long way since their inception, but not far enough to fool the Secret Service. That's what a Texas Tech student tried to do when he used his personal computer to print counterfeit money, according to Secret Service agents. "He really put his whole heart and soul into it," according to Lubbock, Texas Secret Service Resident Agent David Freriks. Freriks said the man is an engineering student at Texas Tech, but told agents he plans to change his major to computer science. The 20-year old student hasn't been identified by name since he hasn't been formally charged yet, according to Freriks. But officials apparently aren't concerned that he will flee. "At this point, he's more afraid of his dad than anything," said one agent. Freriks said the Pakistani national, who resides in affluent southwest Lubbock, scanned a real $50 bill into his PC, then printed the image to an Epson inkjet color printer. Agents said the money looked real at a distance but up close the designs were blurred, the coloration was faulty, and the paper was slick and didn't have a watermark strip. Freriks said agents are confident that all of the approximately $3,300 that was circulated has been recovered except for about $1,000 which he said he is sure will show up eventually, since the quality makes it easy for bank employees to spot. ... Investigators seized the home computer, printer and scanner from the student's home. They said they also found a suitcase containing almost $260,000 in fake $50 bills. -- From sdw at lig.net Fri Aug 4 11:20:20 1995 From: sdw at lig.net (Stephen D. Williams) Date: Fri, 4 Aug 95 11:20:20 PDT Subject: IPng6, SWIPE, ssh, etc. Message-ID: I would like some summary opinions of the state of various efforts to enable full IP encryption. I'm looking for progress reports and hints as to which technologies are the closest to being implementable. After playing with ssh, I've been thinking of what it would take to start migrating certain links to full encryption, possibly using a VPN-like arrangement. I'm interested in hacking Linux, loopback userspace drivers for other Unix's, and thinking about what would need to be done for MS-BLECH. Of course, firewall like conversion of IP<->IPng6 would be great. Of course now that Linux has IP aliasing, IP masquerading (partial I think), ipfw, and IP over IP tunneling, it has much of what it needs. I'm just considering development and migration paths. I haven't kept up on IPng6 docs, so succinct pointers would be helpful. One interesting tact might be to start running a dual IPng6/IP stack where it learns to tunnel packets over a well-known IP udp/tcp link if an address doesn't respond to IPng6. sdw -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From rjc at clark.net Fri Aug 4 11:40:35 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 4 Aug 95 11:40:35 PDT Subject: EU Data Protection In-Reply-To: <199508041742.NAA21367@panix.com> Message-ID: <199508041840.OAA01729@clark.net> Just more evidence for why even "well meaning" policywonks are dangerous. Take for instance the rule that "data must be kept up to date and accurate" How up to date and what is accuracy? So if I have a commercial web page which records transactions on my server, and I stop logging and keep year old records, do some statistic processing on them, I am in violation for having stale data. And what the hell is "accurate" data? All information about other people is subjective. I should be entitled to record any statistics about you for my use that I want. Just by interacting with me you transmit information. If I interact with you and get the "wrong impression" about what type of person you are, am I in violation for storing inaccurate data? (e.g. if I write in my computerized diary "I think John Smith is a jerk.") How will this law affect reputation servers? If my reputation server has what you consider a bad review of you, am I in violation? Privacy should be implemented via cryptography, not obscure politcal machines which are doomed to fail and produce a black market for personal data anyway. -Ray From hayden at krypton.mankato.msus.edu Fri Aug 4 11:42:24 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 4 Aug 95 11:42:24 PDT Subject: House Adopts Exon-Like Speech Crimes, Also Adopts Cox/Wyden , Amendment In-Reply-To: <950804121746_47881732@aol.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 4 Aug 1995 ACLUNATL at aol.com wrote: > At 9:10 am today, the House of Representatives voted to adopt an omnibus > "Managers Amendment" to the telecommunications bill (HR 1555), which included > new Exon-like speech crimes that would censor the Internet. At 11:58 am, > the House of Representatives voted 420 to 4 to adopt the Cox/Wyden amendment > to the telco bill. The Cox/Wyden amendment, however, was not designed to -- > and does not -- affect the Exon-like speech crimes provisions added to the > telco bill by the House. 420 to 4 eh? Was Newt one of those people that voted against it since he publicly came out as opposed to it? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMCJOBjokqlyVGmCFAQGSCAP/V4MoKB8U5IwR4yBOEjx12SyE/K0gsnqU YnPcwt4yiaGvj8gcw5LY8PsuN+VKMldq1OZbQxyKxCERacvuYV8+iCPKszCOJAcq LHcnuuNbm2j/5zFRHtX6T6IgL6j7uqaZ2IUhyLIF3nCqeFrHyLwQJaHhmezq1Hkz DViNw9qqjpY= =TQvO -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.0 GED/J d-- s:++>: a-- C++(++++) ULU++ P+! L++ E---- W+(-) N++++ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G++++>$ e++ h r-- y++** ------END GEEK CODE BLOCK------ From pgf at tyrell.net Fri Aug 4 12:17:07 1995 From: pgf at tyrell.net (Phil Fraering) Date: Fri, 4 Aug 95 12:17:07 PDT Subject: PRA_fix In-Reply-To: Message-ID: <199508041911.AA13305@tyrell.net> X-Sender: rah at tiac.net > 8-4-95. NYPaper: > > > "A Contract Is Awarded To Improve Navigation." [snip] > The geosynchronous satellite would radio a correction > factor back to planes in flight, or any other user. The > plane would also receive signals from the G.P.S. > satellites, calculate a position, apply the correction > factor and fix its location. This is called an active location system, and it was originally disigned by G.K. O'Neill (The Princeton Physics Prof., Space Studies Institute founder, the guy who came up with all those spiffy space-settlement ideas in the late seventies -- see Babylon 5 for a picture ;-) -- and the inventor of the mass driver, among other things), under the name of Geostar, in the early 1980's. It's accuracy was supposed to be 6 inches in 2 dimensions, and 6 feet in 3 diminsions. The FAA didn't like it because they didn't invent it, the DOD hated it because they wanted to commercialize GPS and they didn't want anything so accurate for civilian purposes. Actually, I (and probably others, but I don't want to argue from the "it is widely believed" position) feel fairly sure that the government commercialized GPS in order to put Geostar out of business, because there's nothing for putting a company out of business quite like the government saying the'll spend thirty billion dollars giving the same thing away for free. It's interesting that they're mentioning the ATC application: O'Neill was a private pilot and came up with the Geostar idea initially as an improvement to the current air traffic control system. The whole thing would have cost less than either GPS or the planned upgrades to the current ATC system, but the government is willing to pay an order of magnitude (or more) worth of money to get a system they can control. Phil From rah at shipwright.com Fri Aug 4 12:21:15 1995 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 4 Aug 95 12:21:15 PDT Subject: PC E-cash (NewsClip) Message-ID: >Secret Service Says Student Used PC To Print Money etc. This reminds me of something which happened to me last week in a Burger King in Chelsea(MA), where the skipper now keeps the boat I grind winches on. I'm paying for my lunch and the cashier takes out a felt-tip pen and puts a little mark on my $10 bill. She tells me that if the pen-stroke turns yellow instead of the black one she got with mine, the bill is counterfeit. She told me she got yellow mark on $10 bill once. Go figure. So now, we have a working miniumum competitive cost of on-line digital cash verification. The amortized cost of the ink it takes to verify a piece of paper cash. What? 20 cents worth of ink? .002 cents? More fun with numbers, Bob Hettinga P.S. We just put in 12 volt power for the Mac. I also bought an inverter. Banana daquiris on the hook. Raise the cocktail flag! ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From rsalz at osf.org Fri Aug 4 14:14:33 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 4 Aug 95 14:14:33 PDT Subject: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel) Message-ID: <9508042112.AA24506@sulphur.osf.org> >the interpreter is made "safe" is to take a fully working tcl interpreter >(with full priveleges) at run time, and use TclDeleteCommand() to remove >offending commands. Safe-TCL is not emasculated at compile time, but at >run time. I have been told by folks at Sun that they are planning on doing it at compile-time as well as at run-time. One of the concerns I conveyed was that I want to make it easy to "pull out" the safe code and give it a security audit. /r$ From rsalz at osf.org Fri Aug 4 14:17:27 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 4 Aug 95 14:17:27 PDT Subject: Java and Safe-TCL security Message-ID: <9508042117.AA24546@sulphur.osf.org> >One problem is that safe-tcl >was oriented around email, so it lacks facilities for accessing web >pages. No, it's just that the people who took it over^H^H^H^Hand ran with it were most interested in email. My initial motivation was that I wanted to write a new news server that clients could download programs to. /r$ From perry at panix.com Fri Aug 4 14:38:53 1995 From: perry at panix.com (Perry E. Metzger) Date: Fri, 4 Aug 95 14:38:53 PDT Subject: IPng6, SWIPE, ssh, etc. In-Reply-To: Message-ID: <199508042138.RAA05009@panix4.panix.com> Stephen D. Williams writes: > I would like some summary opinions of the state of various efforts to > enable full IP encryption. I'm looking for progress reports and hints > as to which technologies are the closest to being implementable. The implementation efforts are in full swing. At the last IETF meeting in Stockholm, Steve Crocker challenged the community to have IPSEC in place and available in time for the Dallas meeting in December. There is now a mailing list for those actively working on the implementation efforts and a good deal of effort is being expended. In fact, I took off this month more or less so that I could work full time on implementation. > I haven't kept up on IPng6 docs, so succinct pointers would be helpful. The actual RFCs were submitted to the RFC editor over the last day or so, so there should be real RFCs to quote shortly. However, for the moment, check out draft-ietf-ipsec-* in the nearest internet-drafts depository. ds.internic.net:/internet-drafts/ is probably a reasonable spot. > One interesting tact might be to start running a dual IPng6/IP stack > where it learns to tunnel packets over a well-known IP udp/tcp link > if an address doesn't respond to IPng6. You don't need to use IPv6 for the security, by the way -- its defined to work on either. If you want, of course, I'm sure the v6 folks would love a Linux v6 stack to show up soon... Perry From rjc at clark.net Fri Aug 4 14:52:48 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 4 Aug 95 14:52:48 PDT Subject: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel) In-Reply-To: <9508042112.AA24506@sulphur.osf.org> Message-ID: <199508042152.RAA12471@clark.net> > > >the interpreter is made "safe" is to take a fully working tcl interpreter > >(with full priveleges) at run time, and use TclDeleteCommand() to remove > >offending commands. Safe-TCL is not emasculated at compile time, but at > >run time. > > I have been told by folks at Sun that they are planning on doing it at > compile-time as well as at run-time. One of the concerns I conveyed > was that I want to make it easy to "pull out" the safe code and give > it a security audit. SafeTcl or Java? I wish SafeTcl was isolated into a separate library with compiled-in safety so I could embed it into my applications. As it is now, I have to just use normal Tcl and hack in the MakeInterpreterSafe() function which removes dangerous commands. -Ray From crypto at midex.com Fri Aug 4 15:46:29 1995 From: crypto at midex.com (Matt Miszewski (IAAL - I AM a lawyer!)) Date: Fri, 4 Aug 95 15:46:29 PDT Subject: IPng6, SWIPE, ssh, etc. In-Reply-To: <199508042138.RAA05009@panix4.panix.com> Message-ID: On Fri, 4 Aug 1995, Perry E. Metzger wrote: > > You don't need to use IPv6 for the security, by the way -- its defined > to work on either. If you want, of course, I'm sure the v6 folks would > love a Linux v6 stack to show up soon... And so would dedicated Linux users from around the globe! Linux is quite liberating, but security is a whole different concern. Matt > > Perry > From pgf at tyrell.net Fri Aug 4 15:48:23 1995 From: pgf at tyrell.net (Phil Fraering) Date: Fri, 4 Aug 95 15:48:23 PDT Subject: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel) In-Reply-To: <199508042152.RAA12471@clark.net> Message-ID: <199508042243.AA08602@tyrell.net> From: Ray Cromwell Date: Fri, 4 Aug 1995 17:52:24 -0400 (EDT) SafeTcl or Java? I wish SafeTcl was isolated into a separate library with compiled-in safety so I could embed it into my applications. As it is now, I have to just use normal Tcl and hack in the MakeInterpreterSafe() function which removes dangerous commands. -Ray You mean the "dangerous" commands can't just be left out of the proper place in the makefile or something? Phil From crypto at midex.com Fri Aug 4 15:58:57 1995 From: crypto at midex.com (Matt Miszewski (IAAL - I AM a lawyer!)) Date: Fri, 4 Aug 95 15:58:57 PDT Subject: IPng6, SWIPE, ssh, etc. In-Reply-To: Message-ID: On Fri, 4 Aug 1995, Stephen D. Williams wrote: > I'm interested in hacking Linux, loopback userspace drivers for other Unix's, > and thinking about what would need to be done for MS-BLECH. Of course, > firewall like conversion of IP<->IPng6 would be great. Please keep me informed of your progress. Does anyone out there have a somewhat comprehensive listing of these or other implementations already ported to Linux? I am intending on setting up an alternative site for folks with nosey or suppressive employer accounts or private university accounts who desire an anonymous account somewhere else. > > Of course now that Linux has IP aliasing, IP masquerading (partial I think), > ipfw, and IP over IP tunneling, it has much of what it needs. I'm just > considering development and migration paths. > While they are getting better and better, I am not certain that anything is ready to be deemed as secure as it can be. > I haven't kept up on IPng6 docs, so succinct pointers would be helpful. In that same spirit, does anyone have pointers to Linux specific security implementations. I would also be interested in ported implementations of remailers, or other annonymity protecting services. > -- > Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw > Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 > OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W > Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 > Matt From hfinney at shell.portal.com Fri Aug 4 16:37:13 1995 From: hfinney at shell.portal.com (Hal) Date: Fri, 4 Aug 95 16:37:13 PDT Subject: Java and Safe-TCL security Message-ID: <199508042336.QAA15267@jobe.shell.portal.com> From: Ray Cromwell > Hal, > One of the designs I have one the drawing board is to store per-script > persistent data in a dbm file, and allow scripts to import/export data > from/to a shared tuple-space. I would limit the data storage to 1024 > bytes (to make it portable, some DBM libraries have this limit) > Scripts could store variables via a new command added to the interpreter > like 'SafeTcl_putvar varname value', and access valuables with > 'SafeTcl_getvar varname', 'SafeTcl_varlist'. Also, there would be a > 'SafeTcl_read_variables' which could be executed at the beginning of > the script to reload all stored variables. > Scripts could talk to other scripts by means of a > > SafeTcl_export -value value scriptname1 scriptname2 ... > > The other script(s) could check for any incoming imports and use > SafeTcl_import to retrieve the value. (when the last import is done, > the data is garbage collected. Also, there would be a timestamp so that > old data would be purged after a time limit anyway) This sounds like an interesting approach. I hear that Telescript uses a remote procedure call concept for inter-script communication. So one script gets to call the public methods of another script. I don't know how it finds out what other scripts are arround for it to talk to, though, or decides whether they have anything of interest. The tuple space idea sounds good and is not too dissimmilar from the get/setconfigdata in safe-tcl. There are some problems about security though. Who gets to delete tuples? How do you prevent a malicious script from messing up the data? Maybe it depends on the application, what you want to use this data for. BTW what kinds of facilities are there in Java for scripts to have access to disk files? I know there was some discussion of using scripts for cryptography. Presumably the user would want to give "read only" access to the (public) keys he used. And how about other forms of I/O, email and the like? Can Java scripts do this? What are the restrictions to prevent abuse? Safe-tcl has a concept where a script can send mail, but the implementation pops up a window and asks the user first if it is OK to send. (Unfortunately that doesn't work for a telescript like application where there is no user around to vet the messages.) > The problem with all safe "agent" designs is that the programming language > itself isn't enough. There needs to be a meta-agent language for > querying capabilities of local environments. Yes, there was some discussion about this on the safe-tcl list. There is also an agents list I was on for a while but they couldn't even agree about what an agent was so not much progress happened there! There have been various proposals for standard ways agent scripts could specify what capabilities they need to run, etc. Doing web searches on "agents" will track a lot of these down. However most seem concerned with traditional issues like compute cycles, memory usage, etc., and not with the more difficult and important issues of knowing whether there is another agent there (or a local database) which has the specific information my agent is after. Hal From jya at pipeline.com Fri Aug 4 17:51:10 1995 From: jya at pipeline.com (John Young) Date: Fri, 4 Aug 95 17:51:10 PDT Subject: SYN_tax Message-ID: <199508050050.UAA07631@pipe1.nyc.pipeline.com> 8-4-95. W$Japer: "Cyberpoliticking: Presidential Races Are Being Changed By Latest Technology. Internet and Other Sources Can Tailor Information, Sway Voters' Decisions." This kind of campaign foray into cyberspace is but a small slice of a much bigger revolution. The explosion of new avenues of information -- digitized, computerized, cabled and broadcast -- will change the way Americans gather the information they use in picking their leader next year. Campaigns are struggling to figure out how to cope with this static-filled world, in which they can use new technology in unprecedented ways to reach both mass audiences and ever-narrower niches of specific voters. For voters, the difficulty will be to distinguish between the information and misinformation inevitably mixed into the avalanche. LYN_jrk "Silicon Forest: For Oregon, the Boom In High Tech Brings Jobs and Handwringing." The quest for cheap land, cheap labor and tax breaks has led most of the world's biggest chip makers here, more than $13 billion in high-tech construction is either under way or proposed for the 100-mile swath of rural landscape stretching from Portland to Eugene. But surprising resistance is cropping up. In May, Yamhill County, at the western edge of Silicon Forest, rebelled against Sumitomo Sitix Corp.'s demand for an $58 million tax break for its proposed $912 million chip plant. In June, several hundred people turned out to cheer speeches opposing plans by Hyundai Electronics America to build a $1.3 billion chip plant. KIK_but Ev & Ad's kids: SYN_tax From monty.harder at famend.com Fri Aug 4 17:53:14 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Fri, 4 Aug 95 17:53:14 PDT Subject: "The Net" Message-ID: <8AE8485.00030002C7.uuout@famend.com> TC> logic, especially the notion that one can be "vanished" by having computer TC> records changed--I can believe that such changes would screw things up, but TC> surely even the character played by Sandra Bullock (nicely) would have TC> human friends and associates to vouch for her. I would have thought so, too. But recently, my boss's sister-in-law tried to get a Kansas drivers' license. She had allowed her Missouri license to lapse before she moved, and some glitch in the MO computer left her as a non-person. Now, in order to get the new license, she will need a photo ID (and her expired "foreign" license doesn't cut it, althought if it were a KS license, it would.) The burrocraps at the DMV won't accept any "vouching" whatsoever. * A man's house is his hassle. --- * Monster at FAmend.Com * From ghio at utopia.hacktic.nl Fri Aug 4 18:09:12 1995 From: ghio at utopia.hacktic.nl (Ghio) Date: Fri, 4 Aug 95 18:09:12 PDT Subject: IPng6, SWIPE, ssh, etc. In-Reply-To: Message-ID: <199508050109.DAA03142@utopia.hacktic.nl> Matt Miszewski IAAL - I AM a lawyer! (crypto at midex.com) wrote: : Please keep me informed of your progress. Does anyone out there have a : somewhat comprehensive listing of these or other implementations : already ported to Linux? I am intending on setting up an alternative : site for folks with nosey or suppressive employer accounts or private : university accounts who desire an anonymous account somewhere else. I have used deslogin and ctelnet with Linux : In that same spirit, does anyone have pointers to Linux specific security : implementations. I would also be interested in ported implementations of : remailers, or other annonymity protecting services. All the remailers that I know of work with Linux. Here's a list of crypto apps that I know will run under Linux: ssh cryptod/ctelnet deslogin cfs pgp datalock mixmaster v2 Stuff I'm not sure about: esm swipe Anything else? From chen at intuit.com Fri Aug 4 18:35:43 1995 From: chen at intuit.com (Mark Chen) Date: Fri, 4 Aug 95 18:35:43 PDT Subject: Quicken's new version In-Reply-To: Message-ID: <9508050133.AA13495@doom.intuit.com> Christopher, > If I am out of place for posting here, forgive me; however, I do > believe this germane. Compass Bank here in Alabama is joining > twenty other banks around the country to offer dial-in banking via > Quicken's new software release. Does anyone know or have heard of > the security mechanisms which are to be built in to this product, > specifically authent and encryption? I'm Intuit's security architect, and I'd love to talk to you about this. Unfortunately, we'll have to wait until my boss decides to make an architecture announcement. - Mark - -- Mark Chen chen at intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From rah at shipwright.com Fri Aug 4 19:15:18 1995 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 4 Aug 95 19:15:18 PDT Subject: CFP - Electronic Commerce Conference Message-ID: >From: Ravi Kalakota >Subject: CFP - Electronic Commerce Conference >To: www-buyinfo at allegra.att.com >Date: Fri, 4 Aug 1995 12:44:28 -0600 (CDT) >Cc: kalakota at uts.cc.utexas.edu >Mime-Version: 1.0 > > > >Call for Participation: > > The First International Conference on Electronic Commerce > --> Conference Theme: Frontiers of Electronic Commerce <-- > > >We are pleased to announce The First International Conference on >Electronic Commerce, which will be held on Monday, October 30 >and Tuesday, October 31, 1995, at The University of Texas at >Austin's IC2 Institute in Austin, Texas. This conference is designed >to address research issues facing academia and industry in the age of >electronic commerce. The conference will bring together experts in >both academia and business to identify and develop a set of critical >issues for research in this area. The dual goals of the conference >include shared learning on electronic commerce practices and >defining a research agenda which will directly address issues >concerning companies today and position them for the challenges of >tomorrow. > >If you have any questions or need more information, contact: Ravi >Kalakota (kalakota at uts.cc.utexas.edu) > >or see --> http://cism.bus.utexas.edu/ravi/ecomm.html > >We hope you are able to attend this conference. Registration >information, speakers list and materials are enclosed. > > >Conference Summary >------------------------- >As the fastest growing facet of the Internet and other component >technologies, electronic commerce offers functionality and new >ways of doing business that no company can afford to ignore. The >basis for moving to an electronic commerce is a belief that electronic >markets have the potential to be more efficient in developing new >information-based goods and services, finding global customers and >trading partners to conduct business. Electronic commerce via the >Internet or the next generation network infrastructure -- Information >Superhighway -- will change business institutions, operations and >products/services as we know today, just as the telephone, TV, fax, >e-mail and EDI changed the way businesses and consumers >communicate. > >This conference is aimed at pushing and provoking electronic >commerce research and practice to "go where no firm has ever >ventured before." We expect electronic commerce to obsolete much >of the accumulated research in business. Instead of merely >transforming the way commerce is done today from a non-electronic >world to an electronic platform, the new way of commerce will >create and demand radical changes in the process, product and >promotion to better exploit the digital platform. > >It is no longer sufficient for electronic commerce to be viewed as a >path- breaking technology. Electronic commerce is already playing >an significant role in determining the strategy of today's companies >in providing value to external and internal customers. The challenge >facing companies is to increase the effectiveness of electronic >commerce activities in order to achieve superior business >performance. As successful organizations have taken a process- >oriented view of their businesses, they will have to re- evaluate the >role of the electronic commerce in terms of alignment with corporate >goals. > >Expanded roles for electronic commerce within the business include >activities which support other internal business processes. Questions >such as how this activity should be carried out, how electronic >commerce should be integrated with other organizational units, and >how electronic commerce technology can facilitate the goals of the >organization turn out to be complex decisions for executives making >these investments. > >Likewise, electronic commerce can become a key liaison to >customers. These electronic commerce based organizations are >increasingly taking on activities which expand the service offerings >of the company. An new breed of expertise -- electronic commerce >specialists -- is bound to emerge that focuses on creating increased >satisfaction and stronger relationships with customers. > >However, this emerging electronic marketplace is an unknown and >much like the "Wild West" of the past needs to be tamed. The >challenge is simple: using emerging technology how do we create a >business environment or infrastructure that will ensure efficient >electronic markets? What does it take in terms of new organization >structures like the network structures facilitated by smart and >wireless messaging; new electronic institutions such as brokerages >staffed by electronic brokers or agents; new business processes >better suited for mass customization, global sourcing and logistics; >new financial payment mechanisms and mercantile protocols? > >To achieve exploration and exploitation of new frontiers, we need to >integrate business concerns with the changing technology. This >conference aims at providing this integration by bringing together >leading business researchers who specialize in the various facets of >electronic markets, namely economics, finance, marketing >production and operations management, and technology experts in >the industry who are creating the electronic commerce infrastructure. >In addition, we are inviting experts who specialize in the WWW >browsers, electronic cash, encryption, software agents, MIME- >based messaging, EDI and structured documents. > >In sum, investments in electronic commerce, whether in time or >money, typically introduce far-reaching organizational and >technological issues. The outcome of this conference will be a better >understanding of the shape, structure, and operation of business in >the coming millennium. > >We hope you are able to attend this conference. Registration >information and materials are enclosed. > >The First International Conference on Electronic Commerce > > Conference Sponsors >--------------------------- >-- National Science Foundation (NSF) >-- RGK Foundation >-- IC2 Institute >-- William E. Simon Graduate School of Business Adminstration, >The University of Rochester >-- Center for Information Systems Management and >College and Graduate School of Business >The University of Texas at Austin > > Who should attend >------------------------ >* Academics in information systems, marketing, finance, >organizational behavior, and service management concerned with the >emerging research topics in the electronic commerce domain. >* Software developers and managers in the electronic commerce area >* Executives concerned with developments in banking and finance >* Executives concerned with providing excellent customer service >* Executives who make investments in next generation technology >* Executives who develop internal operations support > >Arrangements >---------------- >Registration >------------- >To register for the conference, complete and mail the enclosed >registration form along with a check (payable to the RGK >Foundation) for the registration fee before October 13, 1995 to the >RGK Foundation, 1301 W. 25th Street, Suite 300, Austin Texas >78705 > >The registration fee is $300 for all attendees. This registration fee >covers the banquet on Monday evening, breakfast and lunch on >Monday and Tuesday, coffee breaks, conference materials, and >scheduled ground transportation to and from the hotel and >conference site. > >Payment must be made by check or money order payable to the >RGK Foundation. > >Please complete and mail this registration form along with >registration fee before Friday, October 13, 1995 to: > >Electronic Commerce Conference >RGK Foundation >1301 W.25th Street Suite 300 >Austin, TX 78705 > >Phone: 512-474-9298 >Fax: 512-474-6389 > >Accommodations >--------------------- >We have reserved a block of rooms at the Red Lion Hotel, 0121 N. >I-35. You are responsible for making your own hotel reservations >and guaranteeing your room for late arrival if necessary. Please call >the RED LION at 512-371-5200 and mention the Electronic >Commerce Conference. > >List of Speakers >------------------- >Dr. Nathaniel Borenstein (First Virtual) -- Electronic Commerce > >Win Treese (Open Market) -- Challenges facing Online Commerce > >Dr. Clifford Neumann (ISI/USC) -- NetCash and NetCheque -- >Electronic Payments > >Dr. Arthur Keller (Stanford University and CommerceNet) > -- Smart Catalogs and Virtual Catalogs > >Dr. Donna Hoffman (Vanderbilt University) -- Hyper-Marketing > >Ravi Kalakota (University of Rochester) -- Intermediation and >Electronic Brokerages > >Dr. Jean-Philippe Favreau -- ECAT -- The Government of the >Future -- National Institute of Standards and Technology > >Dave Croker -- Internet EDI -- Brandenburg Consulting > >Dr. Preston McaFee (MIT) -- FCC Spread Spectrum Auctions using >Game Theory > >Dr. Andrew Whinston and Dale Stahl (University of Texas at >Austin) -- Pricing Internet Services > >Smoot Carl Mitchell and John Quarterman (Matrix Organization) -- >Internet Service Providers -- Changing Dynamics > >Larry Masinter (Xerox Palo Alto Research Center) -- URI, URN >and URLs -- Implications for the Digital Libraries > >Dan Connolly (W3 Organization) -- The evolution of HTML -- >Implications for the Future of the World Wide Web > >Dr. Su Shing Chen (National Science Foundation) -- NSF and >Electronic Commerce > >Dr. Jan Stallert (University of Texas at Austin) -- Supply-chain >Management and Electronic commerce > > > >Registration Form >--------------------- >Name (Please type) >__________________________________________________ > (Prof., Dr., Mr., Ms., Mrs.) First Last > >Title: >______________________________________________________ > >Organization: >______________________________________________________ >_ > >Address: >______________________________________________________ > > >______________________________________________________ > City State Zip Code Country > >Telephone: (_____)__________________ Work >(_____)_____________Home > >Fax: (_____)_______________ Email: >_________________________ > >Which days do you plan to attend? > Sunday, Oct.29 ______ (Reception) > Monday, Oct.30 ______ (Lunch) > Monday, Oct.30 ______ (Banquet) > Tuesday, Oct.31 ______ (Lunch) > >Registration Fee: Before October 13, 1995 ______ $300 > : After October 13, 1995 ______ $350 >(Payment must be made by check or money order payable to the >RGK Foundation.) > >Please complete and mail this registration form along with >registration fee before Friday, October 13, 1993 to: > >Electronic Commerce Conference >RGK Foundation >1301 W.25th Street Suite 300 >Austin, TX 78705 > >Phone: 512-474-9298 >Fax: 512-474-6389 > ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From rsalz at osf.org Fri Aug 4 20:09:16 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 4 Aug 95 20:09:16 PDT Subject: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel) Message-ID: <9508050307.AA24965@sulphur.osf.org> Sorry for not being clear: when I talked about compile-time safety, I was referring to safe-tcl. From hal9001 at panix.com Fri Aug 4 20:44:09 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Fri, 4 Aug 95 20:44:09 PDT Subject: Using MacPGP to revoke a key... Message-ID: At 08:13 8/3/95, Adam J. Gerstein wrote: >Sorry to bother y'all with such an amateur question, but I can't find this >in TFM, so I figured I'd ask those who are more in the know..... > >Anyway, I'm considering revoking my public key because it's been out there >a while and I'm feeling the urge to change to a larger key, but I'm not >clear on how to revoke the old one. Do I just make a text file with my new >key in it, explain that I'm revoking the old one, sign it with my new key >and then post it to the list? Or do I just send it to a keyserver? > >Again, I'm sorry to be asking y'all about something so easy. I don't want >to start a whole new thread about this, so if you've got something helpful >to add, please send it via private mail. There is no need to revoke the old key - you just create a new key with both the old and new keys and send it to the KeyServer. The normal PGP "Default" when there are more than one key with the same Email Address is to use the last one (which would be last in the keyring as well as have the latest date). By leaving the old key as NOT revoked it can still be used but will tend to be replaced by the new longer key as people get your key from the Server. If you DO want to revoke the old key, you just send the Revocation Certificate to the KeyServer along with the new longer key (but note that then, I think you will not be able to decode messages sent with the old key). From nzook at bga.com Fri Aug 4 21:03:25 1995 From: nzook at bga.com (Nathan Zook) Date: Fri, 4 Aug 95 21:03:25 PDT Subject: There's a hole in your crypto... In-Reply-To: <199508031709.NAA29005@colon.cis.ohio-state.edu> Message-ID: On Thu, 3 Aug 1995, Nathan Loofbourrow wrote: > Nathan Zook writes: > > > And is there any way to build trusted system out of small, verifiable > > > pieces? Since the way they're connected could also be questioned, I > > > suspect that when you put enough of them together it's just as bad as > > > the case of a single, monolithic program. But this isn't my area, so > > > I don't know. > > > > No. This was essentially proved during the first third of this century. > > Well, I haven't gotten a reply from Nathan Zook on this assertion, so > can anyone else back it up with some references? Perhaps we're > discussing different contexts, but proving correct systems composed of > correct components is still a subject of active research. > > nathan > Sorry about that. Your message must have died when I splatted the dear "Professor" (bow, bow, bow). There is "active research". Why is a mystry to me. Godel's proof was the completetion of several works. On of the earily demonstrated that no axiom system can be demonstrated to consistent by a weaker one. Now the "reasearch" in this area has consisted, in part, of translating algorithms into statements in axiomatic systems. The problem is that either we cannot prove that these systems are consistent or they are extremely limited in what they can do. (In particular, recursion seems to be anthema.) But the word proof in the previous sentence has to be taken with a grain of salt, because any axiom system that we use to prove things about another axiom system has to be at least as complicated. This is why the "not a Turing machine" assertion that the "Professor" is important. We know that Turing machine is undecidable, so if we want to limit behavior, we can't have one. BUT---we don't know that being a Turing machine is equivalent to having "unpredictable" behavior. Furthermore, a "proof" of the "not a Turing machine" assertion is going to have to be done by--you guessed it--a computer. And this computer is running a program which definitely IS a Turing machine, if it is capable of "proving" that other (suitably non-trivial) programs are not Turing machines. Why must this be done on a computer? Because the program under consideration is thousands of machine instructions long. And each instruction will be translated into dozens of statements in the axiom system. So any attempted proof will be beyond human ability. Note that the above arguments do not require the physical exsistance of computers to make, which is why I refered to the "first third of this century", when these ideas were discovered. In reality, the fact that the program itself has been compiled (or was it written in machine code?), that it uses an operating system (or does it address all of the hardware independedly of other programs?), and runs on a processor (maybe a 80586?) should be enough to convince serious critics of the futility of the exercise. But the nagging question remains: Why can't we build up big blocks from little ones? While there is a sort of "Turing horizon" beyond which programs are known to be unpredictable, let me attempt to address the problem another way, to redefine our intuition to be more in touch with reality. The situation we are dealing with amounts to the phenomina of "spontaneous complexity". First, some physical examples. Take an object moving in a Newtonian space, with nothing else there. Give initial conditions, tell me what happens next. No problem. Take two objects. No problem. Take three objects. Big problem. Why? Perhaps we just haven't figured out the mathematics yet. Okay, take five objects. Why five? Because it is known that with a particular initial condition for five objects, all objects will "leave the universe" in a finite amount of time (!!!!!). Now what if you bump them a little bit? Certainly not all combinations of initial conditions lead to this situation. Which is which? Can this behavior be "built up" from two-object situations? It is important to note that this type of complexity was in fact discovered by Poincare' and others shortly after the turn of the century. Some of his sketches clearly are forerunners of the Mandelbrot set--he was considering these types of ideas. (The complexity issues lost out first to relativity and then to quantum mechanics in the competition for the minds of researchers.) Then there is the Mandelbrot set--which points are in and which are out? Are you sure? (Go ahead and limit yourself to rational points--we are talking computers.) Take S^1, the unit circle in the Complex plane. Define a series of functions f_1, f_2... on S^1 as follows: f_i(z) = z^i. Each point with rational multiple of pi argument will limit to one, but no irrational points will. What is important to note is that there is a set uniform set of measure 0 on S^1 such that the behavior in the limit of this set is completely unpredicted by the behavior of the rest of the set. Perhaps you prefer to map S^1 to S^1 by repeated applications of f_2? Then only the binary rationals settle down. So in each case, complex (in the technical sense) behavior is exhibited by outlandishly simple systems. Sohow the _interactions_ of these simple and predictable systems become unpredictable. That is why I consider this to be a closed subject. Nathan From stewarts at ix.netcom.com Fri Aug 4 23:45:17 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 4 Aug 95 23:45:17 PDT Subject: fnords Message-ID: <199508050641.XAA01362@ix3.ix.netcom.com> :: Request-Remailing-To: wilcoxb at nag.cs.colorado.edu Subject: Why I don't sign all my mail Latent-Time: +0:00 Cutmarks: #-- -----BEGIN PGP SIGNED MESSAGE----- Bryce - you write: > Thanks for the info, Bill. I have a question: why are you > sending e-mail in the clear and without authentication? > I don't expect that anyone would want to forge mail from you > to me, but I would be pleased if I could be a little more > certain of those things, and besides "Think of it as a form of > solidarity." Convenience, mostly. Encryption and signature are semi-different issues. If I clear-sign something, and you don't want to check it, it doesn't cause you any trouble, but for most people, getting mail that's encrypted takes extra work, especially if they're following proper security procedures for their PGP implementations (not running it on insecure systems, not leaving passphrases in cleartext for autosigners, etc.) Think of proper security as "solidarity with people who need real security" :-). (Yeah, I also run PGP on insecure systems, mainly for signature-checking, but I do use separate keys that have words like "insecure" in the userid strings.) The big issues are convenient interfaces with my email system. Private Idaho's gotten good enough that if I want to send encrypted/signed/etc. email, I can grab the mail I want to send into the clipboard (or compose it inside PI), add headers for who to send it to, pull down a couple menu items, and it pops into PGP; when it's done, another menu choice dumps the completed message back into Eudora, and the next version can send it out directly if I prefer. On the other hand, moving mail _from_ Eudora _to_ PI is still a couple actions (separate cut/pastes for the body, address, and Subject:), so I don't usually bother. The other convenience problem is key-handling for people whose keys I don't already have. PGP is too slow on a PC to haul the entire keyserver database into my pubkey files. So either I have to send email to a key-server (non-real time, especially since I do most of my email off-line), or use finger. Unfortunately, your key wasn't on the keyservers, and I don't have a decent PC finger client now that I'm using Trumpet Winsock instead of Netcruiser (the finger client I use doesn't allow cut&paste to the clipboard, screen-grabs didn't get me text, and I did eventually get most of your key information by doing several "telnet you at machine 79"s until one of them got the data before the session closed :-) Ugly... And then there's the key validation problem - your key isn't signed by anyone except yourself (yeah, ok, mine's only got signatures from previous keys of mine, which have signatures from expired keys from the people who signed mine :-) So my signature isn't as meaningful as it could be, since you probably can't validate it, and I can't guarantee having a valid public key for you to send you anything important. So I guess I need to go get my keys signed by a couple people, and so do you, and the next code project on my wait-until-3.0 list should probably be a recursive key-signature digger... Meanwhile, Private Idaho is at ftp.eskimo.com/u/j/joelm/, and it's now working with ViaCrypt-for-Windows as well as PGP 2.6.* for DOS. Thanks; Bill Stewart stewarts at ix.netcom.com -----BEGIN PGP SIGNATURE----- Version: 2.7.1 iQBVAwUBMCMPB/thU5e7emAFAQFYPAH7BXuxp0BCWKg8v/Uv6QzUQKSix3Zff3Kw FzBeSgDNN9KrOHEaUmemDXcBmcRabyeZyxrFTcgypvwADai1SYA45w== =Ht4c -----END PGP SIGNATURE----- #-- #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- # Crypto in 3-4 lines of perl --> http://dcs.ex.ac.uk/~aba/ From inglem at adnetsol.com Sat Aug 5 00:01:35 1995 From: inglem at adnetsol.com (Mike Ingle) Date: Sat, 5 Aug 95 00:01:35 PDT Subject: Cox/Wyden passed, but so did "Managers' Amendment" Message-ID: <199508050701.AAA00510@cryptical.adnetsol.com> ------------------------------------------------------------------------ ****** ******** ************* ******** ********* ************* ** ** ** *** POLICY POST ** ** ** *** ** ** ** *** August 4, 1995 ** ** ** *** Number 23 ******** ********* *** ****** ******** *** CENTER FOR DEMOCRACY AND TECHNOLOGY ------------------------------------------------------------------------ A briefing on public policy issues affecting civil liberties online ------------------------------------------------------------------------ CDT POLICY POST Number 23 August 4, 1995 CONTENTS: (1) House Approves Cox/Wyden 'Internet Freedom' Bill 420 to 4 Major Victory for Cyberspace -- Indecency Statues Remain A Serious Issue (2) Subcribe To The CDT Policy Post Distribution List (3) About CDT, Contacting US This document may be re-distributed freely provided it remains in its entirety. ------------------------------------------------------------------------ (1) HOUSE PASSES COX/WYDEN 'INTERNET FREEDOM' AMENDMENT MAJOR VICTORY FOR CYBERSPACE -- INDECENCY STATUTES REMAIN A MAJOR ISSUE By a overwhelming vote of 420 to 4, the US House of Representatives today approved the 'Internet Freedom and Family Empowerment' amendment, sponsored by Reps. Chris Cox (R-CA) and Ron Wyden (D-OR), which would prohibit the federal government from regulating content on the Internet, commercial online services, and other interactive media. Unlike the Senate-passed Exon/Coats Communications Decency Act (CDA), the Cox/Wyden amendment ensures that individuals and parents can decide for themselves what information they or their children receive. By contrast, the Exon/Coats CDA would grant the Federal Communications Commission (FCC) broad powers to regulate the expression of each and every one of the millions of users of the Internet. The Cox/Wyden amendment: * Prohibits the FCC from imposing content regulations on the Internet or other interactive media. * Removes disincentives for online service providers to exercise editorial control over their networks and to provide blocking and screening technologies to their uses. * Seeks to create a uniform national policy prohibiting content regulations in interactive media. CDT believes that the Cox/Wyden amendment is an enlightened approach to addressing the issue of children's access to objectionable material online. Unlike the Senate-passed CDA, the Cox/Wyden approach recognizes that the Internet is a global, decentralized network, with abundant capacity for content and tremendous user control. House passage of the Cox/Wyden amendment sets the stage for a direct battle between the House and Senate on the issue of government content regulation in interactive media. CDT will work vigorously to ensure that the Cox/Wyden amendment replaces the Exon/Coats CDA in the final version of telecommunications Reform legislation. NEW UNCONSTITUTIONAL INDECENCY RESTRICTIONS ALSO APPROVED Although the House vote today significantly advanced freedom of speech on the Internet, the threat of unconstitutional indecency restrictions remains. In a vote unrelated to the Cox/Wyden amendment, the House also approved changes to federal obscenity laws which would criminalize the transmission of constitutionally protected speech online. These amendments were approved as part of the "Managers Amendment" to the Telecommunications reform bill (HR 1555). Although these amendments are more narrowly drawn than the Exon/Coats CDA or the Grassley/Dole "Protection of Children from Computer Pornography Act (S. 892), they clearly violate the First Amendment and remain an issue of serious concern to CDT. The new criminal law amendments are opposed by several prominent members of both the House and Senate, including Cox and Wyden. As the bill makes its way through the House/Senate conference committee, CDT will work with Reps. Cox and Wyden, Senator Leahy, and others to: * Remove the unconstitutional indecency restrictions added as part of the "Managers amendment" * Ensure that the Cox/Wyden amendment replaces the Exon/Coats CDA in the final telecommunications reform bill * Clarify that the Cox/Wyden amendment does not affect privacy protections under the Electronic Communications Privacy Act (ECPA) * Strengthen provisions that pre-emption state online censorship laws. COX/WYDEN AMENDMENT PROTECTS CYBERSPACE FROM GOVERNMENT INTRUSION, RECOGNIZES PARENTAL CONTROL POSSIBILITIES The Cox/Wyden bill seeks to accomplish four principal objectives: * PROHIBIT FCC CONTENT REGULATION OF THE INTERNET AND INTERACTIVE COMMUNICATIONS SERVICES. The bill explicitly prohibits the Federal Communications Commission from imposing or content or other regulations on the Internet or other interactive communications services (Sec 2 (d)). This provision recognizes that Interactive media is different from traditional mass media (such as broadcast radio and television), and will enshrine in statue strong protections for all content carried on the Internet and other interactive communications services. Instead of relying on government censors to determine what is or is not appropriate for audiences, this provision recognizes that individuals and parents are uniquely qualified to make those judgments. * REMOVE DISINCENTIVES FOR ONLINE SERVICE PROVIDERS TO EXERCISE EDITORIAL CONTROL OVER THEIR NETWORKS AND TO DEPLOY BLOCKING AND SCREENING TECHNOLOGIES FOR THEIR SUBSCRIBERS. The bill would remove liability for providers of interactive communications services who take good faith steps to restrict access to obscene or indecent materials to minors or provide software or hardware to enable their users to block objectionable material.(Sec 2 (c)) In addition, the bill would overturn the recent court decision (Stratton Oakmont, Inc. v. Prodigy Services Co., N.Y. Sup. Ct. May 24, 1995) which held Prodigy liable for content on its network because the service screens for sexually explicit material and language. Prodigy now faces a $200 million lawsuit. The bill does not intend to create an obligation for providers to monitor or screen content or to allow violation of Federal privacy statutes (such as the Electronic Communications Privacy Act), although some concerns remain on these points. CDT remains committed to addressing these concerns as the legislation moves to conference, and has been assured by Rep. Cox and Wyden that these issues will be addressed. * PRE-EMPT INCONSISTENT STATE LAWS REGULATING CONTENT ON INTERACTIVE COMMUNICATIONS SERVICES. The bill seeks to pre-empt States from enforcing inconsistent laws, including restrictions on content available on interactive communications services. (Sec 2 (e)(2)) The actual scope of this preemption remains an issue of some discussion. CDT believes that any legislation in this area MUST contain a strong pre-emption of inconsistent state laws. A patchwork of state laws which impose varying, and in some cases contradictory, obligations on service providers and content providers must be avoided. CDT will work to ensure that the Cox/Wyden bill creates a uniform national policy which prohibits states from imposing content regulations on interactive media. * NO EFFECT ON CRIMINAL LAW. The bill is not intended to prevent the enforcement of the current dial-a-porn statute or other Federal criminal statutes such as obscenity, child pornography, harassment, etc. (Sec 2 (e)(1)) NET ACTIVISM A CRITICAL FACTOR When Senator Exon (D-NE) first proposed the CDA in February 1995, the net.community reacted with strong opposition. A coalition of online activist organizations, including CDT, EFF, People for the American Way, EPIC, the ACLU and organized with the Voters Telecommunications Watch (VTW), worked tirelessly over the last six months to mobilize grass roots opposition to the CDA. Through our efforts of generating thousands of phone calls to Congressional offices and an online petition which generated over 100,000 signatures in support of an alternative to the CDA, the net.community was able to demonstrate that we are a political force to be reckoned with. The net.campaign and public education efforts helped to encourage House Speaker Newt Gingrich (R-GA) to come out against the CDA, and was an important factor in Reps. Cox and Wyden's decision to propose their alternative. As the legislation moves to the conference committee and then on to final passage, the net.community must be prepared to continue to fight to ensure that the new criminal provisions are removed and that the Cox/Wyden amendment is not weakened. GENESIS OF THE COX/WYDEN AMENDMENT After the Senate passed the CDA by a vote of 84-16 on June 14, CDT stepped up our efforts to find an alternative which protected the First Amendment and recognized the unique nature of interactive media. Both on our own and through the Interactive Working Group (a group of over 80 public interest organizations and leading computer and communications companies, content providers, and others, coordinated by CDT. The IWG includes the ACLU, People for the American Way, the Progress and Freedom Foundation, America Online, MCI, Compuserve and Prodigy, and many other organizations and corporations), worked directly with Reps. Cox and Wyden to bolster the case that parental control technologies offered an effective alternative to government content regulations. To this end, the IWG held a demonstration for members of Congress and the press in mid-July to demonstrate parental control feature of products offered by Netscape, SurfWatch, WebTrack, America Online, and Prodigy. In addition, the IWG issued a comprehensive report reviewing current technology and the state of current laws prohibiting trafficking in obscenity, child pornography, stalking, threats, and other criminal conduct online (this report can be viewed on CDT's web site URL:http://www.cdt.org/iwg/IWGrept.html). Through these efforts and the efforts of VTW's online coalition, to educate members of the House about the problems with the Exon/CDA and the promise of interactive media, the House today has enacted an enlightened approach to dealing with children's access to inappropriate material online. Today's vote represents a tremendous victory for the first amendment and the promise of cyberspace. NEXT STEPS The House Telecommunications legislation (HR 1555) is expected to pass later today (8/4). The Senate approved similar legislation (S. 652) in June. Both bills now move to a House/Senate Conference Committee where differences will be worked out. The Conference Committee is expected to begin deliberation in early September. Once the Conference Committee agrees on a version of the bill, it will be sent back to both the House and Senate for final approval. This vote is expected to occur before the end of October. The Internet-censorship provisions of the Senate bill are among the key difference between the House and Senate proposals. However, several key members of the Senate, including Senator Patrick Leahy (D-VT) and Russ Feingold (D-WI) have expressed opposition to the Exon/Coats approach. CDT will fight vigorously throughout the remainder of this Congress to ensure that the Exon/Coats CDA does not become law. We will also work to remove the new unconstitutional criminal law amendments passed by the House today. ------------------------------------------------------------------------ (3) How To Subcribe To The CDT Policy Post Distribution List CDT Policy Posts, which is what you have just finished reading, are the regular news publication of the Center For Democracy and Technology. CDT Policy Posts are designed to keep you informed on developments in public policy issues affecting civil liberties online. SUBSCRIPTION INFORMAITON 1. SUBSCRIBING TO THE LIST To subscibe to the policy post distribution list, send mail to "Majordomo at cdt.org" with: subscribe policy-posts in the body of the message (leave the subject line blank) 2. UNSUBSCRIBING FROM THE LIST If you ever want to remove yourself from this mailing list, you can send mail to "Majordomo at cdt.org" with the following command in the body of your email message: unsubscribe policy-posts youremail at local.host (your name) (leave the subject line blank) ----------------------------------------------------------------------- (4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization. The Center's mission is to develop and advocate public policies that advance constitutional civil liberties and democratic values in new computer and communications technologies. Contacting us: General information on CDT can be obtained by sending mail to World-Wide-Web: http://www.cdt.org/ ftp: ftp://ftp.cdt.org/pub/cdt/ snail mail: Center For Democracy and Technology 1001 G Street, NW Suite 700 East Washington, DC 20001 voice: +1.202.637.9800 fax: +1.202.637.0968 From solman at MIT.EDU Sat Aug 5 00:51:58 1995 From: solman at MIT.EDU (solman at MIT.EDU) Date: Sat, 5 Aug 95 00:51:58 PDT Subject: Java, Netscape, OpenDoc, and Babel In-Reply-To: <199508040517.BAA05467@clark.net> Message-ID: <9508050751.AA22209@ua.MIT.EDU> |> Finally, all you have to do to remove all I/O ability from Java is delete |> the File I/O classes from the class hierarchy on your disk where HotJava |> runs. Most apps don't use any File I/O anyway. For Java to reach its full potential, I think it is absolutelly essential that applets have the ability to securely and reliably store information for long periods of time. In the long term, this means creating remote applet accessible datahavens. But as a temporary hack, before clean code supporting such services becomes available, very limited local file access is cleary the way to go. This is an important _feature_ that will enable some truly complex services as the class libraries matures, not a bug. JWS From solman at MIT.EDU Sat Aug 5 01:06:54 1995 From: solman at MIT.EDU (solman at MIT.EDU) Date: Sat, 5 Aug 95 01:06:54 PDT Subject: RSA has been proved correct In-Reply-To: Message-ID: <9508050806.AA22214@ua.MIT.EDU> Tim quoth: |> I was reading the logic programming/theorem proving chapter of my new |> Russell and Norvig book on AI, and came across something I once knew about |> but had forgotten: the Boyer-Moore theorem prover was applied to the RSA |> algorithm and the correctness of it was verified. Correctness in the sense |> of showing that outputs match formal specs, for all inputs. |> The paper is: Boyer, R.S and Moore, J.S. (1984). Proof checking the RSA |> public key encryption algorithm, "American Mathematical Monthly," |> 91(3):181-189. Given the enormous difficulty of ensuring security in a world of ubiquitous distributed computing, I'm as big a fan as any of formal methods. But Tim's post hammers home the big fault of formal methods: the possibility that people will come to rely upon them. I have paranoid visions of people finally accepting formal methods in a decade or so, and then becoming dependent on them... forgeting the enormous potential for error that will always exist in such systems. If somebody told me that intentionally letting a few violent criminals free each year is a good idea because it would keep me on my toes, I would think that person is an idiot. But I'm not entirely convinced that it is a bad idea to avoid formal methods because they could breed complacency. Cheers, JWS From gjeffers at socketis.net Sat Aug 5 01:12:44 1995 From: gjeffers at socketis.net (Gary Jeffers) Date: Sat, 5 Aug 95 01:12:44 PDT Subject: Secure FileSystem vs Secure Device Message-ID: <199508051026.FAA16096@mail.socketis.net> Secure FileSystem vs Secure Device Cypherpunks, I have been studing the software package SFS110 ( Secure File- System) version 1.10 by Peter Gutmann. I originally wanted to use SECDEV (Secure Device) but mistook Secure File System for it. I have heard references to Secure Device on Cypherpunks but I have heard nothing about Secure FileSystem. Does anyone have knowledge of both of these systems & can give me advice on which is superior? Also, I found Secure Device compressed with a .arj compression system. What is this compression method? Is there a DOS version of Secure Device? I have done some preliminary reading of Secure FileSystem & I find it to be very impressive! So, why no mention on Cypherpunks? Is Secure Device that much superior or has Secure FileSystem just been over- looked? Also, what are the latest version numbers of both of them? PUSH EM BACK! PUSH EM BACK! WWWAAAYYYY BBBAAACCCCK! BBBEEEAAATTTT STATE! Gary Jeffers  From jya at pipeline.com Sat Aug 5 05:12:19 1995 From: jya at pipeline.com (John Young) Date: Sat, 5 Aug 95 05:12:19 PDT Subject: JIL_ted Message-ID: <199508051212.IAA26627@pipe3.nyc.pipeline.com> 8-5-95. NYPaper: "Esoteric Wedge of Academia Is Roiled by Hunt for Bomber." Last October an agent from the Federal Bureau of Investigation showed up in New Orleans and subpoenaed the History of Science Society's membership records and questioned scholars for clues to the identity of the the Unabomber. That subpoena, and the disclosure that the F.B.I. believes that the bomber is immersed in the most radical interpretations of the history of science, has roiled the usually placid waters of the discipline. And across the country, professors have begun reconsidering old suspicions, acquaintances and tracts to help solve the crimes. ROL_aid "Obscure Global Bank Moves Into the Light." In a small Swiss city sits an international organization so obscure and secretive that for many years visitors got lost looking for a small plaque next to an otherwise undistinguished doorway. Control of the institution, the Bank for International Settlements, lies with some of the world's most powerful and least visible men: the heads of 32 central banks, officials able to shift billions of dollars and alter the course of economies at the stroke of a pen. Now, however, the bank is stepping out of the shadows a bit. Last September, the Federal Reserve, the United States' central bank, officially joined -- quietly and discreetly, of course. DON_ask Buda-Pest: JIL_ted From fc at all.net Sat Aug 5 05:24:27 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Sat, 5 Aug 95 05:24:27 PDT Subject: There's a hole in your reasonoing In-Reply-To: Message-ID: <9508051223.AA22788@all.net> > > > > On Thu, 3 Aug 1995, Nathan Loofbourrow wrote: > > > Nathan Zook writes: > > > > And is there any way to build trusted system out of small, verifiable > > > > pieces? Since the way they're connected could also be questioned, I > > > > suspect that when you put enough of them together it's just as bad as > > > > the case of a single, monolithic program. But this isn't my area, so > > > > I don't know. > > > > > > No. This was essentially proved during the first third of this century. ... > There is "active research". Why is a mystry to me. Godel's proof was > the completetion of several works. On of the earily demonstrated that no > axiom system can be demonstrated to consistent by a weaker one. Now the > "reasearch" in this area has consisted, in part, of translating > algorithms into statements in axiomatic systems. The problem is that > either we cannot prove that these systems are consistent or they are > extremely limited in what they can do. (In particular, recursion seems > to be anthema.) But the word proof in the previous sentence has to be > taken with a grain of salt, because any axiom system that we use to prove > things about another axiom system has to be at least as complicated. You hit the nail right on the head when you said: "or they are extremely limited in what they can do" That's exactly the point. We cannot prove programs with general purpose functionality to be secure, becasue they are not. But we may well be able to prove a lot of security properties about programs that are not general purpose. For example, a Web server that only does GET and a gopher server (not gopher plus) and a mail server may all fit the bill. An by coincidence, these are exactly the sorts of programs we want to be able to prove security properties about. > This is why the "not a Turing machine" assertion that the "Professor" is > important. We know that Turing machine is undecidable, so if we want to > limit behavior, we can't have one. BUT---we don't know that being a > Turing machine is equivalent to having "unpredictable" behavior. > Furthermore, a "proof" of the "not a Turing machine" assertion is going > to have to be done by--you guessed it--a computer. And this computer is > running a program which definitely IS a Turing machine, if it is capable > of "proving" that other (suitably non-trivial) programs are not Turing > machines. I think in the case of simple (i.e. short and written for the purpose) programs these proofs could reasonably be done by hand. In fact, I think we could create a theorum verifier that we could prove to only verify true theorums as true. Some theorums would never be proven one way or the other, and others might be proven false, but some things, particularly the ones we need to bootstrap the theorum proof technology and things like the properties of a secure W3 server, could fit intop this schema. > Why must this be done on a computer? Because the program under > consideration is thousands of machine instructions long. And each > instruction will be translated into dozens of statements in the axiom > system. So any attempted proof will be beyond human ability. Not in the case of programs like the secure W3 and Gopher servers. They are under 100 lines long. They are also designed to allow easy proof of the desired properties. ... > So in each case, complex (in the technical sense) behavior is exhibited > by outlandishly simple systems. Sohow the _interactions_ of these simple > and predictable systems become unpredictable. But this is only true for certain classes of systems. By designing other classes of systems explicitly designed to not have those properties, we can build up substantial systems with demonstrable protection properties. > That is why I consider this to be a closed subject. I thionk you should reopen your thinking. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From jya at pipeline.com Sat Aug 5 07:06:23 1995 From: jya at pipeline.com (John Young) Date: Sat, 5 Aug 95 07:06:23 PDT Subject: JAC_kio Message-ID: <199508051406.KAA29361@pipe2.nyc.pipeline.com> 8-6-95. NYPaper Book Review: "Spies Unlike Us: A history of French intelligence reveals a far more brutal approach than this country's." The aftermath of 1945 imposed an additional heavy burden on the French secret services. Political allegiances were exacerbated by the presence of a potential huge Communist fifth column in France. The rough lessons of the war led to a premium on "service action" operations of sabotage and assassination before which Britain's M.I.6 would have quailed. Mr. Porch sees the French secret services of today as still not having recovered from their politicization during World War II. During the gulf war, the humiliating realization was forced on the French Army that for intelligence it was totally dependent on American high technology. SAL_mai "The Code War: How United States intelligence outsmarted Japan in World War II." He rightly sees the role of intelligence in the Pacific war not simply as a story of code-breaking successes. Rather, he writes, "the true achievements of intelligence in the Pacific war lie in the day-to-day accumulation of a fund of knowledge.... Cryptography, traffic analysis, aerial photography, prisoner interrogation, document capture and translation, and technical intelligence ... became pillars of an overall effort greater than the sum of its parts." He explains and describes this winning synergy of intelligence elements as well as, or better than, any previous author. PIL_sal Jak/Ari: JAC_kio From Marius at doulosgeri.com Sat Aug 5 07:59:18 1995 From: Marius at doulosgeri.com (Marius) Date: Sat, 5 Aug 95 07:59:18 PDT Subject: building libraries Message-ID: <199508051458.KAA00169@UnixServer> > Perhaps we could convince Bill Gates to bundle RSAREF with all his > Windoze OS's? Ditto for Apple? > If Bill Gates handed out cryptography in Winoze he wouldn't be able to read the mail of all the lamerz who are going to be on the Mircrosoft network. The poor rich bastard needs something to do in his free time other than fish in the pond that he had built under his house... Marius at doulosgeri.com No opinions expressed by the author are shared by Doulos Productions, The Third Wave, or any affiliated parties. The author doesn't see why not... PGP public key follows... -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAbrGoAAAEEAMiOnJQHn7aVRa0B0TjYdFXcR7SAqTg4+WCmA6iOiL03I9zX GFWjFaW6Tdj5oymJeGP/YT8W1w151W530HZ3kF4OR15X/POv8OwQt8yOFnvhfhus 40KA4Fab3IHI7asIhEPVsgqhgqcHeTgyeqaSPubhVBizoQqvGmad4RK84ehhAAUR tB5NYXJpdXMgPE1hcml1c0Bkb3Vsb3NnZXJpLmNvbT6JAJUDBRAwG82eZp3hErzh 6GEBAcY4A/9kteskcaUVbOsdcY/y/2tOzqBZFfBLPtq4PUGExZp5f3ir4RlpX9eb HylWcnnYCTmnvW+7Hsx3rmS6sTRnyO4ajYVnpEMeuhTp9j4bswqj5f1xSz3RK7qJ WRxf04rQVGv/PyFNK/pskY1BaBYyw9p1czdh8sPiLD0OeLEeKkZndA== =Q7Hx -----END PGP PUBLIC KEY BLOCK----- From jgrubs at voxbox.norden1.com Sat Aug 5 08:18:58 1995 From: jgrubs at voxbox.norden1.com (Jim Grubs, W8GRT) Date: Sat, 5 Aug 95 08:18:58 PDT Subject: Using MacPGP to revoke a key... Message-ID: <889c0c2w165w@voxbox.norden1.com> -----BEGIN PGP SIGNED MESSAGE----- "Robert A. Rosenberg" writes: > There is no need to revoke the old key - you just create a new key with > both the old and new keys and send it to the KeyServer. The normal PGP > "Default" when there are more than one key with the same Email Address is > to use the last one (which would be last in the keyring as well as have the > latest date). Which is another good reason why one ought resist the itch to tinker with one of those PGP keyring sorting programs. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: LIBERTY!! Use it or lose it!! iQCVAwUBMCOKA974r4kaz3mVAQEKnAP8Cgjwj/9Lol1sXUepgAbh72R+cudYrWz1 F7BWC28as8SrTfYRPtcC3g2jDGbPBJu66FFfY8UjBo3vdMYbOIMxDCfoyqZmAxAg QY0q8/DoZsJYXwwaxxNJD+3syreT6PyS52ML1GhYGfKrDIObnb4utDzliQ+NJDYT YL87oqTT0b4= =A8IV -----END PGP SIGNATURE----- From AlanPugh at MAILSRV2.PCY.MCI.NET Sat Aug 5 19:28:35 1995 From: AlanPugh at MAILSRV2.PCY.MCI.NET (Alan Pugh) Date: Sat, 5 Aug 95 19:28:35 PDT Subject: addressing Message-ID: <01HTQAQQ0ATE8WX734@MAILSRV1.PCY.MCI.NET> hello all, while this message has zero cypherpunks content, i'm posting this information request here because i think there is a good chance that someone on this list can help me with my question. a friend of mine who has an mcimail account is having trouble getting messages to a person in the far east with an address that looks like this... ===========================- * * \ Mandlebrot Set at Once! * * amp * * <0003701548 at mcimail.com> * * * ********************************************* Key fingerprint = A7 97 70 0F E2 5B 95 7C DB 7C 2B BF 0F E1 69 1D From merriman at arn.net Sat Aug 5 20:03:29 1995 From: merriman at arn.net (David K. Merriman) Date: Sat, 5 Aug 95 20:03:29 PDT Subject: Web page Message-ID: <199508060310.WAA03341@arnet.arn.net> I've *finally* gotten a Web page (Netscape optimized, Mosaic tolerant), and included several links to crypto-related sites. Suggestions, feedback, and comments welcome. We now return you to your regularly scheduled flame war :-) Dave Merriman This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From turner at telecheck.com Sat Aug 5 23:41:42 1995 From: turner at telecheck.com (turner at telecheck.com) Date: Sat, 5 Aug 95 23:41:42 PDT Subject: PC E-cash (NewsClip) In-Reply-To: Message-ID: <9508060639.AA11095@TeleCheck.com> > >Secret Service Says Student Used PC To Print Money > > etc. > > This reminds me of something which happened to me last week in a Burger King > in Chelsea(MA), where the skipper now keeps the boat I grind winches on. I'm > paying for my lunch and the cashier takes out a felt-tip pen and puts a > little mark on my $10 bill. She tells me that if the pen-stroke turns yellow > instead of the black one she got with mine, the bill is counterfeit. She > told me she got yellow mark on $10 bill once. Go figure. > I'm suprised that they check, since most counterfeiters don't usually do bills less than $20, due to the costs associated with printing high quality counterfeited bills. > So now, we have a working miniumum competitive cost of on-line digital cash > verification. The amortized cost of the ink it takes to verify a piece of > paper cash. What? 20 cents worth of ink? .002 cents? > I remember seeing a documentry film on counterfeiting money (don't remeber the title, sorry), and a few Wall Street Journal articles on the subject. Some high points: 1. The U.S. dollar costs more than a dollar to print up, not counting distribution. The paperstock is made out of cotton.. blaa, blaa.. Several times Congressmen have proposed doing away with one dollar bills, and replacing them with coins. A lot of political flack, saying that vending machine people want it so they can knock up the price of a Coke to $1.00. 2. The same company that supplies the U.S. Treasury with paper stock for printing, also supplies France and a few other countries; other countries have elaborate watermarks and multiple colors to make counterfeiting more difficult. Holograms were tested with U.S. dollars, but failed the dreaded "crumple" test wherein a dollar is placed in a steel tube and squashed by a neumatic press. , 3. The U.S. currency is made of a very special color of ink. They made the point that it is not green, and hard to duplicate (yeah...). Secret Service was interviewed during the documentary. 4. The Central Intelligence Agency sometimes prints up foreign currency to devalue it; the Germans did the same thing in WWII and several million dollars worth of English currency was found in a river somewhere in Europe... (sorry if I'm vague..), near some mine shaft (open for public tours) where the Germans stored some stuff (art work?). On a related note, there is a company that makes a device which will verify U.S. bills which is used in banks (mostly in the middle east). CNN did a spot on this last year. > More fun with numbers, > Bob Hettinga > > P.S. We just put in 12 volt power for the Mac. I also bought an inverter. > Banana daquiris on the hook. Raise the cocktail flag! > You sniffed the magic currency pen, in the interests of scientific discovery, right? :-) > > ----------------- > Robert Hettinga (rah at shipwright.com) > Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 > "Reality is not optional." --Thomas Sowell > >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< > From jirib at sweeney.cs.monash.edu.au Sun Aug 6 03:16:44 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Sun, 6 Aug 95 03:16:44 PDT Subject: NRC Panel, Law Enforcement questions In-Reply-To: <9508020134.AA07797@toad.com> Message-ID: <199508061016.UAA14365@sweeney.cs.monash.edu.au> Hello cypherpunks at toad.com and John Gilmore ... [Questions] ... > How many subpoenas for telephone billing records are made by Federal ... Eg. > "50% fishing expedition, 22% the subject is in custody for a crime > (break down by which crimes), 5% the subject is suspected of a crime > (break down), 10% the subject is not suspected of a crime but there > may be evidence of someone else's crime in their phone records". ... What are the other 13% for? Thanks for a realistic sample answer anyway :-) Jiri -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) From rah at shipwright.com Sun Aug 6 04:28:22 1995 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 6 Aug 95 04:28:22 PDT Subject: PC E-cash (NewsClip) Message-ID: >I'm suprised that they check, since most counterfeiters don't usually do bills >less than $20, due to the costs associated with printing high quality >counterfeited bills. Not too surprising for Chelsea. This is the first city to go bankrupt in the history of the United States. I think it's still in recievership... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From jya at pipeline.com Sun Aug 6 06:35:40 1995 From: jya at pipeline.com (John Young) Date: Sun, 6 Aug 95 06:35:40 PDT Subject: addressing Message-ID: <199508061335.JAA25573@pipe2.nyc.pipeline.com> Responding to msg by Alan.Pugh at MAILSRV2.PCY.MCI.NET ("Alan Pugh") on Sat, 05 Aug 10:24 PM >a friend of mine who has an mcimail account is having >trouble getting messages to a person in the far east >with an address that looks like this... > > >i've never seen a "%" or "+" in an address before and >am wondering if anyone out there can tell me what they >mean, or if they can be resolved to a typical >net.address. Alan, Below is a similarly formatted address here in NYC. It is heirarchical, from left: Angelic CU + hir Mad-Dog Dept % the Cruel Bastard Org @ Tel Mail Hell. If your friend's CBO is like Forest City Ratner, a Trump-wanna-be developer pack of urban rabid-rat-infestors, then the system was probably set up by a do-anything-for-a-fee consultant to a paranoidal CEO who buys oddles of pseudo-technical gimmicks for corporate obfuscation as a means to pyramidially distance hirself from the lowly mite-interminators minimally-paid to meta-desecrate the hiroshima-scape. According to "LinetH," if you are to the left of a " + " you are " - " but hyper-visible to the cyclopian, leering "+"-sisadmin eager to catch caged animals using the sys for private mail (hey, Bear Stearns-mogul leeches, fail yer prostate/mammogram test, LH sez). Or so LH quietly e-pecks in PGP, having learned not to trust any of the hir-MFs. Shh, the "%"-admin is lurking fearfully just left of H at L-admin. From lharrison at mhv.net Sun Aug 6 10:13:27 1995 From: lharrison at mhv.net (Lynne L. Harrison) Date: Sun, 6 Aug 95 10:13:27 PDT Subject: pkzip cracking Message-ID: <9508061713.AA25727@mhv.net> -----BEGIN PGP SIGNED MESSAGE----- At 05:17 AM 8/2/95 UTC, an264373 at anon.penet.fi wrote: > >Does anyone have a utility to crack password encrypted/protected zip >files? Or an address to download one? All replies / flames / >pointers appreciated. Sauroth - Did you ever get a response and, if so, what was the answer? Regards - Lynne -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMCT4GD5A4+Z4Wnt9AQEdGAP+Nne+hetfsjLPNjNeAoWOHCIe14lqWOm3 iXYE8ol7PCf/B0CypYYShkpzX9Y1+319veAPLe6nzHU95TQkEGffwEJpFrLt2IA8 k0azeeRJvEERTVCC+4WUWXvE9ugsAXBn755Eg4HW6lEu1qNp/K3zn4fWGuNLeFna Wt+Co+O7iQ0= =s0hA -----END PGP SIGNATURE----- ******************************************************************** Lynne L. Harrison, Esq. Poughkeepsie, New York E-Mail: lharrison at mhv.net Lynne.Harrison at Execnet.com "Say not, 'I have found the truth', but rather, 'I have found a truth.'" - Kahlil Gibran from "The Prophet" ******************************************************************** From crypto at midex.com Sun Aug 6 12:24:16 1995 From: crypto at midex.com (Matt Miszewski) Date: Sun, 6 Aug 95 12:24:16 PDT Subject: MS Money password problem Message-ID: We recently lost (ok fired) our office manager, but not before she put nifty passwords on all the MS Money data we had and now she has, of course, gone on a three week vacation. I have all the relevant WP password retrieving mechanisms but not one for MS Money. Anyone with pointers or programs, your help would be greatly appreciated. Matt From jcaldwel at iquest.net Sun Aug 6 13:01:33 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Sun, 6 Aug 95 13:01:33 PDT Subject: addressing In-Reply-To: <199508061335.JAA25573@pipe2.nyc.pipeline.com> Message-ID: John Young wrote: > Gotta love the perspective John brings to something such as e-mail addresses. ;-) > Responding to msg by Alan.Pugh at MAILSRV2.PCY.MCI.NET ("Alan > Pugh") on Sat, 05 Aug 10:24 PM > If your friend's CBO is like Forest City Ratner, a > Trump-wanna-be developer pack of urban rabid-rat-infestors, > then the system was probably set up by a > do-anything-for-a-fee consultant to a paranoidal CEO who > buys oddles of pseudo-technical gimmicks for corporate > obfuscation as a means to pyramidially distance hirself > from the lowly mite-interminators minimally-paid to > meta-desecrate the hiroshima Lemme guess, you've read Stand on Zanzibar and liked the news reports? -- So you may wonder -- "But what does that have to do with me?" Answer: I have locked horns with "The Devil", buddy boy, and compared to him, you ain't sh**. Brian Francis Redman to Chip Berlet From jgrasty at gate.net Sun Aug 6 13:13:19 1995 From: jgrasty at gate.net (Joey Grasty) Date: Sun, 6 Aug 95 13:13:19 PDT Subject: Questions about SMTP and NNTP Message-ID: <199508062011.QAA28350@tequesta.gate.net> C-punks: While working on the SMTP and NNTP clients for the WinSock remailer, I have uncovered two questions I don't know the answer to. Here they are: 1. When sending a message to the SMTP server, I use scenario 4 as shown in RFC821 as a basis for my client. There seems to be a huge security hole in SMTP. I can use just about any name when sending the VRFY command. For example, I could connect to "sensemedia.com" and pretend to be "tcmay". Is there something I'm missing here or is there really that big a security hole in SMTP? 2. How do you do user authentication in NNTP? There's nothing about it RFC977. Is there a later RFC that describes how to do user authentication? All of my newsreaders support this function, but I haven't been able to figure out how to do it. Any help you can give me would be appreciated. ObWinSock Remailer: I have the POP3, NNTP and SMTP clients functional now. With luck, I'll have an alpha test version of the remailer in two or three weeks. ObCypherPunks: Is the list down? I haven't heard a peep since about noon. I send a "who cypherpunks" to majordomo and received a quick reply which shows I'm still subscribed. Any idea? Regards, -- Joey Grasty jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes] jgrasty at pts.mot.com [work -- designing pagers] "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -- John Von Neumann From tcmay at sensemedia.net Sun Aug 6 16:27:06 1995 From: tcmay at sensemedia.net (Timothy C. May) Date: Sun, 6 Aug 95 16:27:06 PDT Subject: MS Money password problem Message-ID: At 7:34 PM 8/21/95, Matt Miszewski wrote: >We recently lost (ok fired) our office manager, but not before she put >nifty passwords on all the MS Money data we had and now she has, of >course, gone on a three week vacation. I have all the relevant WP >password retrieving mechanisms but not one for MS Money. > >Anyone with pointers or programs, your help would be greatly appreciated. This, of course, is the rationale for the "key escrow" systems (as opposed to the government-mandated "key escrow" proposals, which are not an "escrow" sytem of this kind). "Escrow" is sufficiently overloaded with real estate connotations that I wish the industry would adopt a different term. Carl Ellison's "GAK" is cute, but is hardly likely to ever be adopted widely. (No, I'm not calling for another round of suggested names, just opining that "key escrow" is a terrible name.) --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at sensemedia.net | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From joe at ns.via.net Sun Aug 6 18:38:56 1995 From: joe at ns.via.net (Joe McGuckin) Date: Sun, 6 Aug 95 18:38:56 PDT Subject: Encrypted internet traffic to Singapore?? Message-ID: <199508070138.SAA12404@ns.via.net> A client of mine wishes to set up a connection to their Singapore office using the internet rather than a dedicated leased line. They would like to encrypt the data going between the branch office in Singapore and the home office in California. I am considering using something like swIPe for this? Seem reasonable? The data is not very secret, they merely wish to foil 'hacker' type eavesdroppers. Also, what are the legal ramifications? Can I get an export license for this? Is there an encryption method that doesn't require an export license? What laws does Singapore have on encryption? Is swIPe legal? That is, are any patents being misappropriated by the current version? I see announcements on this list about DH and Public Key software being released. I would assume that these software tidbits are technically illegal for commercial use? Thanks, Joe From nzook at bga.com Sun Aug 6 18:51:07 1995 From: nzook at bga.com (Nathan Zook) Date: Sun, 6 Aug 95 18:51:07 PDT Subject: RSA has been proved correct In-Reply-To: <9508050806.AA22214@ua.MIT.EDU> Message-ID: On Sat, 5 Aug 1995 solman at MIT.EDU wrote: > Tim quoth: > > |> I was reading the logic programming/theorem proving chapter of my new > |> Russell and Norvig book on AI, and came across something I once knew about > |> but had forgotten: the Boyer-Moore theorem prover was applied to the RSA > |> algorithm and the correctness of it was verified. Correctness in the sense > |> of showing that outputs match formal specs, for all inputs. > > |> The paper is: Boyer, R.S and Moore, J.S. (1984). Proof checking the RSA > |> public key encryption algorithm, "American Mathematical Monthly," > |> 91(3):181-189. > > Given the enormous difficulty of ensuring security in a world of > ubiquitous distributed computing, I'm as big a fan as any of formal > methods. But Tim's post hammers home the big fault of formal methods: > the possibility that people will come to rely upon them. I have > paranoid visions of people finally accepting formal methods in a decade > or so, and then becoming dependent on them... forgeting the enormous > potential for error that will always exist in such systems. > > If somebody told me that intentionally letting a few violent criminals > free each year is a good idea because it would keep me on my toes, I > would think that person is an idiot. But I'm not entirely convinced that > it is a bad idea to avoid formal methods because they could breed > complacency. > > Cheers, > > JWS The problem is that these "formal methods" are themselves unproved and, in the general sense, unprovable. Using a computer program to verify RSA is like using number theory to verify some proof in set theory--you may succede, but so what? The RSA algorithm works because of some basic (and not quite so basic) facts of number theory. Number theory is assumed in the design of computers, of processors, of operating systems, and of programs. To put the question succinctly, would you trust a theorem "prover" to verify its own accuracy? The RSA algorithm: Select primes p and q and an exponenet e, such that gcd(e,p-1) = gcd(e,q-1) = 1. (In practice, we would want log_2(q) << e >> log_2(p). Publish e and pq. Find d_1, d_2 such that d_1 and d_2 are inverses of e in Z_p-1 and Z_q-1 respectively. A message Y (from 0 to pq-1) is transformed into X = Y^e mod qp. When you recieve a message X, let X_1 = X mod p and X_2 = X mod q. Let Y_1 = X_1^d_1 mod p and Y_2 = X_2^d_2 mod q. Use the Chinese Remainder Theorem to find Z (from 0 to pq-1) such that Z = Y_1 mod p1 and Z = Y_2 mod p2. Theorem: Z = Y. Pf: Let p_1 = p and p_2 = q a) Observe that in F_p_i, (Y^e)^d_i = Y^(e*d_i) = Y^(r*(p-1)+1) = Y^((p-1)*r) * Y= (Y^(p-1))^r * Y = 1^r * Y = Y. b) There exist p,q,e triples. If we let the order of our selection be p,e,q then we observe that we are free in our selection of p, and that our selection of e is not very constrained. ((p-1/)2 +- 1 being obvious examples). We then observe than any arithmatic progression of integers which does not obviously consist entirely of composites must contain an infinite number of primes, and observe that the condition that gcd(q-1,e) = 1 defines just such a progression. c) The d's can be found See Euclid's Algorithm c) Z_pq is the (ring) direct sum of Z_p and Z_q QED (Observe that the Chinese Remainder Theorem works on arbitrary ring direct sums.) Why this excercise? Because not _one_ of the cited theorems is modern. The only thing in this proof unknown to Fermat, Galios, Euclid, and the Middle Age Chinese is that bit about arithmatic progressions and primes, which may have been known to Fermat or Euclid. If I am informed that a theorem "prover" has "verified" this theorem, then I am led to believe that the "prover" is not obviously broken. My confidence (as an algorithm--this is a separate issue from decryption resistance) in RSA has _NOTHING_ to do with what some theorem "prover" may or may not have to say about it. Such statements serve only to inform that these "provers" are broken (if they don't like it), or that they concievably do "verify" proofs (if they do). OTOH, the theorems and axiom systems corresponding to these theorem "provers" are very complex, and quite subtle at points. Plug in the lastest attempt at Fermat's Last (as opposed to his Little) theorem, and tell me if its good. Do the classification of finite groups. I know, there is a 125-page attempt at the Poincare' conjecture. Try it. If these "provers" find heretofore unobserved flaws, THEN I'll concede that they would be useful tools in mathematics--in uncovering flaws. But they _still_ don't "prove" that these theorems are correct. They only convince themselves. But convincing me that I should believe them involves convincing me that there has been no failure in the program--at any of the levels I've previously discussed. And, by the way, this is why the general mathematical community is still suspicious of the 4-color theorem. In fact, the orginal "proof" contained a number of flaws. All discovered were all easily patched, but the fact that they existed in the first place means that we have no reason to believe that something subtle is yet to be discovered. Nathan From nobody at valhalla.phoenix.net Sun Aug 6 19:45:21 1995 From: nobody at valhalla.phoenix.net (Anonymous) Date: Sun, 6 Aug 95 19:45:21 PDT Subject: FC's Typs? (NewsClip) Message-ID: <199508070245.VAA16849@ valhalla.phoenix.net> FBI may have partial set of Unabomber's prints Washington, Aug. 6 (Reuter) -- The FBI may have a partial set of fingerprints from the elusive Unabomber, now considered the country's most wanted man, Newsweek magazine reported Sunday. The partial set of prints, lifted from an explosive device mailed several years ago, were uncovered with newly available forensic technology, the magazine said. While not certain the fingerprints belong to the serial bomber, the report said federal agents believe that identifying the prints could lead them to the Unabomber, whose letter bombs have killed three people and injured 23 others over 17 years. Federal agents are seeking the bomber by looking for machines he might use to construct his home-made pipe bombs, and are trying to track the manual typewriter used to write the bomber's lengthy anti-technology manifestos, Newsweek reported. From grendel at netaxs.com Sun Aug 6 20:23:53 1995 From: grendel at netaxs.com (Michael Handler) Date: Sun, 6 Aug 95 20:23:53 PDT Subject: Pat Robertson Fears E-cash? In-Reply-To: Message-ID: On Wed, 2 Aug 1995, Nathan Zook wrote: > I believe that Pat Robertson is not aware of the privacy-enhancing > capabilities of e-cash. In a probabilistic sense, he may well be right. Not true. In the 700 Club transcript I have, David Chaum is interviewed, and the blinded digital cash he has invented is portrayed in a very positive light, as a way of enabling digital cash and avoiding the prophesies of Relevation. There are more fundamentalist Christians involved in the crypto movement than you realize. -- Michael Handler | Cypherpunks: Civil Liberty through Complex Mathematics handler at sub-rosa.com | grendel at netaxs.com | "Let me ride on the Frankfort El, one more time..." Philadelphia, PA | From rjc at clark.net Sun Aug 6 20:29:50 1995 From: rjc at clark.net (Ray Cromwell) Date: Sun, 6 Aug 95 20:29:50 PDT Subject: RSA has been proved correct In-Reply-To: Message-ID: <199508070329.XAA11774@clark.net> > there is a 125-page attempt at the Poincare' conjecture. Try it. If > these "provers" find heretofore unobserved flaws, THEN I'll concede that > they would be useful tools in mathematics--in uncovering flaws. But they > _still_ don't "prove" that these theorems are correct. They only > convince themselves. But convincing me that I should believe them > involves convincing me that there has been no failure in the program--at > any of the levels I've previously discussed. And, by the way, this is why > the general mathematical community is still suspicious of the 4-color > theorem. In fact, the orginal "proof" contained a number of flaws. > All discovered were all easily patched, but the fact that they existed in > the first place means that we have no reason to believe that something > subtle is yet to be discovered. All you need to do is verify yourself (i.e. formally prove the correctness of the theorem prover) to rely on the results of the theorem prover. It's the web of trust model. And before you jump up and say "but how can you prove the theorem prover, maybe Godel...", there is a very simple theorem prover that is provable via mathematical induction. If you don't trust induction, then I don't know what to tell you. (it's like denying the Peano postulates) The theorem prover works like this: Start off with your axiom set and your rules of production. (for instance, a context free grammar, that might say "if x+y=z is a theorem, then x+(y+1)=z+1 is a theorem") And enumerate all possible theorems on the parse tree. If you reach theorems of length N that exceed the theorem you're trying to prove than either it is a nontheorem or undecidable. This procedure will never produce a "yes" answer for a false theorem, although it will fail to prove some theorems. And it is news to me that "the general mathematical community is still suspicious of the four color theorem." Not only are they not suspicous of the theorem, they aren't suspicious of the proof. It's been verified and reproduced over and over again, and it has also been shortened down from the original (I believe 2000+ special graph cases) to just over 400. Physicists aren't suspicuous of relativity either. [note above: the theorem prover fails if the production rules allow theorem shortening. The system must be primitive recusive, but there are many restricted domains of theorem proving which are.] The classification of the simple groups was a 1000+ page written proof. Which one is would you trust to have a mistake somewhere? The computer checked one, or the human checked one? This general line of discussion is getting out of hand. You can't *prove* anything for sure. Even if it seems logical to you, how do you know your own mind isn't buggy? How do you know you're not hallucinating? Even something as simple as Euclids proof of the infinitude of primes. You think it's been proved? ha! You are merely delusional. The rest of us sane people saw the disproof years ago, but every time you start to read the disproof, your mind goes into its own little universe and starts substituting in screen memories making you *think* you just read a proof, not a disproof. Ultimately, you can't even trust yourself. The world is a risky place, and sometimes you just have to live with the fact that one day, something you chose to place faith in and rely on is going to be pulled from underneath you. -Ray From nzook at bga.com Sun Aug 6 21:29:57 1995 From: nzook at bga.com (Nathan Zook) Date: Sun, 6 Aug 95 21:29:57 PDT Subject: Pat Robertson Fears E-cash? In-Reply-To: Message-ID: On Sun, 6 Aug 1995, Michael Handler wrote: > There are more fundamentalist Christians involved in the crypto movement > than you realize. They already know about me..... Nathan Cypto-Christo-punk From nzook at bga.com Sun Aug 6 22:50:13 1995 From: nzook at bga.com (Nathan Zook) Date: Sun, 6 Aug 95 22:50:13 PDT Subject: RSA has been proved correct In-Reply-To: <199508070329.XAA11774@clark.net> Message-ID: On Sun, 6 Aug 1995, Ray Cromwell wrote: > All you need to do is verify yourself (i.e. formally prove the > correctness of the theorem prover) to rely on the results of the > theorem prover. Oh, is THAT all? (more on this later) > denying the Peano postulates) (Perish the thought!) >The theorem prover works like this: Do you advise using the unabridged Archimedian Sieve to determine if a number is prime? > a false theorem, although it will fail to prove some theorems. Just feed it ~X as well. > And it is > news to me that "the general mathematical community is still suspicious of > the four color theorem." Not only are they not suspicous of the theorem, > they aren't suspicious of the proof. It's been verified and reproduced > over and over again, and it has also been shortened down from the > original (I believe 2000+ special graph cases) to just over 400. Now we hit an impasse. I thought the 4-color theorem was considered done as well, until a professor of mine contradicted me on this point. It sounds like you might have more current info. (Mine is 2-3 years old.) > [note above: the theorem prover fails if the production rules allow > theorem shortening. The system must be primitive recusive, but there > are many restricted domains of theorem proving which are.] Very restricted, I would think. Most cases of universalizing would, I'ld guess. > The classification of the simple groups was a 1000+ page written > proof. Which one is would you trust to have a mistake somewhere? The > computer checked one, or the human checked one? That depends on my trust of the human and of the checker. Frankly, I'ld be leary of either. (And I was told in Algebra that it was 10k+, but the point is basically the same.) > This general line of discussion is getting out of hand. You can't > *prove* anything for sure. Even if it seems logical to you, how do you > know your own mind isn't buggy? This is one of the points that I have pushed on this issue. Our intution on many of these matters is _way_ off until you train it. And still, there are famous cases of failure by trained people. > Ultimately, you can't even trust yourself. That's why we go to school. Okay, on the subject of verifying theorem checkers: First, you mention some distance into your post, that the theorems being checked must be "primitively recursive". That rather limits you away from interesting theorems, wouldn't you say? In particular, you couldn't dream of touching those earlier mentioned biggies. But that's not all. Try the Galois theorems. Fermat's little theorem? Barre' catagory theorem? Chinese Remainder Theorem? Fundamental Theorem of Algebra? (In topology, in complex anal, in algebra...) So I assume that the theorem checkers being deployed aren't limited to handling primitively recursive systems. You now are dealing with a rather extensive program. And proving that a general theorem prover works is _not_ something to just sit & do. ....... Nathan From tcmay at got.net Mon Aug 7 00:14:58 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 7 Aug 95 00:14:58 PDT Subject: Quibbling about definitions of "proof" Message-ID: Look, you all, I'm *really sorry* I even brought up the subject of proofs of correctness! As I feared, any mention of certain loaded words immediately brings the quibblers out of their lairs to dissect the "real meaning" of one or more terms. I had thought that my carefully worded mention of the Boyer-Moore prover and that this means little for actual implementations would deter quibbling over the cosmic significance of "proof." (An interesting topic, by the way, as Ray's knowledgeable article makes clear. But metamathematics is an arcane subject and short articles are rarely persuasive...we debated the same stuff a couple of years ago on the Extropians list.) With 700 subscribers, quibbling is the usual state of affairs. No matter what is said, someone will quibble over terms or meanings. No wonder it is the major venal sin at West Point. The Boyer-Moorer theorem prover is an accepted ("Huh? Define what you mean by "accepted"! Not all of us accept that term.") term of art. If you disagree, or wish to raise the possibility that the computer glitched during the proof, there are entire newsgroups devoted to such arcania. On a more mundane note, my Internet Service Provider of the past 6 weeks just sent out an urgent notice tonight announcing that they are no longer "sensemedia.net" and have become "got.net" (as in "got net?" as in "got milk?). This means my 3 years as "tcmay at netcom.com" is followed by 6 weeks as "tcmay at sensemedia.net" and an as-yet-undetermined time as "tcmay at got.net" (at least until the "Got milk?" ad people get wind of this pun and tell them to change to something else. --Tim May Special note: My ISP has changed its domain name from "sensemedia.net" to "got.net" (as in "got milk?"), so I have to again ask you all to bear with me and use my new e-mail address, "tcmay at got.net". ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From futplex at pseudonym.com Mon Aug 7 02:18:29 1995 From: futplex at pseudonym.com (Futplex) Date: Mon, 7 Aug 95 02:18:29 PDT Subject: There's a hole in your crypto... In-Reply-To: Message-ID: <9508070918.AA19988@cs.umass.edu> No crypto/privacy relevance, delete or flame now.... Nathan writes: > This is why the "not a Turing machine" assertion that the "Professor" is > important. We know that Turing machine is undecidable, so if we want to > limit behavior, we can't have one. BUT---we don't know that being a > Turing machine is equivalent to having "unpredictable" behavior. > Furthermore, a "proof" of the "not a Turing machine" assertion is going > to have to be done by--you guessed it--a computer. And this computer is > running a program which definitely IS a Turing machine, if it is capable > of "proving" that other (suitably non-trivial) programs are not Turing > machines. I think this is a bit misguided. The Turing machine (TM) is an extremely general abstract model of computation. The gargantuan hunk of code that runs the Space Shuttle can be viewed as a Turing machine, as can a "Hello world" program written in Visual BASIC. So, there's not really a question about whether or not we're talking about Turing machines (unless perhaps you want to discuss quantum theorem provers and QTMs :) Now, Rice's Theorem says that all non-trivial properties of TMs are undecidable. If I pick a "non-trivial" property, I can't conceivably build a TM ("write a program", if you like) that, upon input of the specification of an arbitrary TM, can tell whether or not that TM exhibits the property I picked. This does not mean that I can't decide whether some particular TMs have that property or not -- I can. I just can't write down a procedure that handles the general case. Also, this theorem clearly hinges on the meaning of "trivial". From what I've seen, a very strict interpretation is largely appropriate; nearly everything except the least exciting of trivial low-level properties of TMs seems to come out to be "non-trivial" in this regard. The proof of the theorem is more precise about this, naturally, but I've found this useful as a working colloquial definition. -Futplex August 7, 1995 "Enola Gay, you should have stayed at home yesterday" -OMD From fc at all.net Mon Aug 7 05:54:43 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Mon, 7 Aug 95 05:54:43 PDT Subject: There's a hole in your crypto... In-Reply-To: <9508070918.AA19988@cs.umass.edu> Message-ID: <9508071253.AA10347@all.net> > No crypto/privacy relevance, delete or flame now.... ... > Now, Rice's Theorem says that all non-trivial properties of TMs are undecidable. > If I pick a "non-trivial" property, I can't conceivably build a TM ("write a > program", if you like) that, upon input of the specification of an arbitrary TM, > can tell whether or not that TM exhibits the property I picked. This does not > mean that I can't decide whether some particular TMs have that property or not -- > I can. I just can't write down a procedure that handles the general case. > > Also, this theorem clearly hinges on the meaning of "trivial". From what I've > seen, a very strict interpretation is largely appropriate; nearly everything > except the least exciting of trivial low-level properties of TMs seems to come > out to be "non-trivial" in this regard. The proof of the theorem is more > precise about this, naturally, but I've found this useful as a working > colloquial definition. Issue 1: Undecidable for arbitrary programs does not mean undecidable for every program. For all finite programs with finite input sequences, all properties are decidable. Complexity may make proofs for large programs infeasible at this time, but that is all. Now back to the point of the discussion. For certain classes of programs, we can prove many things that are relevant to information protection. Furthermore, as we attempt these proofs, we may find and fix the program anomolies (i.e., bugs) that would cause the program to fail in an undesirable way. Therefore, the proof techniques give us two benefits - they help us fix the programs, and they help increase the assurance that the programs do precisely what they are supposed to do and nothing else. Issue 2: The notion that mathematics somehow excludes linguistic proofs (forwarded I believe by a user with "may" in their email address) is nonsense. Mathematics at its core is based on linguistic notions that are defined in plain language. These notions develop a system of rules which may be applied to decide the veracity of a proposition. The rules themselves form a language with syntax and semantics just as the language that defines them has syntax and semantics. The notion of separating language from mathematics is a fine and interesting one, but it certainly does not apply to any mathematics currently in widespread use. A proof done without mathematical symbols is no less a proof. Issue 3: Let's get back to the point of this discussion. What can we really prove about algorithms? I have made the assertion that an intersting property for the purposes of assessing integrity, availability, and confidentiality for servers like the W3 server and the gopher server is the limitation of information flow. I have backed up my assertion with a demonstration in the form of programs that do this and English demonstrations that that is of real value. Does anyone disagree? Why? Is there a reason this same analytical technique cannot be used on PGP or other cryptosystems to demonstrate that there are no back doors (other than perhaps in the underlying inadequacy of the overall technique)? How hard is it to do this for such programs? What programming structures make this difficult? Will it reveal many programming errors and therefor be a useful general purpose tool for writing better programs? Just thought I would stir things up a bit. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From raph at CS.Berkeley.EDU Mon Aug 7 06:50:46 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 7 Aug 95 06:50:46 PDT Subject: List of reliable remailers Message-ID: <199508071350.GAA09095@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all at chaos.taylored.com This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"vox"} = " cpunk pgp. post"; $remailer{"avox"} = " cpunk pgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp. hash"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub reord"; $remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post ek reord"; $remailer{"rahul"} = " cpunk pgp hash filter"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"syrinx"} = " cpunk pgp reord mix post"; $remailer{"ford"} = " cpunk pgp"; $remailer{"hroller"} = " cpunk pgp hash mix cut ek"; $remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"crown"} = " cpunk pgp hash latent cut mix ek reord"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"spook"} = " cpunk mix pgp hash latent cut ek"; $remailer{"gondolin"} = " cpunk mix hash latent cut ek ksub reord"; $remailer{"rmadillo"} = " mix cpunk pgp hash latent cut"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. 21 Apr 1995: The new version of premail (0.33) is out, with direct posting, perl5 and better MH support, and numerous bug fixes. Last ping: Mon 7 Aug 95 6:00:20 PDT remailer email address history latency uptime ----------------------------------------------------------------------- spook remailer at spook.alias.net *****+***-*+ 1:17:21 99.99% gondolin mixmaster at gondolin.org * -++*-+**** 43:12 99.98% ford remailer at bi-node.zerberus.de .*-**++**-** 15:34 99.97% portal hfinney at shell.portal.com ***#####**** 3:17 99.94% bsu-cs nowhere at bsu-cs.bsu.edu ***##*#+#** 6:11 99.94% replay remailer at replay.com ****+******* 11:17 99.87% rmadillo remailer at armadillo.com ++.-+*++-+** 1:36:12 99.84% alumni hal at alumni.caltech.edu ***##****** 4:08 99.83% hacktic remailer at utopia.hacktic.nl ************ 12:39 99.74% crown mixmaster at kether.alias.net ----------- 2:05:54 99.74% vox remail at vox.xs4all.nl .-..-..... 23:52:15 99.99% rebma remailer at rebma.mn.org -..+-.+..-- 16:26:15 99.68% vishnu mixmaster at vishnu.alias.net *****+* **-- 36:02 99.32% penet anon at anon.penet.fi - -**++-++*+ 2:39:49 98.59% hroller hroller at c2.org * -+*-#**+* 44:23 98.16% syrinx syrinx at c2.org - -------- 2:33:46 97.89% mix mixmaster at remail.obscura.com -__.-------- 6:25:13 97.55% c2 remail at c2.org * -++-+++-+ 1:34:04 97.30% extropia remail at extropia.wimsey.com -.__..--.-. 15:02:35 96.68% ideath remailer at ideath.goldenbear.com ..- .-.-- 12:33:17 95.40% flame remailer at flame.alias.net ++++++++++ 52:48 95.20% rahul homer at rahul.net ****#**++*** 5:28 99.99% For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From samman at CS.YALE.EDU Mon Aug 7 07:02:20 1995 From: samman at CS.YALE.EDU (Rev. Ben) Date: Mon, 7 Aug 95 07:02:20 PDT Subject: (Fwd) Re: Law enforcement and PGP ban in Australia (fwd) Message-ID: Followup on the Ozzies banning PGP: ------- Forwarded Message Follows ------- Date: Mon, 07 Aug 1995 16:44:12 +1000 From: "Danny Smith, AUSCERT" To: mauvais at ocelot.llnl.gov Cc: first-teams at CSRC.NCSL.NIST.GOV Subject: Re: Law enforcement and PGP ban in Australia Organization: FIRST, the Forum of Incident Response & Security Teams Reply-to: "Danny Smith, AUSCERT" Paul (et al), > I'm curious about what people have heard about this? > > I'm trying to find out more from this end....doesn't look good... Surprised you didn't come to us first. :-) > Subject: Australia next to ban PGP I believe you can treat this as net.rumour. I have the paper now, and will read it tonight. I will also talk to the author whom I am led to believe is rather annoyed at the misrepresentation of the content of his paper. More information later this week. Danny Smith. ========================================================================== Danny Smith | Fax: +61 7 3365 4477 AUSCERT | Phone: +61 7 3365 4417 c/- Prentice Centre | (answered during business hours) The University of Queensland | (on call after hours for emergencies) Qld. 4072. Australia | Internet: auscert at auscert.org.au From dhenson at itsnet.com Mon Aug 7 07:06:17 1995 From: dhenson at itsnet.com (Don Henson) Date: Mon, 7 Aug 95 07:06:17 PDT Subject: Over 350 'Munitions T-shirts' Shipped Message-ID: <199508071416.IAA14134@scratchy.itsnet.com> As of 27 July 1995, we have shipped over 350 of the RSA/Perl Munition T-shirts. Orders are still pouring in. Don't be left out. Order your's today. Now you can wear a TSHIRT that has been classified as a MUNITION by the US Goverment. That's right! The US International Traffic in Arms Regulations (ITAR) makes exporting cyrptographic materials illegal. ITAR further defines export as providing cryptographic information to a non-US/Canadian citizen even if you are inside the US at the time. Providing information is further defined as telling or showing information to a non-US/Canadian citizen. The Munitions Tshirt has a Perl implementation of the RSA algorithm (the one used by PGP) printed on the front along with a bar-code of the same algorithm. What all the above means is that if you wear the Munitions Tshirt where a non-US/Canadian citizen can see it, even if it is inside the US, you have just exported cryptographic material (which is already freely available outside the US) and have become a criminal in the eyes of the US Government. Now you too can become an international arms dealer for the price of a tshirt (US$15.95 - US$19.95, depending on size) and the guts to wear it. If you are a non-US/Canadian citizen, you can still own a Munitons Tshirt by ordering the tshirt from a source that is outside the US. The email response to a request for info (see next paragraph) includes full instructions for ordering the tshirt no matter where you live. For more information on how to own this classic example of civil disobedience, just send email to dhenson at itsnet.com with the subject of 'SHIRT'. (You don't have to be a US/Canadian citizen to request the info.) Or, if you have WWW access, just point your Web browser to: http://colossus.net/wepinsto/wshome.html By the way, 25% of the profits from the sale of the tshirt (in the US/Canada) goes to the PHIL ZIMMERMANN LEGAL DEFENSE FUND to help defend the author of PGP from harassment and possible prosecution by the Fedgoons. And if you get arrested for wearing the Munitions Tshirt, we'll refund your purchase price. :-) Get your Munitions Tshirt now. Who knows how long they'll stay in production! Don Henson, Managing Director (PGP Key ID = 0X03002DC9) West El Paso Information Network (WEPIN) Check out The WEPIN Store at URL: http://colossus.net/wepinsto/wshome.html From jya at pipeline.com Mon Aug 7 07:08:46 1995 From: jya at pipeline.com (John Young) Date: Mon, 7 Aug 95 07:08:46 PDT Subject: NYPotpourii Message-ID: <199508071408.KAA26096@pipe3.nyc.pipeline.com> Abject beg: it's easier for the 'droid to act on each item separately, do please request 1-by-1. 8-7-95. NYPaper: "A Cyberspace Front in a Multicultural War: Finding alternatives to a world where only English is typed." With the explosion of worldwide interest in the Internet, the dominance of English, stemming from the network's beginnings in the United States, has become a sensitive matter. A fear is that English, already the international language of business and science, is becoming the lingua franca of the computer world as well, further casting other languages in the shade. And some countries, already unhappy with the encroachment of American culture are worried that their cultures will be further eroded by an American dominance in cyberspace. A consortium of American computer companies has developed a universal digital code known as Unicode to allow computers to represent the letters and characters of virtually all the world's languages. SEZ_who "Digital Commerce: 2 plans for watermarks, which can bind proof of authorship to electronic works." Denise Caruso's column. As information becomes currency in the global economy, that so-called digital watermark technologies are beginning to appear. As with their paper and broadcast counterparts, the concept behind digital watermarks is to provide a secure means to certify the origin, ownership and authenticity of digital works. And by doing so, they can provide the first line of defense against piracy of digital media like music, photographs, film, words and video games. MUN_due "Windows 95's Big Value May Be as a Lure to Network System." Is Windows 95 a decoy? For all the attention being paid to the Aug. 24 introduction of the Microsoft Corporation's updated personal computer operating system, some experts think the software's true strategic value to Microsoft is not the few billion dollars in sales it is expected to bring to the company over the next few years. Instead, the long-term value may lie in luring customers and software developers into adopting the company's other operating system: Windows NT, for corporate computer networks. COY_ote "Selling Virtual Reality, in Indiana: The owners were shocked by how few understood the technology." "Seeing the potential for educating had an incredible impact on me," said John Hammond, an Indianapolis businessman who stumbled on Virtually Yours when he and his son went to the shopping center for pizza. Mr. Hammond wants Virtually Yours to supply expertise and equipment to Sunship Ministries, a group of Christian business executives developing a design for a school, hospital and church complex suited for missionary work in developing countries. Mr. Hammond sees virtual reality as a marketing tool for getting developing countries to welcome them; he sees programs re-creating Bible stories as a powerful tool for preaching to nonreaders. "You could let people interact with a virtual Jesus," Mr. Hammond said. GIT_rel "Dark Sun: The Making of the Hydrogen Bonb." [Book review] In the author's view the story of the hydrogen bomb is only secondarily a technological one. What mainly drove American physicists to design the more powerful bomb was the news that the Soviet Union possessed an atom bomb. And the reason the Russians had achieved the bomb was mainly spying, Mr. Rhodes insists. So his story of the H-bomb is not so much technology as the interaction of politics, diplomacy, war, espionage, theoretical and practical physics and paranoia. JOX_onu From perry at panix.com Mon Aug 7 07:23:04 1995 From: perry at panix.com (Perry E. Metzger) Date: Mon, 7 Aug 95 07:23:04 PDT Subject: Encrypted internet traffic to Singapore?? In-Reply-To: <199508070138.SAA12404@ns.via.net> Message-ID: <199508071422.KAA10423@panix4.panix.com> Joe McGuckin writes: > A client of mine wishes to set up a connection to their > Singapore office using the internet rather than a dedicated > leased line. > > They would like to encrypt the data going between the branch > office in Singapore and the home office in California. > > I am considering using something like swIPe for this? Seem reasonable? Probably for the next month or so since IPSEC implementations aren't out. (Well, actually, Morningstar is already reportedly offering them to selected test customers but that might not be true -- in any case they can't export.) swIPe won't do what you want out of the box anyway, though. > Also, what are the legal ramifications? Can I get an export license > for this? Doubtful, but I believe swIPe is on overseas sites already. > Is there an encryption method that doesn't require an > export license? None you care to use. > Is swIPe legal? That is, are any patents being misappropriated by the > current version? No. .pm From samman at CS.YALE.EDU Mon Aug 7 08:07:11 1995 From: samman at CS.YALE.EDU (Rev. Ben) Date: Mon, 7 Aug 95 08:07:11 PDT Subject: RSA/Perl Shirts Message-ID: Has Joel Furr shipped his shirts yet? I see some people on the list have gotten shirts and i was wondering as I still have not gotten mine. Ben. ____ Ben Samman..............................................samman at cs.yale.edu I have learned silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet, strange, I am ungrateful to those teachers.-- K. Gibran. SUPPORT THE PHIL ZIMMERMANN LEGAL DEFENSE FUND! For information Email: zldf at clark.net http://www.netresponse.com/zldf From hallam at w3.org Mon Aug 7 08:23:12 1995 From: hallam at w3.org (hallam at w3.org) Date: Mon, 7 Aug 95 08:23:12 PDT Subject: Quibbling about definitions of "proof" In-Reply-To: Message-ID: <9508071521.AA10100@zorch.w3.org> All this quibbling about the "validity" of proof checkers is philosophically inept. It is a basic property of logic that it proceeds from axioms to conclusions. No proposition can be understood except by reference to some other proposition. It is not possible to objectively observe anything, all observation is made through a mechanism which is imperfectly analysed and thus the observation is subjective to the extent that the interpretation is unknown. We may obtain an objective statement from a subjective observation by reference to the source of subjectivity. If however the subjective assumptions are shared by all participants within the system of being any statement which follows from only those assumptions may be regarded as objective. Objectivity is thus not an atomic fact but a relation, a fact cannot have the property of objectivity except with respect to a system of being. [Thus I may assert 1+1=2 as an objective fact since the assumptions upon which it is based are commonly shared. If however someone wished to question this statement (e.g. phenomological bracketing) then in the context of that discussion I would accept it as being subjective).] The question of prooving the proof checker is thus an extension of a more fundamental problem, providing proof of proof. Since a proof is a fact and facts are subjective except with resepct to a system of being the demand for proof of consistency of proof is an extension of the requirements for proof as normally understood. The requirement for "prooving" a program is thus significantly less onerous than asserted. It is not necessary to provide a trancendental proof, merely to establish consistency with respect to a commonly accepted set of axioms. Phill Hallam-Baker From cme at TIS.COM Mon Aug 7 08:36:32 1995 From: cme at TIS.COM (Carl Ellison) Date: Mon, 7 Aug 95 08:36:32 PDT Subject: ACLU Opposes Exon-Like Speech Crimes in Managers Amend. to House Telco Bill In-Reply-To: <199508050036.RAA18410@comsec.com> Message-ID: <9508071534.AA19224@tis.com> >Date: Thu, 3 Aug 1995 11:06:19 -0400 >From: ACLUNATL at aol.com > The amendment would have the >effect of actually usurping control from parents in favor of a government >approval panel. Anecdote: I was in Cambridge MA this past weekend visiting old friends, some at church. I sat across from one such at lunch -- a young guy up from Texas going on about how good it is that people are fighting cyberporn. I brought up parental control in attempted rebuttal and he switched immediately to the idea that `parents usually *are* the child abusers and we need to protect children from them -- not give parents control over what gets communicated electronically'. I was surprised at the speed with which he switched to that line of thought. It's clear that this chess game opening has been played by or around him before. [Come to think of it now, it's completely consistent with the anti-abortion stand: that children (starting at fetus) are the property of Society and parents are required to serve Society as soon as a child is conceived (or perhaps as soon as they start having sex). If it's child abusers you're talking about, that line of reasoning can carry emotional appeal. However, I lived in Utah at a time when it was illegal for parents to instruct their children about birth control (I was told (I didn't read the law personally.)).] - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From fc at all.net Mon Aug 7 09:04:17 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Mon, 7 Aug 95 09:04:17 PDT Subject: Quibbling about definitions of "proof" In-Reply-To: <9508071521.AA10100@zorch.w3.org> Message-ID: <9508071603.AA19197@all.net> > All this quibbling about the "validity" of proof checkers is philosophically > inept. It is a basic property of logic that it proceeds from axioms to > conclusions. No proposition can be understood except by reference to some > other proposition. Except that it all starts with language and developes through set theory. > It is not possible to objectively observe anything, all observation is made > through a mechanism which is imperfectly analysed and thus the observation > is subjective to the extent that the interpretation is unknown. And yet it is all based on observations at the initial set theoretic level. > We may obtain an objective statement from a subjective observation by reference > to the source of subjectivity. If however the subjective assumptions are shared > by all participants within the system of being any statement which follows from > only those assumptions may be regarded as objective. Objectivity is thus not > an atomic fact but a relation, a fact cannot have the property of objectivity > except with respect to a system of being. And indded, we are people which gives us some common context. > [Thus I may assert 1+1=2 as an objective fact since the assumptions upon which > it is based are commonly shared. If however someone wished to question this > statement (e.g. phenomological bracketing) then in the context of that > discussion I would accept it as being subjective).] I was taught 1+1=1 in boolean algebra. > The question of prooving the proof checker is thus an extension of a more > fundamental problem, providing proof of proof. Since a proof is a fact and facts > are subjective except with resepct to a system of being the demand for proof of > consistency of proof is an extension of the requirements for proof as normally > understood. But in computers, we are living in a mathematically defined system (except for physical issues which have been suppressed to a very large extent by the design of statistically low error-rate systems) which follows very precisely the logic of its design. Thus proofs work since we are working in this well formed domain. > The requirement for "prooving" a program is thus significantly less onerous than > asserted. It is not necessary to provide a trancendental proof, merely to > establish consistency with respect to a commonly accepted set of axioms. More specifically, within the logic dictated by the hardware designed to assure that the system remains within the mathematical structure defined by its design. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From tcmay at got.net Mon Aug 7 09:18:48 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 7 Aug 95 09:18:48 PDT Subject: There's a hole in your crypto... Message-ID: At 12:53 PM 8/7/95, Dr. Frederick B. Cohen wrote: >Issue 2: > >The notion that mathematics somehow excludes linguistic proofs >(forwarded I believe by a user with "may" in their email address) is >nonsense. Mathematics at its core is based on linguistic notions that Not this "May," so far as I can recall. --Tim May Special note: My ISP has changed its domain name from "sensemedia.net" to "got.net" (as in "got milk?"), so I have to again ask you all to bear with me and use my new e-mail address, "tcmay at got.net". ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From qfh1 at crux3.cit.cornell.edu Mon Aug 7 09:49:48 1995 From: qfh1 at crux3.cit.cornell.edu (Quazi F. Haque) Date: Mon, 7 Aug 95 09:49:48 PDT Subject: JIL_ted In-Reply-To: <199508051212.IAA26627@pipe3.nyc.pipeline.com> Message-ID: Quazi F Haque | Those that can give up essential liberty to obtain a little qfh1 at cornell.edu | temporary safety deserve neither liberty nor safety. - BF From rjc at clark.net Mon Aug 7 09:53:38 1995 From: rjc at clark.net (Ray Cromwell) Date: Mon, 7 Aug 95 09:53:38 PDT Subject: Quibbling about definitions of "proof" In-Reply-To: Message-ID: <199508071653.MAA03355@clark.net> Phill Hallam-Baker summarized it best. I advise anyone interested in this issue to read up on pancritical rationalism (a favorite extropian topic of debate). "The Retreat to Commitement" by Bartley (?, sorry, can't recall at the moment, the book is not with me) is a good writeup of the subject. At the lowest level, even the basic axioms can be cricitized. -Ray From kelly at netcom.com Mon Aug 7 10:13:03 1995 From: kelly at netcom.com (Kelly Goen) Date: Mon, 7 Aug 95 10:13:03 PDT Subject: Over 350 'Munitions T-shirts' Shipped In-Reply-To: <199508071416.IAA14134@scratchy.itsnet.com> Message-ID: <199508071710.KAA28434@netcom5.netcom.com> Where are mine...I got the money to you via Mario wojo???? at SUN... I ordered 8 of the shirts BTW I am the publisher of PGP 1.0 the only person who will be indicted with Phil or alone for PGP what about MY defense fund???? Check Gov Access for my story cheers kelly From sdw at lig.net Mon Aug 7 10:41:53 1995 From: sdw at lig.net (Stephen D. Williams) Date: Mon, 7 Aug 95 10:41:53 PDT Subject: RSA has been proved correct In-Reply-To: <9508050806.AA22214@ua.MIT.EDU> Message-ID: ... > Given the enormous difficulty of ensuring security in a world of > ubiquitous distributed computing, I'm as big a fan as any of formal > methods. But Tim's post hammers home the big fault of formal methods: > the possibility that people will come to rely upon them. I have "Logic is a system whereby one may go wrong with confidence." - Patterson ... > > Cheers, > > JWS > sdw -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From tfs at adc.com Mon Aug 7 10:53:00 1995 From: tfs at adc.com (Tony F Sgarlatti) Date: Mon, 7 Aug 95 10:53:00 PDT Subject: Over 350 'Munitions T-shirts' Shipped Message-ID: <9508071751.AA09815@ohtar> > Where are mine...I got the money to you via > Mario wojo???? at SUN... > I ordered 8 of the shirts > BTW > I am the publisher of PGP 1.0 the only person > who will be indicted with Phil or alone for PGP > what about MY defense fund???? > > Check Gov Access for my story Could you be a little more specific regarding your URL? Thanks! ******************************************************************************* * Just say know! Tony Sgarlatti thetruth at future.net * ******************************************************************************* From AlanPugh at MAILSRV2.PCY.MCI.NET Mon Aug 7 11:22:58 1995 From: AlanPugh at MAILSRV2.PCY.MCI.NET (Alan Pugh) Date: Mon, 7 Aug 95 11:22:58 PDT Subject: addresses Message-ID: <01HTSKP4C88Y8ZDVMP@MAILSRV1.PCY.MCI.NET> thanks much to all who responded to my query on the problem i was having with the strange address. i think i have more than enough information to resolve this problem. amp ********************************************* * / Only God can see the whole * * O[%\%\%{<>===========================- * * \ Mandlebrot Set at Once! * * amp * * <0003701548 at mcimail.com> * * * * PGP Key = 4A2683C1 * ********************************************* From jschultz at mail.coin.missouri.edu Mon Aug 7 11:25:56 1995 From: jschultz at mail.coin.missouri.edu (John Schultz) Date: Mon, 7 Aug 95 11:25:56 PDT Subject: RSA/Perl Shirts In-Reply-To: Message-ID: On Mon, 7 Aug 1995, Rev. Ben wrote: > Has Joel Furr shipped his shirts yet? > > I see some people on the list have gotten shirts and i was wondering as > I still have not gotten mine. I was wondering the same thing myself. I know my check was cashed over a month ago, but no shirt has arrived. From adam at bwh.harvard.edu Mon Aug 7 12:05:21 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 7 Aug 95 12:05:21 PDT Subject: ANNOUNCE:- RSAEURO Version 1.00 In-Reply-To: <12@sourcery.demon.co.uk> Message-ID: <199508071904.PAA21608@bwh.harvard.edu> I just wanted to publicly thank Stephen Kapp for writing this. Its long past time RSAREF was re-created outside the USA. Also, this toolkit will be useful to those of us in the USA in about 5 years. Thanks, Stephen! You wrote: | RSAEURO is a cryptographic toolkit providing various functions for the use | of digital signatures, data encryption and supporting areas (PEM | encoding, random number generation etc). To aid compatibility with | existing software, RSAEURO is call-compatible with RSADSI's "RSAREF(tm)" | toolkit. RSAEURO allows non-US residents to make use of much of the | cryptographic software previously only (legally) available in the US. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From jlasser at rwd.goucher.edu Mon Aug 7 12:31:39 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Mon, 7 Aug 95 12:31:39 PDT Subject: ACLU Opposes Exon-Like Speech Crimes in Managers Amend. to House Telco Bill In-Reply-To: <9508071534.AA19224@tis.com> Message-ID: On Mon, 7 Aug 1995, Carl Ellison wrote: > Anecdote: > > I was in Cambridge MA this past weekend visiting old friends, some > at church. I sat across from one such at lunch -- a young guy up from > Texas going on about how good it is that people are fighting cyberporn. > > I brought up parental control in attempted rebuttal and he switched > immediately to the idea that `parents usually *are* the child abusers and > we need to protect children from them -- not give parents control over what > gets communicated electronically'. > > I was surprised at the speed with which he switched to that line of > thought. It's clear that this chess game opening has been played by or > around him before. I suppose it was pointless to point out (in this case, not in general public debate) that parents who are child abusers have no need to use the Internet to acquire victims? Two totally, completely, absolutely different questions. Or am I missing something? Jon ------------------------------------------------------------------------------ Jon Lasser (410) 494-3253 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From sunder at escape.com Mon Aug 7 12:34:25 1995 From: sunder at escape.com (Ray Arachelian) Date: Mon, 7 Aug 95 12:34:25 PDT Subject: "The Net" In-Reply-To: <9o809c19w165w@bwalk.dm.com> Message-ID: On Thu, 3 Aug 1995, Dr. Dimitri Vulis wrote: > I once was a consultant at a small financial services firm, and a (young, > disturbed) user was going around playing stupid pranks on unattended PCs. I > mandated the use of screenblankers that kicked in after 3 minutes of inactivity > and required a password to get back. The user would then reboot the PCs; some > password was needed to get onto the LAN, but he'd mess with the local > config.sys's. He eventually got fired and I do something else. Unfortunatly, the lusers here are brain-dead and don't care about anything. They don't even know the first things about DOS. We do have a couple of geniuses who think they know Windoze (or want to learn it) who occasionally play with the icons and groups: one such genious once closed a group window, then claimed someone "erased it." What a dork! The worse is that I have to clean up after them no matter how stupid they are. > I guess byte values>255 are the IP equivalent of 555. Better than 127.0.0.1 - > someone might telnet to 127.0.0.1, then ask mgm/ua whose address this is. :) Well, the loopback is only a single IP address. If they used that, every net.entity would have the same IP. Not too good. :-) > My 6yr-old's IBM Aptiva comes with a sound board and the software that reads > English text and pronounces it in much more lifelike manner than the gizmo in > the movie. That gizmo sounded annoyingly computer-like, but had intonations > obviously coming from a human actor. Nope, sounded right the like the Apple MacinTalk II Pro voices. They've got some really cool voices, some even human sounding. Check it out if you get a chance. Real intonations: you can hear the voice flex, etc. There are some voices that follow songs or other tones. (i.e. Big Ben, Bells, etc.) They sound like they're singing. > The notion is very realistic (but the flashy displays in the movie were not). > At the recent PC Expo at the Javitz Center in NYC, there were tens of PCs > running various Web browsers to try out. No one was watching over most of them. > I entered the URL telnet://uunet.uu.net:119, and sure enough, got connected. > It accepted 'IHAVE', but I was too lazy to type in an entire Usenet article. > I (and the heroine) could have telnetted to someone's port 25 just as easily. Yep. Those be the same machines where I dropped my Cypherpunx PC EXPO V2.0 disks. Just left a few dozen infront of each machine as I used them. Sort of the sleight of hand that theives use to lift stuff; only I didn't take, I put. >;-) > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps Say, what's on this BBS anyway... (send me email, enough noise on this list.) =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From nobody at valhalla.phoenix.net Mon Aug 7 12:35:52 1995 From: nobody at valhalla.phoenix.net (Anonymous) Date: Mon, 7 Aug 95 12:35:52 PDT Subject: www remailer interface Message-ID: <199508071935.OAA24824@ valhalla.phoenix.net> c'punks, Please check out the new www remailer interface at http://miso.wwa.com/~dochobbs/cpremailer.html It is based on nate's code with one addition for security and contains info from other places. I would appreciate some visits and comments/criticisms before I place it in the general population. Again, give it a thorough test because I want it to be good and secure for me and those using it. It's in its final testing phase (mainly because I haven't got the news instructions just the way I want them) and will be set to go soon. I am, of course, sending this message through the page. Michael Hobbs dochobbs at wwa.com From sjb at austin.ibm.com Mon Aug 7 13:10:18 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Mon, 7 Aug 95 13:10:18 PDT Subject: "The Net" In-Reply-To: Message-ID: <9508072009.AA17336@ozymandias.austin.ibm.com> Ray Arachelian writes >Well, the loopback is only a single IP address. If they used that, every >net.entity would have the same IP. Not too good. :-) Nope. *Any* IP address starting with 127 is a host loopback address and shouldn't appear outside the host. This from the "Assigned Numbers" RFC (STD 2). 127.0.0.1 is only convention. It's the "first" loopback address. From sunder at escape.com Mon Aug 7 13:19:05 1995 From: sunder at escape.com (Ray Arachelian) Date: Mon, 7 Aug 95 13:19:05 PDT Subject: MS Money password problem In-Reply-To: Message-ID: On Sun, 6 Aug 1995, Matt Miszewski wrote: > We recently lost (ok fired) our office manager, but not before she put > nifty passwords on all the MS Money data we had and now she has, of > course, gone on a three week vacation. I have all the relevant WP > password retrieving mechanisms but not one for MS Money. > > Anyone with pointers or programs, your help would be greatly appreciated. Welp, good luck to you. Of course, this should be a great huge reminder of why BACKUPS are important. If you have a backup of the data >BEFORE< she locked it, you only lost anything entered from between the date of the backup and "today." Tim of course has a point. Strong crypto isn't breakable. Don't know what MS Money uses... :-( =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From sunder at escape.com Mon Aug 7 13:21:47 1995 From: sunder at escape.com (Ray Arachelian) Date: Mon, 7 Aug 95 13:21:47 PDT Subject: Noise: PBS under the Republicans (fwd) In-Reply-To: <199508040003.SAA12916@bvsd.k12.co.us> Message-ID: On Thu, 3 Aug 1995, Ian S. Nelson wrote: > > // Ray, you may want to forward this to the list. ^^^^ THIS IS WHY :-) The original poster of this asked me to post it to this list for him. Why? Cause I run a filtered cypherpunks service to which he subscribes - he wanted me to forward this to the real list, so I did. Since it's contents is not-quite-crypto related, you see "Noise:" in the subject. > > Why am I seeing this with the cp list? > =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From futplex at pseudonym.com Mon Aug 7 13:31:16 1995 From: futplex at pseudonym.com (Futplex) Date: Mon, 7 Aug 95 13:31:16 PDT Subject: www remailer interface In-Reply-To: <199508071935.OAA24824@ valhalla.phoenix.net> Message-ID: <9508072031.AA08118@cs.umass.edu> Anonymous/Michael Hobbs writes: > Please check out the new www remailer interface at > > http://miso.wwa.com/~dochobbs/cpremailer.html [...] > I would appreciate some visits and comments/criticisms > before I place it in the general population. I'm a bit uncomfortable about the hardwiring of a particular remailer into the chain, according to the Web page: "Select your remailers [...] Your mail will be automatically sent to the remailer hfinney at shell.portal.com and at least one other remailer that you choose." (Nothing personal, Hal :) Why was this done ? -Futplex From sunder at escape.com Mon Aug 7 13:32:41 1995 From: sunder at escape.com (Ray Arachelian) Date: Mon, 7 Aug 95 13:32:41 PDT Subject: Over 350 'Munitions T-shirts' Shipped In-Reply-To: <199508071416.IAA14134@scratchy.itsnet.com> Message-ID: Anyone know if the ones printed by Joe Furr have/will be mailed soon? =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From adam at bwh.harvard.edu Mon Aug 7 14:08:14 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 7 Aug 95 14:08:14 PDT Subject: SSLeay - Whats the story... In-Reply-To: <199508040455.AAA18486@petrified.cic.net> Message-ID: <199508072107.RAA22991@bwh.harvard.edu> | > As SSL has some intrinsic points of weakness, I don't see the point | > of sticking to it to secure the TCP layer. | | just wondering but...What are the intrinsic points of weakness? As Bruce Schneier reminded people in his keynote at Defcon, its easier to steal the keys than to break the cryptosystem. Web servers tend to be far too big and bulky to be trusted with cryptographic keys. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From dochobbs at wwa.com Mon Aug 7 14:19:36 1995 From: dochobbs at wwa.com (Michael D. Hobbs) Date: Mon, 7 Aug 95 14:19:36 PDT Subject: www remailer interface Message-ID: It has been stated, :I'm a bit uncomfortable about the hardwiring of a particular remailer into :the chain, according to the Web page : : "Select your remailers [...] Your mail will be automatically sent : to the remailer hfinney at shell.portal.com and at least one other : remailer that you choose." : :(Nothing personal, Hal :) : :Why was this done ? : :-Futplex The code was written to be used with a local remailer that then sends it along the others that the sender chooses. I modified it so that I don't need to establish my own remailer by sending it to hfinney at shell.portal.com. I think this might provide better security for the sender due to the fact that you are forced to chain your letter thus providing more security. The argument can be made that if the initial hardwired remailer is compromised that this removes all security. I chose hfinney because 1. the turnaround time is good. I wanted the first to be fast because it is basically 'insurance' for the sender. 2. it was a remailer that I am familiar with and has been around (in remailer server time) awhile. 3. it was the one that I personally felt most comfortable with using as the hardwired mailer. Granted these might not be the best reasons, but this is the kind of response I was looking for. I can solve the problem by either 1. removing the hardwired 2. removing the hardwired and forcing you to chain 3. keep the hardwired in and use some 'established' remailer or one the group can come to a consensus on. Responses appreciated. I will gladly distibute the code if desired. Like the page states, it was originally written by Nate Sammons, but I can change it as needed. _____________________________________________________________ dochobbs at wwa.com M.D. Hobbs mhobbs at rad.rpslmc.edu http://miso.wwa.com/~dochobbs finger for my pgp key I am human and nothing human do I count alien. From hallam at w3.org Mon Aug 7 14:24:45 1995 From: hallam at w3.org (hallam at w3.org) Date: Mon, 7 Aug 95 14:24:45 PDT Subject: Quibbling about definitions of "proof" In-Reply-To: <9508071603.AA19197@all.net> Message-ID: <9508072123.AA17396@zorch.w3.org> >> All this quibbling about the "validity" of proof checkers is philosophically >> inept. It is a basic property of logic that it proceeds from axioms to >> conclusions. No proposition can be understood except by reference to some >> other proposition. >Except that it all starts with language and developes through set theory. That is not necessarily the case. It all starts with communication of which language is a form, logic is a more perfect form of communication because its validity is most widely shared. It is perfectly consistent to deny the supremacy opf logic. Wittgenstein was wrong to assert that it is impossible to step outside the logical framework. The mind may be characterised by logical inferences but that does not mean that it is bounded by logical inferences. The observer might take a hallucinatory drug for example and thereby participate in an extra-logical ontology. >And yet it is all based on observations at the initial set theoretic level. Only if you accept that the logical positivists were right and that there is no thought that cannot be characterised in that manner. The problem with this approach is that it prevents consideration of the real issue which philosophy should consider, the questions of being, time and spirit. We might conisder that the logical positivists found and aswer to the wrong question while the continetal school found an unsatisfactory anwer to the right one. >And indded, we are people which gives us some common context. Exactly we can communicate because we participate within the same system of being and that provides sufficient common reference points for us to convince ourselves that we are communicating the same ideas. We cannot prove that we are in fact achieiving this goal for we cannot objectively determine that we both observe the same things. >> The question of prooving the proof checker is thus an extension of a more >> fundamental problem, providing proof of proof. Since a proof is a fact and facts >> are subjective except with resepct to a system of being the demand for proof of >> consistency of proof is an extension of the requirements for proof as normally >> understood. >But in computers, we are living in a mathematically defined system >(except for physical issues which have been suppressed to a very large >extent by the design of statistically low error-rate systems) which >follows very precisely the logic of its design. Thus proofs work since >we are working in this well formed domain. But that mathematically defined system is still subject to the constraint that we cannot analyse the thing in itself. Instead we must step outside the system to analyse it. We do not in fact define LISP in LISP what we actually do is to define LISP in a language that looks like LISP and demonstrate that the two are compatible. It is important to distinguish a demonstration of meta-consistency from a proof within the logic of that logic. We might assert correctly that a program have been proven correct using a proof checker. We do not need to explain that the proof is of correctness with respect to a set of axioms for that is the nature of proof and is thus no more necessary when considering proofs of computer programs than of any other type of proofs. The meta-form of this proof is "A Therefore B where B is independent of A". We cannot however assert that we have used the program checker to prove itself. That would have a meta-form "A Therefore A". This form does not contain any information. The only meta form of A concerning A that carries information is "A Therefore (not A)". This implies that A is false. Thus although it is not possible to prove A true it is possible to prove it false. Phill Hallam-Baker From pcw at access.digex.net Mon Aug 7 16:09:46 1995 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 7 Aug 95 16:09:46 PDT Subject: Two-faced Security Problem? Dammit Janus? Message-ID: Not exactly crypto, but the same idea: I've been trying to hook up an HTTP server sitting on a Mac at the end of my normal PPP connection. This was just supposed to be a test, but I kept getting annoying connection problems whenever someone tried to GET a page from me. The connection wouldn't go through about half of the time. After poking around for a week, I discovered that my home machine, newray.digex.net, is listed in the Digex's nameservers TWICE! Once with the IP address that my home machine is waiting for (199.125.128.5) and once with some other IP address in the digex space (164.109.211.61). If you do an nslookup on the name, you get both addresses. I believe that the technically correct thing for someone to do is to choose one of the addresses at random to distribute the load between two machines pretending to be one. This explains the connection failures that happened half of the time. This has led me to wonder, though, whether this is some sort of security breech. For instance, could there be someone out there mascarading as me? Normally I run Eudora, Netscape, Telnet and other outward bound applications. It was almost a fluke that I noticed that there were two entries. Does some software need to find its IP address in a DNS table? For instance, does Eudora need to look up 164.109.211.61 to find "newray.digex.net"? If someone was using this software on the mascarading node, they would need to set up an entry in the tables to make everything work. They just assumed I would never get inbound traffic. Any theories on this? -Peter "More Paranoid Than Ever" Wayner From tbyfield at panix.com Mon Aug 7 16:27:13 1995 From: tbyfield at panix.com (Ted Byfield) Date: Mon, 7 Aug 95 16:27:13 PDT Subject: patent info URL Message-ID: Since various intellectual property debates and questions come up ("plague") periodically, it seemed like it'd be a good idea to post the following URL: http://www.patents.com/ Its run by a small patent law firm and has a series of well-linked, snappy FAQs on issues pertaining to intellectual property, patents (including some on "I had a really clever idea--what should[n't] I do?"), relevant links, etc. etc Ted From crypto at midex.com Mon Aug 7 16:32:27 1995 From: crypto at midex.com (Matt Miszewski) Date: Mon, 7 Aug 95 16:32:27 PDT Subject: MS Money password problem In-Reply-To: Message-ID: On Mon, 7 Aug 1995, Ray Arachelian wrote: > Welp, good luck to you. Of course, this should be a great huge reminder > of why BACKUPS are important. If you have a backup of the data >BEFORE< > she locked it, you only lost anything entered from between the date of > the backup and "today." Nope. the backups are just as protected. Granted I doubt it is anything but trivial, but i do have a regular job and every hour i spend getting this password is a billable hour gone... > =================================================================93======= > + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | > \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | > <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| > /|\ | Just Say | |----\ /---- | > + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | > =======/---------------------------------------------------------VI------/ Matt From shamrock at netcom.com Mon Aug 7 17:19:57 1995 From: shamrock at netcom.com (Lucky Green) Date: Mon, 7 Aug 95 17:19:57 PDT Subject: Where to find Internet growth stats? Message-ID: I read in a speech by Rutkowski that the latest Internet growth stats are published twice a month. I search at the Internet Society site, and other usual suspects, but to no avail. URL, anyone? TIA, -- Lucky Green PGP encrypted mail preferred. From cman at communities.com Mon Aug 7 17:49:18 1995 From: cman at communities.com (Douglas Barnes) Date: Mon, 7 Aug 95 17:49:18 PDT Subject: hardware encryption Message-ID: I'm looking for add-in cards that implement DES and/or RSA for either a PC (ISA/EISA/whatever) or a Sun (S-Bus), preferably a Sun. Also, the RSA card would need to implement a 1024 bit modulus. Any tips or pointers? I've got the list of chip makers in _Applied Cryptography_, but the ones I've contacted so far don't seem to know anything about cards, even if they admit that they have the chips. Thanks, Doug From dorab at twinsun.com Mon Aug 7 18:14:38 1995 From: dorab at twinsun.com (Dorab Patel) Date: Mon, 7 Aug 95 18:14:38 PDT Subject: Where to find Internet growth stats? In-Reply-To: Message-ID: <199508080113.SAA00900@knee.twinsun.com> http://www.isoc.org/ also gopher://akasha.ti.com:70/11/matrix/growth/internet From shgoh at ncb.gov.sg Mon Aug 7 18:39:13 1995 From: shgoh at ncb.gov.sg (Goh Seow Hiong) Date: Mon, 7 Aug 95 18:39:13 PDT Subject: Triple-DES controlled? Message-ID: Could someone confirm whether the US export restrictions apply to Triple-DES? If so, are there exceptions as in the case of DES (e.g. for banking or financial applications). Thx. SH From jya at pipeline.com Mon Aug 7 18:39:44 1995 From: jya at pipeline.com (John Young) Date: Mon, 7 Aug 95 18:39:44 PDT Subject: 700_dig Message-ID: <199508080139.VAA01367@pipe4.nyc.pipeline.com> MH has provided a transcript of Pat Robertson's show on digital cash of March 8, 1995. It includes remarks by David Chaum, Dave Banisar, Steven Levy and others. 700_dig (about 14K) From jya at pipeline.com Mon Aug 7 18:41:46 1995 From: jya at pipeline.com (John Young) Date: Mon, 7 Aug 95 18:41:46 PDT Subject: WDM_zum Message-ID: <199508080141.VAA01570@pipe4.nyc.pipeline.com> RH has provided an informative article on wavelength division multiplexing (WDM) from the August 7 InfoWorld: "Boost in optical-fiber communication capacity is just over the rainbow," by Bob Metcalfe, the founder of 3Com. WDM_zum (about 5K) From pgf at tyrell.net Mon Aug 7 19:05:21 1995 From: pgf at tyrell.net (Phil Fraering) Date: Mon, 7 Aug 95 19:05:21 PDT Subject: See y'all in a while.... Message-ID: <199508080200.AA08748@tyrell.net> I'm leaving the list for a while while I try to work out a different way of accessing the net. In short, I've grown dissatisfied with my ISP and need some time to think things through before making other arrangements. It's too frustrating sorting through all of this mail without proper filtering scripts like I had set up back at srl03. And news is kind-of beside the point: the news server is always full, and rejects any attempt to post because of lack of space. In the meantime, while y'all discuss all that stuff about logical proofs and the like, please, _please_, stay away from crosswalks? I'll probably make another attempt at downloading pgp262s.zip before I shut this down... the first two times the modem (I think theirs) went flaky and dropped the connection on me. Okay. time to see if the signature service works. Later, dudes. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMBwQDCoTheIowlstareqnot8whaththeyEseemMI5rculIym8xjzYV8C mErjcooperUcoopermcooperqBviplMp =aBGi -----END PGP SIGNATURE----- +----------------+Quote from _Infinite In All Directions_, F.J. Dyson-----+ | Phil Fraering / \"The English Hierarchy, if there be anything unsound in| | pgf at tyrell.net\ /its constitution, has reason to tremble even at an air | +----------------+-pump or an electrical machine."---Joseph Priestly------+ From dochobbs at wwa.com Mon Aug 7 19:50:49 1995 From: dochobbs at wwa.com (Michael D. Hobbs) Date: Mon, 7 Aug 95 19:50:49 PDT Subject: MS Money password problem Message-ID: I'm not sure if this has been mentioned or will help, but this company makes crakers for quicken, word and wordperfect (not sure about M$ money though). http://gn2.getnet.com:80/crak/ email: johnk at indirect.com _____________________________________________________________ dochobbs at wwa.com M.D. Hobbs mhobbs at rad.rpslmc.edu http://miso.wwa.com/~dochobbs finger for my pgp key I am human and nothing human do I count alien. From jya at pipeline.com Mon Aug 7 20:12:42 1995 From: jya at pipeline.com (John Young) Date: Mon, 7 Aug 95 20:12:42 PDT Subject: RSA Catalog Message-ID: <199508080312.XAA14393@pipe4.nyc.pipeline.com> For those who've not yet fondled RSA's sleek "Security Solutions Catalog," it can be virtually diddled at: http://www.rsa.com/rsa/sscatw95/P67.HTM From perry at panix.com Mon Aug 7 20:28:55 1995 From: perry at panix.com (Perry E. Metzger) Date: Mon, 7 Aug 95 20:28:55 PDT Subject: Triple-DES controlled? In-Reply-To: Message-ID: <199508080328.XAA24362@panix4.panix.com> Goh Seow Hiong writes: > Could someone confirm whether the US export restrictions apply to > Triple-DES? Yes. > If so, are there exceptions as in the case of DES (e.g. for > banking or financial applications). I have not heard of export licenses being granted for 3DES. However, why do you care? As a person from a reasonably free country you can just get the DES code from Finland or any one of dozens of other sites outside the US. Perry From brendan at Mail.RAth.PeachNet.EDU Mon Aug 7 20:30:53 1995 From: brendan at Mail.RAth.PeachNet.EDU (Brendan Mullen) Date: Mon, 7 Aug 95 20:30:53 PDT Subject: Where to find Internet growth stats? Message-ID: http://www.tic.com/mids/midshome.html is --cut->>Matrix Information and Directory Services, Inc. (MIDS) is a corporation founded by Smoot Carl-Mitchell and John S. Quarterman. Eric McKinney is Assistant Editor. <<--paste- --- Brendan Mullen brendan at chugalug.cosmic.uga.edu Athens GA USA From rsalz at osf.org Mon Aug 7 21:03:16 1995 From: rsalz at osf.org (Rich Salz) Date: Mon, 7 Aug 95 21:03:16 PDT Subject: Triple-DES controlled? Message-ID: <9508080402.AA02918@sulphur.osf.org> >I have not heard of export licenses being granted for 3DES. Didn't the ANSI financial committee just adopt 3DES (over NSA objections)? Presumably they consider the export situation solved/solvable. /r$ From perry at panix.com Mon Aug 7 21:07:22 1995 From: perry at panix.com (Perry E. Metzger) Date: Mon, 7 Aug 95 21:07:22 PDT Subject: Triple-DES controlled? In-Reply-To: <9508080402.AA02918@sulphur.osf.org> Message-ID: <199508080407.AAA09263@panix4.panix.com> Rich Salz writes: > >I have not heard of export licenses being granted for 3DES. > > Didn't the ANSI financial committee just adopt 3DES (over NSA > objections)? Yes. > Presumably they consider the export situation solved/solvable. There is the trivial solution of buying outside the US. The hardware is actually better these days as the Germans and others have a worldwide market and the economies that brings. .pm From wfrench at interport.net Mon Aug 7 21:09:14 1995 From: wfrench at interport.net (Will French) Date: Mon, 7 Aug 95 21:09:14 PDT Subject: www remailer interface Message-ID: <199508080404.AAA02398@interport.net> > 1. removing the hardwired > 2. removing the hardwired and forcing you to chain > 3. keep the hardwired in and use some 'established' remailer > or one the group can come to a consensus on. Given the second possibility, I see no reason to hardwire a remailer. It really will make people suspicious! I can easily imagine someone deciding not to use that remailer again, just on general principles. And anyway, chaining is not always necessary, especially if the sender is at a public Web terminal or using an anonymous Web proxy. The remailers don't enforce chaining, why should you? Will French From liberty at gate.net Mon Aug 7 22:00:13 1995 From: liberty at gate.net (Jim Ray) Date: Mon, 7 Aug 95 22:00:13 PDT Subject: [Meaningless] Vote. Message-ID: <199508080457.AAA03322@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Fellow Cypherpunks: Below is the URL of an "Online Forum" page to allow 'Net citizens vote on various, (usually boring) issues. >************************************************** > VOTELINK brings the Voice of the Internet > To today's hot news topics. To make your voice > "heard round the world" go to: > > http://www.votelink.com >*************************************************** So last week I was surfin', wastin' time, and drinkin' a brew, and I happened by. I was asked to vote on some mundane topic [I forget what]--and instead I suggested a "World Vote" topic I liked better, and, sure enough, they put it up this week: [I was shocked when they e- mailed me!] :-) >Should Phil Zimmermann be prosecuted for allowing > release of his PGP encryption program on the > Internet? > > > PRO: ITAR export restrictions exist. > Cryptographic software, like PGP, is > considered a weapon of war. -- more [somebody shoot me with PGP, and nothing else!] > > CON: Imprisoning Zimmermann for export > violations would be an unconstitutional restraint of > free speech and privacy rights. -- more [guess how Jim Ray voted...] ;-) OK. Far be it from me to suggest vote fraud [there aren't too many Libertarians in cemetaries anyway :)] but I think certain cypherpunks might want to go "vote" this week, if you have the time to waste. Please vote *only* once, and tell all your buddies. Thanks. JMR - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMCbswG1lp8bpvW01AQGDeAP8DZiWwIsABi7sy3MuyZo5QMFB/lf0ghIg 8zcE/WGaPocvwqlxwBW3DckSQw/vM8cqyv3LGPjQwC2il5HpELdyS44Rd4tQ/Qjb p0P+6mZh0Qk8domUuadX877Lk8hcnh7ydypCL3WPigSvh3tYYGwnL00Q6vi6nKzj YQ7092OOn80= =ebKB - -----END PGP SIGNATURE----- Regards, Jim Ray "The people will again respect the law when the law again respects the will of the people." Jim Ray, Campaign '92 - ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 - ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMCbtzyoZzwIn1bdtAQHUowGA1pSgF1+AVBDi0Jz8H7dd4XIvbXNulPvF SIRzwHrNMApJoz2mX34r+8hndI3nwREW =hz/N -----END PGP SIGNATURE----- From nzook at bga.com Mon Aug 7 22:49:11 1995 From: nzook at bga.com (Nathan Zook) Date: Mon, 7 Aug 95 22:49:11 PDT Subject: Quibbling about definitions of "proof" In-Reply-To: <9508071521.AA10100@zorch.w3.org> Message-ID: On Mon, 7 Aug 1995 hallam at w3.org wrote: > > The requirement for "prooving" a program is thus significantly less onerous than > asserted. It is not necessary to provide a trancendental proof, merely to > establish consistency with respect to a commonly accepted set of axioms. > > > Phill Hallam-Baker > Is THAT all? But I didn't know we could establish consistency of these commonly accepted axioms with THEMSELVES! (By commonly accepted, I mean ZF. I'll even the choice & continuum hypotheses out.) Nathan From merriman at arn.net Mon Aug 7 22:59:33 1995 From: merriman at arn.net (David K. Merriman) Date: Mon, 7 Aug 95 22:59:33 PDT Subject: Parental Advisory Message-ID: <199508080603.BAA08535@arnet.arn.net> Just wanted to let folks know that I'm able to confirm that He is still monitoring the list. Got a response to my posting about my Web page :-/ I hope others will stop by and check it out - links to it welcome. Dave Merriman This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From stewarts at ix.netcom.com Tue Aug 8 00:37:08 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 8 Aug 95 00:37:08 PDT Subject: Triple-DES controlled? Message-ID: <199508080734.AAA17572@ix3.ix.netcom.com> >> Didn't the ANSI financial committee just adopt 3DES (over NSA >> objections)? >> Presumably they consider the export situation solved/solvable. >There is the trivial solution of buying outside the US. The hardware >is actually better these days as the Germans and others have a >worldwide market and the economies that brings. Also. the ITAR rules give banks and financial institutions Extra Slack for exporting crypto gear for their own use. In some ways that makes sense (electronic bank robbery could be a very profitable business, and bankers are politically influential), and yet some of the government's biggest objections to free crypto seems to be that it allows people to have financial privacy... #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- # Crypto in 3-4 lines of perl --> http://dcs.ex.ac.uk/~aba/ From aba at dcs.exeter.ac.uk Tue Aug 8 01:35:46 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Tue, 8 Aug 95 01:35:46 PDT Subject: RSA/Perl Shirts Message-ID: <10803.9508080834@exe.dcs.exeter.ac.uk> John Schultz writes on cpunks: > On Mon, 7 Aug 1995, Rev. Ben wrote: > > Has Joel Furr shipped his shirts yet? > > > > I see some people on the list have gotten shirts and i was wondering as > > I still have not gotten mine. > > I was wondering the same thing myself. I know my check was cashed over a > month ago, but no shirt has arrived. There are 2 (well 4 actually) suppliers of shirts: 1) (US/Canada) Joel Furr at Josh Osborne's instigation (no current offer, but still to send out shirts from first batch) OFFER PASSED 2) (free world :-) Me - Adam Back http://dcs.ex.ac.uk/~aba/rsa UK printing cost only - still taking orders 1st batch will be ordered RSN 3) (US/Canada) Don Henson http://colossus.net/wepinsto/ 25% of proceeds to Phil Z legal defense fund - 1st batch shipped, taking orders next batch 4) (AU region of free world) Lucy Chubb (no WWW URL yet) will soon be printing some in Australia cost only also send her email for status, starting soon The last I heard about the status of Joel's shirts was on the netstuff mailing list, some time ago, he said there had been delays due to various reasons, and that his shirst wouldn't be ready until end July. As July has ended, I'm presuming this will be RSN. The people who have their shirts are those who ordered through Don Henson, who has proceeded very quickly to ship shirts, he was the start of the 350 ordered thread. Adam -- HAVE *YOU* EXPORTED RSA TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ --rsa--------------------------8<------------------------------- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 In reply to: > > >After poking around for a week, I discovered that my home machine, >newray.digex.net, is listed in the Digex's nameservers TWICE! Once with the >IP address that my home machine is waiting for (199.125.128.5) and once >with some other IP address in the digex space (164.109.211.61). If you do >an nslookup on the name, you get both addresses. I believe that the >technically correct thing for someone to do is to choose one of the >addresses at random to distribute the load between two machines pretending >to be one. This explains the connection failures that happened half of the >time. > >This has led me to wonder, though, whether this is some sort of security >breech. For instance, could there be someone out there mascarading as me? >Normally I run Eudora, Netscape, Telnet and other outward bound >applications. It was almost a fluke that I noticed that there were two >entries. > More likely this is a matter of someone assigning a host name to a system without realizing it has already been taken. Yes it can be a security breech but as you experienced the connection is broken easily. If someone wanted to grab your identity they would more likely busy your system (by flooding you with ping requests or something similar) and then grab you IP address. >Does some software need to find its IP address in a DNS table? For >instance, does Eudora need to look up 164.109.211.61 to find >"newray.digex.net"? The lookup typically goes the other way around, from host--->IP address. Dependant on the cache hits either address could be returned. From paul at gec.co.nz Tue Aug 8 05:41:25 1995 From: paul at gec.co.nz (Paul Foley) Date: Tue, 8 Aug 95 05:41:25 PDT Subject: RSA/Perl Shirts Message-ID: <30273101.gec@gec.co.nz> One thing I have to ask: Does wearing one of these shirts under something else count as carrying a concealed weapon? :-) -- Paul Foley PGP key 0x0D1C0E75 -----------------There's no government like no government---------------- Where they burn books, in the end they will also burn people. -- Heinrich Heine From perry at panix.com Tue Aug 8 05:48:32 1995 From: perry at panix.com (Perry E. Metzger) Date: Tue, 8 Aug 95 05:48:32 PDT Subject: proving programs correct Message-ID: <199508081248.IAA11447@panix2.panix.com> A boss of mine at Bellcore, and a very smart guy (B. Gopinath) once mentioned to me that (with the exception of scheme) he'd never seen a set of formal semantics for a language that were smaller than the largest program one would care to write in the language. He was, of course, slightly exagerating for effect, but his point was very simple: you can't even get the basis on which to write your proofs right. An interesting experience happened during the same project, as I recall: we attempted to prove a small bit of code correct. Unfortunately, the proof had a bug in it which meshed nicely with a bug in the program and a bug in the implementation. Proofs are no less large complicated formal constructs than programs are, and checking them is no less onerous, unless they are written in formal logic in which case they are not possible for human beings to produce. Perry From frissell at panix.com Tue Aug 8 07:04:43 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 8 Aug 95 07:04:43 PDT Subject: Pat Robertson Fears E-cash? Message-ID: <199508081404.KAA15440@panix.com> At 12:41 AM 8/2/95 -0700, Timothy C. May wrote: >So, hearing that "Pat Robertson is warning against a digital cash society" >is not too worrisome to me. I suspect he means the stuff about Big Brother >tracking us and the Number of the Beast, and so on. Correct. I have in my hot little hands a book called "Racing Toward the Mark of the Beast -- Your Money, Computers, and the End of the World" by Peter & Paul Lalonde (hosts of "This Week in Bible Prophecy") published by Harvest House. They relate the story of their attendance at 1993's "Solutions for the Global Frontier" card technology conference in Washington, DC which happened to be held during the Waco Inferno. "This Week in Bible Prophecy" and CNN were the only electronic media represented. Waco encouraged discussion by the participants for electronic tracking of cult members. The book hits all the high points of privacy invading technology. But has nothing about our sorts of privacy techniques presumably because we are not yet well known in the Christian community. Chapters: 1. Boy, Have I Got Your Number 2. Kiss Your Cash Goodby 3. What's in the Cards? 4. Your Body: The Only ID You'll Ever Need 5. Will That Be Hand or Forehead? 6. If You're Not Paranoid, It's Because You're Not Paying Close Enough Attention 7. Bringing the World On-Line 8. 666: The System Is Born 9. The Chosen Generation 10. Where Will You Stand? I have generally found "Fundies" to be better informed about privacy problems and more protective of their own privacy than any other discrete group. DCF "60 million job changes per year + Federal Job Licensing (The Jordan Commission proposal to require employers to verify SS#'s) + the 25% error rate in the SS#-Name database = 15 million legally unemployable for a total unemployment rate of 18%." From joelm at eskimo.com Tue Aug 8 07:35:54 1995 From: joelm at eskimo.com (Joel McNamara) Date: Tue, 8 Aug 95 07:35:54 PDT Subject: Announce: Private Idaho 2.5 beta Message-ID: <199508081435.HAA14596@mail.eskimo.com> The 2.5 beta version of Private Idaho is now available from: http://www.eskimo.com/~joelm or ftp.eskimo.com /u/j/joelm/pidho25b.zip After I'm satisfied it is relatively bug free, it will be announced to the appropriate newgroups and placed on mirror sites. Significant enhancements include: send SMTP mail directly from Private Idaho attach sigs conventional PGP encryption option anonymous USENET posting through supporting remailers improved multi-key interface The final release will also have full Windows-style help as well as an automated installation program. This is my first venture into writing TCP/IP - Windows Sockets code. The SMTP routines seem to work with my ISP, but we'll see what happens on other mail servers. Coming attractions - once I determine the TCP/IP code is stable, I plan on implementing POP3 background checking for PGP messages. As usual, comments, questions, and bugs to: joelm at eskimo.com ---------------------- Joel McNamara joelm at eskimo.com - http://www.eskimo.com/~joelm for PGP key Thomas Jefferson used strong crypto, shouldn't you? From adam at bwh.harvard.edu Tue Aug 8 07:42:59 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 8 Aug 95 07:42:59 PDT Subject: Triple-DES controlled? In-Reply-To: <9508080402.AA02918@sulphur.osf.org> Message-ID: <199508081423.KAA27453@bwh.harvard.edu> | Didn't the ANSI financial committee just adopt 3DES (over NSA | objections)? Presumably they consider the export situation solved/solvable. | /r$ As Perry points out, they consider it solved, albeit to the detriment of the US infosec industry. One would hope those companies are complaining loudly to their congressmen. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From perry at panix.com Tue Aug 8 07:55:58 1995 From: perry at panix.com (Perry E. Metzger) Date: Tue, 8 Aug 95 07:55:58 PDT Subject: Triple-DES controlled? In-Reply-To: <199508081423.KAA27453@bwh.harvard.edu> Message-ID: <199508081455.KAA00442@panix4.panix.com> Adam Shostack writes: > > | Didn't the ANSI financial committee just adopt 3DES (over NSA > | objections)? Presumably they consider the export situation solved/solvable From joelm at eskimo.com Tue Aug 8 08:13:14 1995 From: joelm at eskimo.com (Joel McNamara) Date: Tue, 8 Aug 95 08:13:14 PDT Subject: Announce: Private Idaho 2.5 beta (addendum) Message-ID: <199508081513.IAA21067@mail.eskimo.com> Sorry, up all night coding, and forgot to briefly describe what Private Idaho is: Private Idaho is a freeware, Windows frontend to PGP and the anonymous remailers. It provides a simple, easy to use interface for encrypting and decrypting messages as well as preparing messages to send through remailers. Although quite usable by crypto-novices, there are a number of advanced features for more experienced users. From hallam at w3.org Tue Aug 8 08:37:19 1995 From: hallam at w3.org (hallam at w3.org) Date: Tue, 8 Aug 95 08:37:19 PDT Subject: Triple-DES controlled? In-Reply-To: <9508080402.AA02918@sulphur.osf.org> Message-ID: <9508081531.AA20316@zorch.w3.org> >>I have not heard of export licenses being granted for 3DES. >Didn't the ANSI financial committee just adopt 3DES (over NSA >objections)? Presumably they consider the export situation solved/solvable. There is absolutely no difficulty obtaining cryptographic aparatus outside the US. I had an entire distribution of PEM and X500 that was entirely written outside the US. DES is avaliable from many sources, there are many tripple DES products avaliable. It is not impossible to get export licenses, there have been several issued for DES for financial applications. If the US wants to be cut out of the market for financial services software thats up to them. Non US citizens can write crypto code as well, the British crypto tradition is far longer than the US one for example. Phill From samman at CS.YALE.EDU Tue Aug 8 09:07:44 1995 From: samman at CS.YALE.EDU (Rev. Ben) Date: Tue, 8 Aug 95 09:07:44 PDT Subject: Prime Number Gen's. Message-ID: Does anyone know of where I could get source, royalty free, in the US for a good Prime Number Generator? One that used a set of quick probabalistic algorithms would be cool. Thanks Ben. ____ Ben Samman..............................................samman at cs.yale.edu I have learned silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet, strange, I am ungrateful to those teachers.-- K. Gibran. SUPPORT THE PHIL ZIMMERMANN LEGAL DEFENSE FUND! For information Email: zldf at clark.net http://www.netresponse.com/zldf From aba at dcs.exeter.ac.uk Tue Aug 8 10:12:08 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Tue, 8 Aug 95 10:12:08 PDT Subject: Prime Number Gen's. Message-ID: <15295.9508081711@exe.dcs.exeter.ac.uk> "Rev. Ben" writes on cpunks: > Does anyone know of where I could get source, royalty free, in the US for > a good Prime Number Generator? GNU code sounds like it would fit the royalty free bill. Try the GNU multi-precision library: gmp-1.3.2.tar.gz from all good GNU sources. I get my stuff from ftp://src.doc.ic.ac.uk/gnu/ if you don't have a GNU ftp site to hand. There's a function int mpz_probab_prime_p(mpnum, SURETY) which returns true if the prime passes SURETY probablistic prime tests. I think if it passes say 25 tests, then there will be less than a 1/2^25 chance that it is not prime. Also, on: http://dcs.ex.ac.uk/~aba/rsa-keygen.html I've got some code Aggelos Keromitis wrote using the GNU mp library for generating RSA keys, it uses the probab_prime function, like this: while (!mpz_probab_prime_p(&p, 25)) /* Find a prime */ mpz_add_ui(&p, &p, 1); Where p is a random starting point. Ie just add one and repeat. It would be faster to check for some more obvious things like even nos, etc. But it seems to work well enough, and generates working RSA keys. Adam -- HAVE *YOU* EXPORTED RSA TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ --rsa--------------------------8<------------------------------- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 Message-ID: <199508081735.NAA27772@panix4.panix.com> "Rev. Ben" writes: > Does anyone know of where I could get source, royalty free, in the US for > a good Prime Number Generator? PGP? .pm From buster at klaine.pp.fi Tue Aug 8 10:38:00 1995 From: buster at klaine.pp.fi (Kari Laine) Date: Tue, 8 Aug 95 10:38:00 PDT Subject: hardware encryption Message-ID: <199508081737.AA17967@personal.eunet.fi> > I'm looking for add-in cards that implement DES and/or RSA > for either a PC (ISA/EISA/whatever) or a Sun (S-Bus), > preferably a Sun. Also, the RSA card would need to implement > a 1024 bit modulus. uti-maco Belgium has some cards in that category: Contact information: uti-maco Belgium N.V. De Vunt 9 B-3220 Holsbeek - Belgium Phone +32-16-44 01 35 Fax +32-16-44 01 40 Compuserve: 100272,2772 (internet format: 100272.2772 at compuserve.com) Best Regards Kari Kari Laine buster at klaine.pp.fi LAN Vision Oy Tel. +358-0-502 1947 Sinikalliontie 14 Fax +358-0-524 149 02630 ESPOO BBS +358-0-502 1576/1456 FINLAND From hallam at w3.org Tue Aug 8 10:55:49 1995 From: hallam at w3.org (hallam at w3.org) Date: Tue, 8 Aug 95 10:55:49 PDT Subject: proving programs correct In-Reply-To: <199508081248.IAA11447@panix2.panix.com> Message-ID: <9508081749.AA20619@zorch.w3.org> >A boss of mine at Bellcore, and a very smart guy (B. Gopinath) once >mentioned to me that (with the exception of scheme) he'd never seen a >set of formal semantics for a language that were smaller than the >largest program one would care to write in the language. I suggest he look at occam, the semantics are very compact, about ten pages. The purpose of writing the denotational semantics is to obtain a grounding for the axiomatic semantics which may then be used for proofs. All this means is that languages such as ADA are useless for formal methods work because the language is too big to develop a usefull semantics for it. C is better but still far too large and the semantic ambiguities of the language cause problems. I don't consider the conventional application of formal methods to be a practical approach. This does not mean that no such approaches exist, merely that people use the wrong ones. Phill H-B From cme at TIS.COM Tue Aug 8 11:29:43 1995 From: cme at TIS.COM (Carl Ellison) Date: Tue, 8 Aug 95 11:29:43 PDT Subject: alt.politics.org.cia Message-ID: <9508081825.AA11385@tis.com> I picked up a posting there which I forwarded to another list (skipping this slightly overloaded one :-) but it was cute/funny -- suggesting a project for finding unmarked spook buildings in your neighborhood and gathering a database (on the web?) of such. It's not a CP topic, but it's related and folks might want to check out that newsgroup. (Thanks to r$ for the inspiration.) - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From vznuri at netcom.com Tue Aug 8 11:43:35 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 8 Aug 95 11:43:35 PDT Subject: internet reporter's guide Message-ID: <199508081841.LAA19302@netcom17.netcom.com> a charming tongue-in-cheek "reporter's guide to the internet". pass along to your favorite clueless reporter writing about the information superduperhighway. don't recall seeing it posted here, but was written by a past cypherpunk contributer... Gutmann is also acknowledged by PRZ as putting in major amounts of work into PGP.. ------- Forwarded Message From: pgut01 at cs.auckland.ac.nz (Peter Gutmann) Newsgroups: alt.censorship,alt.internet.media-coverage,comp.org.eff.talk Subject: The Internet: A short guide for reporters and journalists Date: 6 Aug 1995 12:32:53 GMT [The following was originally posted to the nz.general newsgroup in mid-June. Two papers/magazines expressed vague interest in publishing it, but I haven't heard from them since, for reasons which may become obvious when you read this. If anyone wants to publish this anywhere (Time Magazine, for example :-), feel free to do so. One NZ-specific thing you may need to know is that Trevor "I don't give a shit about your network" Rogers is our version of Senator Exon who predates Exon by about 6 months and is considerably more clueless (and foul-mouthed) than Exon. You can find some of his more notorious quotes in the EFF quote collection] THE INTERNET A short guide for reporters and journalists Recently there have been a lot of reports about a generally insignificant aspect of the Internet, namely the availability of erotica and other information via computer. The reason for this is quite obvious - this is one of the hottest news topics currently available. People get upset, tempers fray, and Trevor Rogers gets to have his face in the paper again. In short, stories about the evil Internet are "in". This document is intended as a guide for those who would like to join the ranks of the other reporters and journalists who have been so successful in the past when reporting about the Internet. It is intended to save you the hassle of having to reinvent the wheel when you prepare your report, and to familiarise you with certain conventions which need to be followed when reporting on anything to do with the net. You'll be amazed at how simple it is. WHY REPORTING ABOUT THE INTERNET IS USEFUL The Internet provides fascinating subject material for reporters. There's no need to perform any research, you get to cover a "hot topic", and the message is so simple that even politicians can understand it (or at least know how to make political gain from it). - - THE MESSAGE All successful stories on the Internet are based on the following fact: The Internet is a piece of high-technology whose single goal is to get porn and bomb recipes into the hands of children. Don't worry about the details. As will shortly be shown, you may have to adapt this message slightly for your target audience. However, since your average reader won't really know the difference between the Internet, a dialup BBS, and a standalone computer, you don't need to go to any special effort to distinguish between these very different technologies. Generalise. If something applies to one area, it applies to all areas, whether that's physically possible or not. The message is the same, and provided people read/watch/listen to it, you know you've done your job. - - PORN Even while you were still at journalism school, you learned that sex sells. You also know that sex itself doesn't sell, but stories about "comsumers" of sexual material do. This also provides you with an excuse to show pictures of naked women (purely to document what's available, of course) and yet still hold the moral high ground. The Internet, like all communications networks, was designed solely to communicate pornographic images. Of course, the average user has absolutely no idea how to do this, or how to perform the complex decoding and image manipulation necessary to view these images. As a reporter, it is your duty to inform the public on how this is done. Our moral guardians will be appalled at how easily you can get access to the information, anyone with a computer will be busy trying to duplicate your feat, and everyone else will be too busy staring at the pictures to do anything else. Make porn the main theme of your story. If you're doing a story on the Usenet, pick something with the name "sex" in it (even if it's a sexual abuse counselling service - if it has "sex" in the name it's got to be bad), and concentrate exclusively on that. Ignore the fact that there are over 11,000 other interest areas available on the Usenet. Don't even waste your time with them - all people ever talk about there is books, films, art, hobbies, cars, health, politics, financial issues, current events, religion, literature, and so on. Who on earth would read a story about that? Concentrate only on the stuff which pulls in the readers/viewers. Concentrate on porn. - - HIGH TECH Virtually any journalist will know that the majority of the population are somewhat technophobic. If you want to hold the readers attention, you can't go wrong when you use this fact to your advantage. Let's take a simple example: An American, a Japanese, and a New Zealander have a new technology explained to them. The American says "Great, we can use this to hold the evil Commies in check. I wonder if we can use it as a special effect in the latest Schwarzenegger film?". The Japanese says "Interesting. We can make a killing from this. I wonder how we can make it smaller and easier to use". The New Zealander says "Appalling. This will destroy civilization. How can we ban it?". As a journalist, all you need to do is follow this basic premise - that all new technology is evil and dangerous - and you just can't go wrong. To support your claims, pick a group of self-proclaimed experts and consult them frequently. The right educational counsellors ("Only natural wooden toys will stop your child becoming an axe murderer"), the right psychologists ("The constant contact with technology leads to an inner loneliness. Therefore the current generations lack of communications skills is solely due to the invention of the telephone"), and law enforcement people ("We have no idea who did it, or why, or how, or when, but we do know that they got the information off the Internet"). Remember that *you* don't actually need to understand what it is you're reporting, because most of your audience won't either. As long as they buy the paper or watch the program, you'll know you've done your job. The most important point, however, is that, due to the thorough work of your colleagues, the reader/viewer already has certain expectations for any story about the net. Whenever they hear the word "Internet", they immediately know what the coverage will be on: the dangers of computers, porn, pedophiles, and bomb recipes. Even if they remember nothing else, the viewers will know that porn was involved. Whenever any story about the internet is published or broadcast, the viewers wil automatically expect it to be about porn, which makes your job so much easier. HOW TO DO A REPORT ON THE NET, ARRANGED BY TARGET AUDIENCE Journalists are like fishermen, they select the appropriate bait depending on the intended prey. Although the usual collection of porn, pedophiles, and other paraphernalia without which no report on the net can be complete provide a wide foundation for virtually any kind of story you care to dream up, you can give your report that final polish by specifically targeting a particular group. For example: If you're writing for a right-wing audience: Your readers/viewers will dislike the net anyway - just look at the people using it, these long-haired hippie wierdos, dole bludgers and students, should all go out and get a real job or something. You don't really need to cover this area too deeply. The best way to get your audience hooked is to tell them about the horrible perversions they can run into on the net. Just think, the person you're exchanging mail with could actually be a *screaming bender*, and you wouldn't even know about it! There are actually areas of the net where gay people can meet, and talk. Your audience *must* be informed of this dangerous technology. Your message is therefore: The Internet is a piece of high-technology whose single goal is to allow perverted gays and lesbians to get to your children. Once your readers realise that it's possible for gays and lesbians to use the net just like everyone else, and that they can talk about virtually anything (my God, I mean, *anything*) then you know your article has been a success. If you're writing for a left-wing audience: As with a right-wing audience, you have an advantage here that your left-wing readers/viewers will be suspicious of the net because the government is involved with it. The internet is simply a bridgehead for a nationwide police database, identity cards, and the spectre of Big Brother. Although it can be hard to introduce the usual morals panic into a story on general technophobia, we're sure you can do it. Your general message is therefore: The Internet is a piece of high-technology whose single goal is to allow the government to set up a Big Brother-like nationwide computerised monitoring system If you're writing for a radical feminist audience: This, along with the nations moral guardians, is your ideal target audience. The internet is run mostly by men and in the past has been used mostly by men. The mere existence of the evil internet is therefore solely the fault of all males. Your message is therefore: The Internet is a piece of high-technology whose single goal is to allow the emotionally crippled male gender to communicate pictures of their female victims and therefore increase the incidence of sexual abuse and rape. Remember that certain ideologies of the radical feminist movement have to be brought up in each story. These are: - The goal of all male-dominated technology is the oppression of womyn. All technology, even if it's not obvious how, is created to oppress womyn. - Pornography is the theory, rape is the practice. Any man who sees even a glimpse of bare flesh is instantly converted into a rapist. - Womyn never look at any porn, not even at pictures of naked men, and never produce porn for other women to consume. Every counterexample to this claim is either invented or the product of male brainwashing. Try and find a number of womyn to support your views. Interview lots of sexual abuse victims, even if there's no connection whatsoever to the Internet, because graphic abuse stories are a great way to arouse sympathy for your cause, as has been ably demonstrated in US Senate hearings. If you ever even show a man as part of your story, find some pimply, greasy-haired, low-IQ type whose most intelligent comment is a Beavis-and-Butthead-like "Huh huh huh". If you're writing for the "moral majority": This is the perfect target audience. Your viewers/readers will be conservative, right-wing, and won't understand the technological and social issues involved. Tell them anything. Since you control the media, noone will ever correct you (except perhaps a few long-haired hippies calling talkback shows, but who listens to talkback anyway?). If a 15-year-old runs away from home, they've been kidnapped by an internet pedophile ring. Every time you turn on your computer, snuff movies appear on the screen. A shadowy gang of spies is hiding US nuclear weapons secrets inside dirty pictures and sending them to the middle east. There are more pedophiles on the net in the US than the population of some countries. The middle east has an appalling pedophiles-on-the-net problem, even though there is no Internet in the middle east. All these stories, and more, have already been run by your colleagues in and outside the country, or have been reported by politicians. If people will swallow this, they'll swallow anything. Although you have a pretty much blank slate on which to vent your creativity, extensive research has shown that you get the best results if you make your message more or less: The Internet is a piece of high-technology whose single goal is to allow every imaginable form of depravity and filth into every home in New Zealand. WARNINGS As with any story, there are a few traps you have to be careful to avoid. - - Never let the reader know what else is available on the net. You make your living from the fact that you feed information to people. If these people find out that they can get the same information faster, easier, and much more cheaply, off the net, you'll lose your monopoly, and, sooner or later, your job. By manipulating your reader's emotions (shock, disbelief, loathing), you can make sure that few people will ever see the full richness of the information available on the net, and ensure that they keep coming to you for information. - - Never mention the fact that virtually everybody who is anybody is on the net. If people find out that things like Time Magazine, MTV, the New York Stock Exchange, and Winona Ryder are all directly accessible via the net, their image of the internet will be shattered. - - Never mention the fact that there are no commercials and no censorship on the net. Your sponsors are hard at work turning peoples TV watching and newspaper reading into an almost coninuous stream of commercials. If people found out that they can sit on the internet for 15 hours at a time without seeing a single ad for womens sanitary products, your TV station (and therefore your job) is in trouble. IRRELEVANT TOPICS There are certain topics you should never touch on in your reporting. These are: - - Technology. Noone cares about this. Your audience doesn't want to know about the technology, otherwise they'd have to actually think about the issues involved. And anyway, when did you become an engineer or sociologist? The best reports on the internet are filed by reporters who refuse to even use a computer and have no idea what the internet is, since they're the ones least likely to be hampered by any facts. - - Education. Never mention the fact that studies have shown that children who use the internet spend less time in front of the TV, do better at school, have better writing skills, and are much more likely to get a job in the future. Scare them away from the internet. We've got a welfare state, they'll be looked after in some way. Besides, you'll be able to do more stories on future street kids that way. - - Useful applications of the internet. If you find out that the President of the United States is on the internet, don't even think about suggesting the Prime Minister does the same. Politics and computers just don't mix, as has been shown repeatedly by one ex-National Party politician. Even if the President talks to his staff via email, and they all run around with laptops, that's just an American fad. New Zealanders don't need that sort of thing. - - Other media. Always call it "the Internet", whether what you're reporting on occurred on the internet, a private network, a standalone computer, or in your imagination. If necessary, edit the pictures you show to support your story. When people hear a computer horror story, they expect it to be about the internet, not based on something you saw last night on X-Files. FOR YOUR SAFETY As a reporter, you've become accustomed to having your say while everyone else listens. On the internet, this is very different. When one of your masterpieces of creative reporting is published or broadcast, a potential audience of thirty million people will pick it to pieces. With a single story, you can alienate fifty, a hundred thousand members of your audience in one stroke. Never use the internet yourself, or publish any form of email address. You're not paid to handle feedback, only to write stories. Heavens, if you listened to people correcting your story, you might actually have to report the truth! Therefore, write whatever you want, but never give your readers a chance to reply. By the time NZ Post has finally delivered their mail to you, you'll already be halfway through your next report on baby-eating pedophiles on the net, and can safely ignore any feedback from the previous one. A LAST PLEA TO JOURNALISTS Horror stories about the internet have already helped hundreds of your colleagues through dry spells in the flow of news. Make sure you preserve this valuable resource for future generations of journalists. Don't report more than you need to. A short, zero-content missive in which you mention the word "pedophiles" in every second sentence is fine, as has been ably demonstrated by Trevor Rogers. The internet is a wonderful source of stories for any journalist or reporter who has a deadline in a few hours and nothing else they can report on. You can report virtually anything without needing to do any research or acquire any background information. Therefore the *real* purpose of the internet can finally be revealed: The Internet is a piece of high-technology whose single goal is to allow reporters, at the expense of the truth, to grab the headlines for a day or two with an absolutely minimal investment in time and effort. We hope to have made your job as a reporter easier through this simple guide. Good luck, and remember, as long as you use the magic words "pedophile", "porn", and "protecting the children" as often as possible, you can get away with anything. -------- Written 15/6/95 Peter Gutmann, from an original by Scot Stevenson. ------- End of Forwarded Message From jya at pipeline.com Tue Aug 8 11:53:52 1995 From: jya at pipeline.com (John Young) Date: Tue, 8 Aug 95 11:53:52 PDT Subject: PTM_kin Message-ID: <199508081853.OAA17131@pipe1.nyc.pipeline.com> 8-8-95. NYPaper: "War of the Worlds: Cyberspace and the High-Tech Assault on Reality." [Book review] Ominous signs already exist, says the scholar Mark Slouka that virtual reality has begun to replace real life -- or "R.L.," as it is dismissively referred to by computer freaks. Even those poor benighted folks who have yet to enter the computer age appear to have started down "the road to unreality," says Mr. Slouka: PONA's (or "persons of no account," as they're known on line) can be found in front of their television sets, watching fictionalized accounts of real-life events, or at ballgames, listening to radio broadcasts of the very game being played before their eyes. As Mr. Slouka puts it, more and more of us "accept the copy as the original," a development that is sure to accelerate in coming years with lasting social, cultural and political effects. Mr. Slouka foresees a sinister new world in which telecommunications replaces physial contact and meaningless abstractions replace a sense of community and place: a solipsistic world turned in on itself and easily subject to manipulation by politicians. PTM_kin [Mark Slouka, John Perry Barlow, Kevin Kelly and Sven Birkerts beavis-butt and wayne-garth about cyber-duh in the August Harper's.] From vznuri at netcom.com Tue Aug 8 12:24:32 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 8 Aug 95 12:24:32 PDT Subject: *hot* Foster news Message-ID: <199508081922.MAA20209@netcom5.netcom.com> various "conspiracy theories" have been circulating connecting Foster to the NSA, although there doesn't seem to be any substantial, verifiable connections-- UNTIL NOW. below the amazing british reporter Evans-Pritchard, who has broken much of the Foster information, states that Deborah Gorham, Foster's executive assistant, gave testimony that he was handling NSA documents near the time of death!!! (Evans-Pritchard was quoted a few weeks ago of being "skeptical" of the more extreme Foster-NSA theories, although he has pointed out the many inconsistencies associated with the Foster "suicide"...) this Foster thing continues to gain steam.. apparently Newt Gingrich has hired an independent investigator... frankly, I think we are seeing the beginning of the end of the Clinton administration... or perhaps even the Presidency as we know it... BTW, a hot Foster URL with all the extreme theories/releases is http://www.cris.com/~dwheeler/n/whitewater/whitewater-index.html the most amazing stuff on this page claims some publishers were attempted to be *bribed* in not releasing Foster info/stories.. ------- Forwarded Message Date: Mon, 07 Aug 95 03:04:34 0600 Subject: Ambrose throws scat in the oscillator http://www.telegraph.co.uk/et/access?ac=111146825878&pg=//95/8/7/wambro0 7.html Secret service link in death of Clinton aide By Ambrose Evans-Pritchard in Washington VINCE Foster was handling top-secret intelligence files at the White House before his violent death in July 1993, according to sworn testimony given to the Senate Banking Committee. Deborah Gorham, Foster's executive assistant, gave a dramatic new twist to the widening Whitewater investigation into the financial affairs of Hillary and Bill Clinton. Gorham told Senate lawyers that Foster, Deputy White House Counsel and an intimate friend of the Clintons, stored documents from the National Security Agency in a safe next door in the office of his boss. The Telegraph has obtained a full copy of Gorham's deposition, which was taken behind closed doors on June 26 and never been released to the press. She testified that Foster handed her the files for safe storage in March or April of 1993. Asked what the documents looked like, she replied: "There were two one-inch ring binders that were from the National Security Agency." She referred to the NSA files with precision three times in her testimony. The Senate investigators, however, did not seem interested in this surprising disclosure and moved on quickly to other matters. When Gorham appeared as a witness in televised hearings last Tuesday, the subject never came up. The National Security Agency is a legendary arm of US intelligence. It is controlled by the Defence Department and has a far larger budget than the CIA. Its chief function is to collect intelligence from satellites and by eavesdropping on telephones and computer traffic all over the world. Foster's job as Deputy White House Counsel was to handle legal matters concerning the institution of the presidency. While his office might handle classified documents from the FBI or other law enforcement agencies from time to time, it would be highly unusual for him to get mixed up in the foreign espionage activities of the ultra-secret NSA. Gorman said that these two files were the only ones Foster ever handed to her for storage in the safe. She also testified, however, that Foster kept a file on the Waco disaster locked in a cabinet in his office, which may belie White House claims that Foster never played a significant role in the storming of the Branch Davidian stronghold by the FBI. There is no proof that Foster ever had any dealings with the NSA There is no proof that Foster ever had any dealings with the NSA, or any other branch of US intelligence. But allegations have been flying on the Internet computer superhighway and in political newsletters on both the Left and the Right over the past few weeks claiming that he was an NSA operative during the 1980s. It is alleged that he took care of legal matters for a computer company in Arkansas that installed "bugged" software on behalf of US intelligence in commercial and central banks all over the world. At the time, Foster was head of litigation at the Rose Law Firm in Little Rock, Arkansas. It has never been established that he did, in fact, do work for this computer company. But his partner, Hillary Rodham Clinton, was the attorney of record on two known occasions, once in 1978 and then again in April 1986 (during the term of Bill Clinton's Governorship) when a federal court clerk inadvertently revealed her role in a case by releasing details of a sealed law suit. The staff of the Independent Counsel investigating Whitewater has been asking some questions about this subterranean software nexus after receiving a letter from Elliot Richardson, the former US Attorney-General. Richardson, who has followed the affair closely, has suggested that it might be linked in some way to the death of Foster. Jim Leach, the Chairman of the House Banking Committee, has also been looking into the computer mysteries in preparation for his own congressional hearings into Whitewater, this week. In a parallel development, The Telegraph has learned that the House Judiciary Committee is beginning to prepare for possible hearings into gun-running and drug-smuggling in Arkansas. Terry Reed, a former Air Force intelligence operative, has been asked if he is willing to testify about his experiences in a covert operation based at the Mena airport in the mid-1980s. I want to know whether they're for real this time, or whether it's just another of their political pillow fights" After watching the charade of Republican hearings into Waco and Whitewater over the past three weeks, Reed has mixed feelings about this prospect. "I want to know whether they're for real this time, or whether it's just another of their political pillow fights," he said. He is the plaintiff in a civil-rights suit that is cracking open the great Arkansas scandal quite effectively through the power of legal "discovery". Last month, he took sworn testimony from a secretary at the Criminal Intelligence Division of the Arkansas State Police who said that she helped shred sensitive documents revealing the involvement of Bill Clinton's Arkansas in the Contra support operation run by Lt Col Oliver North. In another deposition, L. D. Brown, the Arkansas State Trooper, has now repeated under oath the allegations published in the August edition of the American Spectator magazine. He said he was recruited by the CIA in 1984 - with the encouragement of Governor Clinton - and flew on two missions to Central America to deliver M-16 rifles to the Nicaraguan Contras. On one of the return trips, he discovered the aircraft was carrying cocaine into Arkansas. He confronted Clinton, but was told not to worry. "That's Lasater's deal," said the Governor, referring to Dan Lasater, a business tycoon and political supporter who was later convicted on federal cocaine charges. Over dinner at the Cosmos Club in Washington last week, Trooper Brown said that his old friend Bill Clinton was complicit in a major drug-smuggling operation. That, he said, is something that cannot be forgiven. From tcmay at got.net Tue Aug 8 12:32:30 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 8 Aug 95 12:32:30 PDT Subject: Slouka's "War of the Worlds" (trashing of computers) Message-ID: At 6:53 PM 8/8/95, John Young wrote: > 8-8-95. NYPaper: > > > "War of the Worlds: Cyberspace and the High-Tech Assault on > Reality." [Book review] > > Ominous signs already exist, says the scholar Mark > Slouka that virtual reality has begun to replace real > life -- or "R.L.," as it is dismissively referred to by > computer freaks. Even those poor benighted folks who > have yet to enter the computer age appear to have > started down "the road to unreality," says Mr. Slouka: > PONA's (or "persons of no account," as they're known on [rest elided] I found this book several days ago in a local bookstore and sat down on the floor to read (most of) it. It's one of those thin, 130-page-or-so books, about the length of what many of us can write in a few days. (I'm not claiming our stuff is as publishable, just that the publishing industry seems to love being able to charge $25 for a hardback book of 30,000 words! The imminent death of conventional publishing predicted!) Yet more bashing of computers. I found nothing insightful in this book, just a personal account of the author's struggle to understand why so many of his friends are using computers so much. Bashing the cybernetic aspects of our culture is hot these days. I expect Oprah and Sally Jesse to soon be doing shows on this. Children whose mothers are Net addicts, brothers who kill their sisters for using "vi," and jilted cyberlovers who are in relationships with their shrinkwraps. --Tim May Special note: My ISP has changed its domain name from "sensemedia.net" to "got.net" (as in "got milk?"), so I have to again ask you all to bear with me and use my new e-mail address, "tcmay at got.net". ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Tue Aug 8 15:51:30 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 8 Aug 95 15:51:30 PDT Subject: Judge Ito says NSA won't help! Message-ID: While watching the coverage of the OJ circus, I just heard Judge Ito say about a tape that has been recorded over a couple of times: "I doubt that it's recoverable, except by the NSA, and I doubt they're going to help us." I saw the lawyers smile, so they caught the reference. Anybody who thinks the NSA remains obscure isn't watching enough t.v.! --Tim May Special note: My ISP has changed its domain name from "sensemedia.net" to "got.net" (as in "got milk?"), so I have to again ask you all to bear with me and use my new e-mail address, "tcmay at got.net". ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From an224850 at anon.penet.fi Tue Aug 8 17:18:40 1995 From: an224850 at anon.penet.fi (scythe) Date: Tue, 8 Aug 95 17:18:40 PDT Subject: Once Upon a Midnight Dreary Message-ID: <9508090001.AA15622@anon.penet.fi> A poem based on E.A.Poe's The Raven. Abort, Retry, Ignore? By Anonymous Once upon a midnight dreary, fingers cramped and vision bleary, System manuals piled high and wasted paper on the floor, Longing for the warmth of bed sheets, still I sat there doing spreadsheets. Having reached the bottom line I took a floppy from the drawer I then invoked the SAVE command and waited for the disk to store, Only this and nothing more. Deep into the monitor peering, long I sat there wond'ring, fearing. Doubting, while the disk kept churning, turning yet to churn some more. But the silence was unbroken, and the stillness gave no token. "Save!" I said, "You cursed mother! Save my data from before!" One thing did the phosphors answer, only this and nothing more, Just, "Abort, Retry, Ignore?" Was this some occult illusion, some maniacal intrusion? These were choices undesired, ones I'd never faced before. Carefully I weighed the choices as the disk made impish noises. The cursor flashed, insistent, waiting, baiting me to type some more. Clearly I must press a key, choosing one and nothing more, >From "Abort, Retry, Ignore?" With fingers pale and trembling, slowly toward the keyboard bending, Longing for a happy ending, hoping all would be restored, Praying for some guarantee, timidly, I pressed a key. But on the screen there still persisted words appearing as before. Ghastly grim they blinked and taunted, haunted, as my patience wore, Saying "Abort, Retry, Ignore?" I tried to catch the chips off guard, and pressed again, but twice as hard. I pleaded with the cursed machine: I begged and cried and then I swore. Now in mighty desperation, trying random combinations, Still there came the incantation, just as senseless as before. Cursor blinking, angrily winking, blinking nonsense as before. Reading, "Abort, Retry, Ignore?" There I sat, distraught, exhausted, by my own machine accosted. Getting up I turned away and paced across the office floor. And then I saw a dreadful sight: a lightning bolt cut through the night. A gasp of horror overtook me, shook me to my very core. The lightning zapped my previous data, lost and gone forevermore. Not even, "Abort, Retry, Ignore?" To this day I do not know the place to which lost data go. What demonic nether world is wrought where lost data will be stored, Beyond the reach of mortal souls, beyond the ether, into black holes? But sure as there's C, Pascal, Lotus, Ashton-Tate and more, You will be one day be left to wander, lost on some Plutonian shore, Pleading, "Abort, Retry, Ignore?" ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From jya at pipeline.com Tue Aug 8 17:23:00 1995 From: jya at pipeline.com (John Young) Date: Tue, 8 Aug 95 17:23:00 PDT Subject: QAK_qak Message-ID: <199508090022.UAA00675@pipe2.nyc.pipeline.com> 8-8-95. NYPaper (for paleo-galactic quackers): "New Survey of Sky Finds Most Quasars Are Equally Ancient: The strange objects may be an early stage of galaxy formation." The discovery of new evidence for the epoch of quasar proliferation was one of the important results of a 10-year survey of quasars conducted by astronomers using the 200-inch Hale Telescope at Palomar Observatory in southern California. The findings were reported in the July issue of The Astronomical Journal by Dr. Maarten Schmidt of the California Institute of Technology, Dr. Donald P. Schneider of Pennsylvania State University and Dr. James E. Gunn of Princeton University. Other astronomers praised the research and noted that it generally confirmed the results of a complementary survey of the southern sky by a team led by Dr. Patrick Osmer, an astronomer at Ohio State University. Those observations, reported last year, were conducted at telescopes in Australia and Chile. QAK_qak From pfarrell at netcom.com Tue Aug 8 18:05:42 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Tue, 8 Aug 95 18:05:42 PDT Subject: alt.politics.org.cia Message-ID: <75175.pfarrell@netcom.com> In message Tue, 8 Aug 95 14:25:20 EDT, Carl Ellison writes: > project for finding unmarked spook buildings in your neighborhood and > gathering a database (on the web?) of such. > It's not a CP topic, but it's related and folks might want to check out > that newsgroup. (Thanks to r$ for the inspiration.) It is definitly a stretch. But a web listing is probably the right idea. I've already got some public spook information on my subpages, I think I'll start collecting locations. I'll let someone else do the CGI map. Nearly everyone knows that CIA has major offices in Roslyn VA. And most are clued in to the Georgetown (a section of Washington DC) "garbage garage" that was a CIA front (now it is a tony mall). There are also CIA offices in Vienna VA, altho I have to admit I don't know exactly where. To find CIA offices, all you have to do is follow the blue busses. DIA is marked, about a mile from the Pentagon. But this raises a question (please, not to start a f-war) as to what is a "spook"? For example, the Secret Service has an unmarked facility on 22 or 23rd street in NW Washington. They keep the Pres' limo, etc there. Clearly from a standpoint of their clumsey raids (Pentagon City 2600, etc.) they classify as spooks. Are contractors such as Mitre, E-Systems, and TRW, who do mega-dollars of work each year considered spooks? I think some are, as they are effectively out-sourced civil servants. I guess I could simply walk into the Soviet Embassy and ask them where the US spooks are. It isn't a secret from anyone but uninformed citizens. There is at least one Federal Building in each state, holding VA, Dept of Ag, etc. Nearly all have FBI and other LEA offices. Is there an ethical question buried here? Making it easy for another nut to kill mere working stiffs by posting the locations? Disclaimer: I'm kinda split on this, I've been on this list a long time, but my dad, wife, and brother work or worked in town for the government. I hope that Tim's revolution is quite and peaceful. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From AXEL at CONTED.Lan.McGill.CA Tue Aug 8 19:26:11 1995 From: AXEL at CONTED.Lan.McGill.CA (David Levy) Date: Tue, 8 Aug 95 19:26:11 PDT Subject: www directory Message-ID: <199508090222.WAA07725@sifon.CC.McGill.CA> is there a www directory? From perry at panix.com Tue Aug 8 19:44:09 1995 From: perry at panix.com (Perry E. Metzger) Date: Tue, 8 Aug 95 19:44:09 PDT Subject: Once Upon a Midnight Dreary In-Reply-To: <9508090001.AA15622@anon.penet.fi> Message-ID: <199508090244.WAA11572@panix4.panix.com> scythe writes: > A poem based on E.A.Poe's The Raven. > Abort, Retry, Ignore? > By Anonymous I see that you didn't succeed in learning much in the third grade about reading. The letters "c y p h e r p u n k s" do not spell "rec.humor.funny". I would suggest "Hooked on Phonics" or some similar remedial reading course. .pm From liberty at gate.net Tue Aug 8 20:13:54 1995 From: liberty at gate.net (Jim Ray) Date: Tue, 8 Aug 95 20:13:54 PDT Subject: alt.politics.org.cia Message-ID: <199508090311.XAA05211@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Pat Farrell wrote: >But this raises a question (please, not to start a f-war) >as to what is a "spook"? >Are contractors such as Mitre, E-Systems, and TRW, who do mega-dollars >of work each year considered spooks? I think some are, as they are >effectively out-sourced civil servants. I think the spook-test, to be fair, needs to be based on something objective, like equipment carried or used. Guns are an easy "yes," as are certain listening devices, etc. Others can probably add to this equipment list, and some of us, considering Mena, might include drugs or large chunks of cash. I certainly would. >I guess I could simply walk into the Soviet Embassy and ask them >where the US spooks are. It isn't a secret from anyone but uninformed >citizens. Amen. CIA office locations are much less "secret" in other countries than they are in the US. Often, a taxi driver knows exactly where the CIA "safehouses" are in many Latin-American countries. >Is there an ethical question buried here? Making it easy for another nut to >kill mere working stiffs by posting the locations? Yes, but these locations are no-doubt easy for motivated nuts to find. "Military secrets are the most fleeting kind." [Spock on "Star Trek"] >Disclaimer: I'm kinda split on this, I've been on this list a long time, >but my dad, wife, and brother work or worked in town for the government. >I hope that Tim's revolution is quite and peaceful. AGREED! If it's not, it will fail. "War is the health of the state." [I forget who said that.] Contra the many raving media accounts, the vast majority in the libertarian/"anarchist" movement were and are quite opposed to the idea of vigilante-murder through bombing Federal buildings full of mere working stiffs, especially those of us who just happened to be working in a Federal Building. [I was. It wasn't any fun that day...] :-( JMR - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMCgiSW1lp8bpvW01AQHSVQQAn6fdXfLMlCA9RLNJpr9N3CqrwmdEmTXZ 95yAdIHiOwkzjg7pvTcBIuifnLV0pdDHO0f+BXHiw2BW06ED8rK+nJIZm0OmVsIL FVnaWCGEVDc9SrSYByrwy5s5nM/g30L8wRQeo7yAKg/0w5zUR4WOaQrKcnLBDaPO 4P42ckNkg8k= =3+HE - -----END PGP SIGNATURE----- Regards, Jim Ray "The people will again respect the law when the law again respects the will of the people." Jim Ray, Campaign '92 - ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 - ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMCgnTyoZzwIn1bdtAQGjOAGA25mHQfQvxsgc8TR+34tGK1BAUB4egwJR N3tNre54vJT2QkxQ/l0rMlPblYbcIbWE =Sm3E -----END PGP SIGNATURE----- From merriman at arn.net Tue Aug 8 21:24:03 1995 From: merriman at arn.net (David K. Merriman) Date: Tue, 8 Aug 95 21:24:03 PDT Subject: alt.politics.org.cia Message-ID: <199508090428.XAA06937@arnet.arn.net> >In message Tue, 8 Aug 95 14:25:20 EDT, Carl Ellison writes: >> project for finding unmarked spook buildings in your neighborhood and >> gathering a database (on the web?) of such. Well, I've got some Web space still free.... :-) Dave Merriman This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From nzook at bga.com Tue Aug 8 21:40:35 1995 From: nzook at bga.com (Nathan Zook) Date: Tue, 8 Aug 95 21:40:35 PDT Subject: Prime Number Gen's. In-Reply-To: <15295.9508081711@exe.dcs.exeter.ac.uk> Message-ID: On Tue, 8 Aug 1995 aba at atlas.ex.ac.uk wrote: > > "Rev. Ben" writes on cpunks: > > Does anyone know of where I could get source, royalty free, in the US for > > a good Prime Number Generator? > > GNU code sounds like it would fit the royalty free bill. > > Try the GNU multi-precision library: gmp-1.3.2.tar.gz from all good > GNU sources. I get my stuff from ftp://src.doc.ic.ac.uk/gnu/ if you > don't have a GNU ftp site to hand. > > There's a function > > int mpz_probab_prime_p(mpnum, SURETY) > > which returns true if the prime passes SURETY probablistic prime tests. > > I think if it passes say 25 tests, then there will be less than a > 1/2^25 chance that it is not prime. > > Also, on: > > http://dcs.ex.ac.uk/~aba/rsa-keygen.html > The proper thing to do is to then search for a number which demonstrates p is prime.... Nathan From KALLISTE at delphi.com Tue Aug 8 22:00:10 1995 From: KALLISTE at delphi.com (KALLISTE at delphi.com) Date: Tue, 8 Aug 95 22:00:10 PDT Subject: Only 1/3 of Government Computers Down So Far Message-ID: <01HTUMY1W4UA91Y3J0@delphi.com> -----BEGIN PGP SIGNED MESSAGE----- Allegations Regarding Vince Foster, the NSA, and Banking Transactions Spying, Part XV by J. Orlin Grabbe The world of money laundering is a difficult one. What are you going to do when your wire transfers to the Caribbean and other offshore centers won't go through? What are you going to do when one-third (as of August 8, 1995) of certain government computers are down with a virus? Or is it a worm? Or an octopus? Did the NSA, in its zeal to modify the PROMIS software to spy on banking and other transactions, create a massive security hole in computer systems sending wire transfers? Well, I do hear it is a nice time to go vacationing in the islands, even for day trips! Perhaps FinCEN could relocate to Havana? [Note to Julie Franklin: Over here in Reno, we're always last to get the news. Well, I'm a taxpayer. *Please* put me on your list. In the future please fax all computer disconnect info to 702-829-0852. Thanks.] Which brings us to the subject of Ed Meese. At the end of Reagan's second term as governor of California, Meese needed a new job. He worked at Rohr Industries for a while. But it didn't suit him, so *Richard Mellon Scaife* set up the San Diego Center for Criminal Justice on condition that Ed Meese be its Director, a post Meese held 1977-1980. Later, after Ed Meese became Attorney General of the U.S. and the the people-tracking PROMIS software was stolen by the U.S. Justice Department using (according to a federal bankruptcy judge) "trickery, deceit, and fraud", Ed Meese's friend Earl Brian--then owner of Financial News Network, UPI, and Hadron corporation--proceeded to market the software all over the world, as well as to U.S. intelligence and law enforcement agencies. One agency that acquired the software was FEMA, the Federal Emergency Management Agency, which proceeded to create a data base of political dissidents to be rounded up in event of a national emergency. (Like any information, once collected it found multiple uses.) This data base was called MAINCORE, and the FEMA MAINCORE system was operated out of the basement of a building in Culpeper, VA. Journalist Danny Casolaro, with the help of Alan Standorf, was able to get printouts of this totalitarian application of the PROMIS software just prior to his demise. (When a member of congress attempted to question Oliver North about the FEMA MAINCORE data base, he was rudely shouted down by the chairman of the investigative committee.) Another agency that put the software to use was the Wackenhut Corporation. It used the enhanced PROMIS to keep track of critics of the nuclear industry, an area in which *Richard Mellon Scaife* has a vested financial interest. Now Mellon bank in Pittsburgh finds itself embroiled in very serious money laundering charges. Do these facts explain why the Little-Rock connection to the theft and modification of the PROMIS software for the purpose of spying on banking transactions is a subject carefully avoided in Scaife-sponsored political advertisements? Is this why the Mena-drug-smuggling, Little-Rock-money-laundering operation allegedly stops with Bill Clinton? Is this why the connection of Vince Foster both to bank spying and nuclear espionage has been carefully downplayed? Do Scaife's investments in the "terrorism industry" have anything to do with recent media hyping of the imminent threat to the U.S. of "international" terrorism? Scaife's exposing of the sins of the Democrats has certainly served a useful purpose. But don't think the story stops with Bill Clinton. Perhaps the reason that Mr. Kenneth Starr's independent investigation into the Whitewater affair has gone so slowly is that Mr. Starr, in order to nail Bill Clinton, has to also nail a number of high-ranking Republicans? Well, Mr. Starr, let the facts fall where they may. I have confidence in you. You do want to be Attorney General someday, don't you? If you can find your way to do the right thing, you'll certainly deserve the position. Otherwise the wily hackers of the world may have to do your job for you. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMChlMWX1Kn9BepeVAQHbhgP/bSlSNnUClp4HPEDiB22JGHrqvMa5B6h8 LW0rR7eZdD2ub9CUj/HBfIrnU4mekw6MfmExxuy+mva1Z5MPsZKuE1qvxWBFHK5S TzMFsPBsZNPH2GEDIQHZp/rIQeKYDsfjOp1OLVUPD9MA4tlTOQPgQ5RVzzKi+tEF K1+Uxvy1lQ4= =5pPJ -----END PGP SIGNATURE----- From merriman at arn.net Tue Aug 8 22:45:57 1995 From: merriman at arn.net (David K. Merriman) Date: Tue, 8 Aug 95 22:45:57 PDT Subject: How To Spot a Spook page Message-ID: <199508090550.AAA07775@arnet.arn.net> As a start on a Web page, here are some things I thought of. What else? What are the initials of some of the world's intelligence groups (CIA, NSA, KGB, DGI, MI5(?), ???) 1> Antennas - more than TV/Ham/CB/Satellite (or 'unusually' shaped antennas). 2> No, or *very* few, visitors (esp. kids) 3> Visitors are seldom the same, or almost always the same. 4> Doesn't talk about job/company. 5> Activity at 'unusual' times. 6> Not very 'sociable' (keep to themselves). Or, tell me to forget it, it doesn't belong here.... :-/ Dave This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From hayden at krypton.mankato.msus.edu Tue Aug 8 23:12:29 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Tue, 8 Aug 95 23:12:29 PDT Subject: How To Spot a Spook page In-Reply-To: <199508090550.AAA07775@arnet.arn.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 9 Aug 1995, David K. Merriman wrote: > 1> Antennas - more than TV/Ham/CB/Satellite (or 'unusually' shaped antennas). > 2> No, or *very* few, visitors (esp. kids) > 3> Visitors are seldom the same, or almost always the same. > 4> Doesn't talk about job/company. > 5> Activity at 'unusual' times. > 6> Not very 'sociable' (keep to themselves). Uh, if you look at that, that is EXACTLY identical to the majority of computer geeks :-) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMCg1tTokqlyVGmCFAQEjZwP/e28pd4BOGmKy+Tpl1w1S17liHpAIqXc2 6FW5qE8qz5o362UPOMdeWSojbghxTlcIPN/pGNKgKIaULo7bxIe/y6fMwCtPAVCa HTxpOgZNqLqh77mqxNDYCJKHsaloA5VN2zQZoktLj4HcK/H9aqR/siI9fx6c1aDv u8r/q2WttuY= =DqzK -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.0 GED/J d-- s:++>: a-- C++(++++) ULU++ P+! L++ E---- W+(-) N++++ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G++++>$ e++ h r-- y++** ------END GEEK CODE BLOCK------ From anonymous-remailer at shell.portal.com Tue Aug 8 23:56:05 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Tue, 8 Aug 95 23:56:05 PDT Subject: Dir.Byway Virus (NewsClip) Message-ID: <199508090639.XAA16760@jobe.shell.portal.com> Is this legit? ---------- New Computer Virus Attacks "Everything" Burlington, Mass. Aug. 7 -- A new, hazardous computer virus is spreading, that takes control of disk operations from Microsoft MS-DOS or IBM PC-DOS based systems, the anti-virus research team at S&S Software International is reporting. The virus, dubbed "Dir.Byway," is described as a super-fast, polymorphic infector affecting desktops, notebooks, and even computer networks. Pat Bitton, S&S Software vice president of marketing, told Newsbytes the virus is a very "dangerous" one. Because it is polymorphic, it mutates with each attack, making it extremely hard to diagnose and kill. The virus operates as if it is a TSR (terminate and stay resident) program, infecting .COM and .EXE files when the home directory of an executable file is accessed, officials said. Infections are not confined to the default home directory either, but infects all executables in all directories of a search path. In addition, the access does not need to launch an application. Any kind of access triggers the virus, like looking at a simple directory listing. This ability to infect everything in its path makes Dir.Byway a "super-fast" infector, officials added. The virus creates a file called "CHKLIST . MS" (without quotes, but with spaces surrounding the period) in the root directory, and cross links all infected executable files, David Emm, customer service manager, told Newsbytes. This then replaces the normal DOS directory entries, making "CHKLIST . MS" the start-cluster for every infected file. If the user deletes the file, it reappears when any infected file is executed. Also, if the user boots from a clean DOS disk and runs "CHKDSK," the computer will report a large number of cross-linked files. If the user boots from the infected hard drive, the computer will report no errors. A listing of the root directory using the command "dir/ahs" (without quotes) will show the "CHKLIST . MS" file. Dir.Byway triggers if the current DOS date is set to the year 1996 or above, and the day of the month is equal to the month's number multiplied by two and two is added, like in 01-14-96 or 12-26-96. When triggered, the virus displays a string of text every three hours, on hours that are a multiple of three in military time -- for example, 09:00, 12:00, and 18:00. The text says: "Trabajeoms Todos Por Venezuela." S&S officials said this translates to "We are all working for Venezuela." On multimedia systems, this is accompanied by a song that resembles the country's national anthem. Emm said he is more worried about the spread of the virus for now than the triggering of it, because it is so dangerous. He told Newsbytes the virus has been detected in the United Kingdom and the United States. Bitton said the company's "Dr. Solomon's Anti-Virus Toolkit" will remove the virus from infected computers. New versions of the Toolkit for DOS, Windows, OS/2, and NetWare are slated to ship in late summer. S&S also plans Fall 1995 introductions of Toolkits for Macintosh, SCO Unix, Windows 95, and Windows NT server and workstations. From dave at esi.COM.AU Wed Aug 9 00:09:42 1995 From: dave at esi.COM.AU (Dave Horsfall) Date: Wed, 9 Aug 95 00:09:42 PDT Subject: How To Spot a Spook page In-Reply-To: <199508090550.AAA07775@arnet.arn.net> Message-ID: On Wed, 9 Aug 1995, David K. Merriman wrote: > As a start on a Web page, here are some things I thought of. What else? What > are the initials of some of the world's intelligence groups (CIA, NSA, KGB, > DGI, MI5(?), ???) In Australia: ASIO, ASIS, JIO, could be more... > 1> Antennas - more than TV/Ham/CB/Satellite (or 'unusually' shaped antennas). You should see some of the ones I've built... > 2> No, or *very* few, visitors (esp. kids) I don't encourage visitors. > 3> Visitors are seldom the same, or almost always the same. But the same ones arrive anyway. > 4> Doesn't talk about job/company. I rarely discuss my job. > 5> Activity at 'unusual' times. I work funny hours at times. > 6> Not very 'sociable' (keep to themselves). That's me. Oh dear, I've blown my cover... -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2DAA.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | D8 15 71 F9 26 C8 63 40 5E 63 5C 65 FC A0 22 99 From merriman at arn.net Wed Aug 9 01:02:01 1995 From: merriman at arn.net (David K. Merriman) Date: Wed, 9 Aug 95 01:02:01 PDT Subject: How To Spot a Spook page Message-ID: <199508090807.DAA29133@arnet.arn.net> -----BEGIN PGP SIGNED MESSAGE----- >Uh, if you look at that, that is EXACTLY identical to the majority of >computer geeks :-) > er, ah, um...... Well, then I guess we need more identifiers then, don't we? Dave -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMChKgsVrTvyYOzAZAQH8uAP+MRbza+ttgJCOqXlgtfwI1vTcYjAWzAm0 8EK5L/83iXhYhGuZIR44YqGdwGGkSeC0lqaZDaYqQFH8W/SMcPJYyOPbAzEv/5a4 uYNW8qx/YcLwUPsr/4K6Vwd+yg4Es/sT3cxzwZdbKL8sRInN6dv32Y89pIf/FURy mietqXnCwOY= =Hijl -----END PGP SIGNATURE----- This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From ab411 at detroit.freenet.org Wed Aug 9 05:37:43 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Wed, 9 Aug 95 05:37:43 PDT Subject: Dir.Byway Virus (NewsClip) Message-ID: <199508091237.IAA14167@detroit.freenet.org> > Subject: Dir.Byway Virus (NewsClip) > From: anonymous-remailer at shell.portal.com (unknown) > To: cypherpunks at toad.com ^^^^^^^^^^^^^^^^^^^^ You misspelled VIRUS-L at lehigh.edu > Burlington, Mass. Aug. 7 -- A new, hazardous computer virus is A news story, with all *that* entails. > virus, dubbed "Dir.Byway," is described as a super-fast, > polymorphic infector affecting desktops, notebooks, and even > computer networks. So it's a polymorphic fast infector that attacks EXE and COM files. So what's new? File infectors are never as successful as boot sector infectors, anyhow. > Dir.Byway triggers if the current DOS date is set to the year > 1996 or above, and the day of the month is equal to the > month's number multiplied by two and two is added, like in > 01-14-96 or 12-26-96. The first date should obviously be 01-04-96, based on the description given. Do you trust someone who can't multiply and add to correctly report on something technical, like computer viruses? -- David R. Conrad, ab411 at detroit.freenet.org, http://web.grfn.org/~conrad/ Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 No, his mind is not for rent to any god or government. From perry at panix.com Wed Aug 9 06:53:07 1995 From: perry at panix.com (Perry E. Metzger) Date: Wed, 9 Aug 95 06:53:07 PDT Subject: Only 1/3 of Government Computers Down So Far In-Reply-To: <01HTUMY1W4UA91Y3J0@delphi.com> Message-ID: <199508091351.JAA12331@panix4.panix.com> Was the message that this isn't "FosterPunks" unclear the first seventy times? KALLISTE at delphi.com writes: > Allegations Regarding Vince Foster, the NSA, and > Banking Transactions Spying, Part XV > > by J. Orlin Grabbe From rjc at clark.net Wed Aug 9 07:14:32 1995 From: rjc at clark.net (Ray Cromwell) Date: Wed, 9 Aug 95 07:14:32 PDT Subject: Prime Number Gen's. In-Reply-To: Message-ID: <199508091413.KAA00112@clark.net> Nathan Zook wrote: > > don't have a GNU ftp site to hand. > > > > There's a function > > > > int mpz_probab_prime_p(mpnum, SURETY) > > > > which returns true if the prime passes SURETY probablistic prime tests. > > > > I think if it passes say 25 tests, then there will be less than a > > 1/2^25 chance that it is not prime. > > > > Also, on: > > > > http://dcs.ex.ac.uk/~aba/rsa-keygen.html > > > > The proper thing to do is to then search for a number which demonstrates > p is prime.... And how do you do this? I'm not aware of any deterministic primality test which isn't atleast as hard as factoring. P-1 factorial is such a number which could demonstrate P is prime (compute the gcd, check if they are relatively prime). Good luck computing it. -Ray From trei Wed Aug 9 08:05:20 1995 From: trei (Peter Trei) Date: Wed, 9 Aug 95 08:05:20 PDT Subject: How To Spot a Spook page Message-ID: <9508091505.AA23842@toad.com> > As a start on a Web page, here are some things I thought of. What else? What > are the initials of some of the world's intelligence groups (CIA, NSA, KGB, > DGI, MI5(?), ???) > 1> Antennas - more than TV/Ham/CB/Satellite (or 'unusually' shaped antennas). > 2> No, or *very* few, visitors (esp. kids) > 3> Visitors are seldom the same, or almost always the same. > 4> Doesn't talk about job/company. > 5> Activity at 'unusual' times. > 6> Not very 'sociable' (keep to themselves). Isn't this a troll? It looks like the old National Inquirer 'How to tell if your neighbor is a space alien' list. Peter Trei ptrei at acm.org) (Claimer: I'm a former MITRE employee) From hfinney at shell.portal.com Wed Aug 9 08:36:35 1995 From: hfinney at shell.portal.com (Hal) Date: Wed, 9 Aug 95 08:36:35 PDT Subject: Prime Number Gen's. Message-ID: <199508091535.IAA28827@jobe.shell.portal.com> There are algorithms for producing provable primes which don't take too long. However they do not work to prove a given probable prime is actually prime, rather they generate a prime. One was described by Mihailescu Preda, , on sci.crypt on December 13, 1993. It is not clear whether this kind of algorithm is suitable for RSA (where the primes must be kept secret) since it could reduce the space of primes which are produced. Hal From KALLISTE at delphi.com Wed Aug 9 09:30:14 1995 From: KALLISTE at delphi.com (KALLISTE at delphi.com) Date: Wed, 9 Aug 95 09:30:14 PDT Subject: Only 1/3 of Government Computers Down So Far Message-ID: <01HTVAYUCH6W90PB08@delphi.com> Perry, Many people are interested in cryptology because they don't want the NSA (among others) invading their privacy. The Foster story concerns the chief NSA privacy-invasion of modern times: spying on domestic banking transactions. So it's relevant. The Grand Inquisitor role is getting a little old. So if you want to continue to play it, my response is: Fuck Off. -Orlin From turner at telecheck.com Wed Aug 9 10:27:10 1995 From: turner at telecheck.com (turner at telecheck.com) Date: Wed, 9 Aug 95 10:27:10 PDT Subject: Dir.Byway Virus (NewsClip) In-Reply-To: <199508090639.XAA16760@jobe.shell.portal.com> Message-ID: <9508091724.AA23965@TeleCheck.com> Seems like a good-press piece for a small anti-viral software company. Just one small pick to nit: anonymous-remailer at shell.portal.com said: > Bitton said the company's "Dr. Solomon's Anti-Virus Toolkit" will > remove the virus from infected computers. New versions of the Toolkit > for DOS, Windows, OS/2, and NetWare are slated to ship in late > summer. S&S also plans Fall 1995 introductions of Toolkits for > Macintosh, SCO Unix, Windows 95, and Windows NT server and > workstations. What? Toolkit? A virus toolkit? Windows NT has an abstracted and object oriented design. User mode programs no longer have access to the hardware (ie., you no longer have access to the boot sector, and cannot hook an interrupt). In short, viruses are much less likely to function under NT, yet these blood-sucking people can't wait to introduce software for it... From frissell at panix.com Wed Aug 9 11:13:42 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 9 Aug 95 11:13:42 PDT Subject: Crypto = Competitive Advantage? Message-ID: <199508091417.KAA17510@panix.com> Note to Mr. Bill - I was watching CNBC this morning while reading my mail and they had a story on the Netscape Communications IPO (ticker NSCP btw). Some analyst said when asked whether Microsoft couldn't just wipe them out that the most important part of Netscape's product was that it offered end-to-end encryption. He said that this was important for the growth of the nets and was something that people wanted. DCF "Competitive Advantage - Markets vs Politics - in a market your customers go out of their way to give you their money, in politics the 'customers' go out of their way to keep from giving you their money." From cactus at hks.net Wed Aug 9 11:17:25 1995 From: cactus at hks.net (Leslie Todd Masco) Date: Wed, 9 Aug 95 11:17:25 PDT Subject: Trouble accessing archive with Netscape Message-ID: <199508091814.OAA11696@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199506281259.AA03051 at bear-gate.bear.com>, David Mandl wrote: >> From: shamrock at netcom.com (Lucky Green) >> >> Am I the only one that has problems accessing the archives using Mac >> Netscape 1.1N? > >I had the same problem. (And Tim reports the same). Huh. Since I only use lynx and arena, I haven't seen this. But I'll take y'all's word for it. Since I'm about to toss hypermail out the window and replace it with my own code (that I'm working on anyway for a consulting gig -- one of the benefits of running the archives is having a test-bed for large archives), you can reasonably expect the problem to go away in the not-too-distant future. I'll probably ask for people to test the new HTML when it's ready. - -- Todd Masco | "Don't be too proud of this technological terror you've cactus at hks.net | constructed." - Darth Vader Cactus' Homepage - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMCj7BSoZzwIn1bdtAQEVRgF5AXaw25/1H4dfrGGuCtNhXm4wg23f9nnR q8HOzsnbVkznKal8wtzvgblofYtjekTK =ZC4N -----END PGP SIGNATURE----- From dhenson at itsnet.com Wed Aug 9 11:21:49 1995 From: dhenson at itsnet.com (Don Henson) Date: Wed, 9 Aug 95 11:21:49 PDT Subject: Over 350 'Munitions T-shirts' Shipped Message-ID: <199508091830.MAA02588@scratchy.itsnet.com> >Where are mine...I got the money to you via >Mario wojo???? at SUN... >I ordered 8 of the shirts Sorry. I show no order for anyone named Goen, no orders from anyone named Mario, and only one order from anyone at Sun. Are you sure you ordered from me or did you order from Joel? (Who I understand has been a bit slow in filling his orders.) If you want to order from me, I have included email and USnail ordering instructions at the end of this message. >BTW >I am the publisher of PGP 1.0 the only person >who will be indicted with Phil or alone for PGP >what about MY defense fund???? I'm not in the business of setting up defense funds. If you have one, I would be happy to publicize it. Send me your story. -----BEGIN PGP SIGNED MESSAGE----- MUNITIONS TSHIRT ORDER INFO (That you requested) Either cost only (UK), or 25% proceeds to Phil Zimmermann (US). We now have 2 suppliers, one in the US (WEPIN, for US & Canadians only), and one in the UK (Adam Back) for the 'free world', you know places like Europe (with the strange exception of France), Australia, New Zealand, Singapore, Japan, etc, etc. If you are a citizen of and living in the US or Canada: =========================================================================== US orders (25% of proceeds to the Phil Zimmermann legal defense fund): http://colossus.net/wepinsto/ (It's all set up for WWW forms, you can use VISA, M/C, or personal check to buy on-line, or you can order via PGP-encrypted email.) Tshirts are black 100% cotton Beefy-T with white printing. On the front of the shirt are the words 'RSA encryption in perl'. Below that is a perl script that implements the RSA algorithm for arbitrary keylengths. Below that is a machine-readable barcode of the same perl script. On the back of the shirt are the words 'WARNING This t-shirt is a munition' along with the ITAR and USC references that make it a munition that is illegal to export. You can see a mockup of the design by pointing your Web browser to the URL http://colossus.net/wepinsto/wsft_f/wspp_f/tshirt1.html. Here's the prices, but order through the web page if you can, all on-line, Tshirts only (no sweatshirts), and only in black: Large: $15.95 X-Large: $15.95 2X-Large: $17.95 3X-Large: $19.95 No tax, shipping, or handling charges. Just send a message (PGP encrypted recommended - see my key below) to dhenson at itsnet.com with your desired shipping address, the quantity of each size that you want, and total amount of the order along with payment info. (See below, after my PGP key, for what info you need to include.) MAKE YOUR CHECK OR MONEY ORDER PAYABLE TO 'ALH'. It is also a good idea to include your telephone number and email address in case there are questions about your order. (All this plus payment info can be sent via the Web page.) You can send Visa/MasterCard info and personal check info in email or via the Web page order form. If you want to pay any other way, you will have to send your order via USnail to: West El Paso Information Network (Tshirt) 6112 N. Mesa #218 El Paso, Texas 79912 Here's my PGP public key (use to encrypt your order). Don't forget to remove the '- ' at the beginning and the end of the block. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy8G5lIAAAEEAKT/Hd5q2dqyyLbvE/I+GnmuxV+u79lrCAcw8fWxzi1vVQwS bKF8DjGO+xnPdZAdryPUJoS8yitmc/pE1wFmNWeunCImu81gxhpphgbnq8/nm8/c 3q1i4/0QlofxWphxhFF3b7zQMzS7iiFZL5x7Rget5aRaWnKE855C4hMDAC3JAAUR tCZEb24gSGVuc29uLCBXRVBJTiA8ZGhlbnNvbkBpdHNuZXQuY29tPokAlQMFEC/w ROBsRrMZUt3z9QEBnWsEANW9SUj1ompT0lAiu0Ihu+SREgoqmbmM/eeDn2ddY49C ojDdfdmHKRhifLsNq/HXEvbtNhu2T2kti6kRRuU8jp0ACBkpMeB9A/yuLFTnzjkO 9/p9xOGSR3ycvOfarvVjVQo0JMAQPodL6n1OuS/AXlRe6R29sAm2gvEnLMXwG/II iQCVAwUQL+8x1r2wdU1ev5p9AQGG2AP9GS/kpmQENj3C5eAZmMGocDvR49+/y++k LGyY7Bt0SK0kFQLrInEun/4QESzWbZ4wA7uXAEsxoy+wXepWqm/gMTND/pAhzTSH ykSEM2aPxYdnrkmE/5kKsynq7R06NgY5ishLyxL5HwauYvqerKcr1vfgaO9FbQnG 3Vk7zXozmeOJAJUDBRAvVOm/Vcp0KbCAaB0BATZPA/96ingb1PGTtPHGfb5tFmfk KLcxBnDvqhHm4fVxuo+QbdHDsw2HXdXjLw053Ae7Hx/lpwf9NRfpLliiR39JCARJ 5KB94TMKhHrxAaicN7wuqrbmsnQgthNN4svC1QbSSQ08r/HJnAyeTk71RgHf7Aq0 MPFDEh7wyJhT27zq/831JLQWV0VQSU4gPHdlcGluQHNnaXIuY29tPokAlQMFEC8G 52h8y4XkPC4ZpQEBkE0EAJxxVkO4ApzO7tO2Drvbipve5bjNOEvNnpzA+5F7lnLF WddBMsP3C5V8IQ/gituSVDMfhp/D/1nD6FnJ1sP+LM2SF/wRbL6exuAG0Z74PLTf 2UGUzc8/cP3Q/imxXj77voi0Q0UVC1M5SzvlsGFr8I0W6meUJqSH0a4AYUf3WMKm iQCVAwUQLwbmwp5C4hMDAC3JAQGsZgQAhnFNMDh9TJmbv5O9Y7KXUkYhKXFX2kFZ p0Czx2t/94A0O9XQeRFBrGimrbRm095s+T+CJ/9C2J+AyV8heOUOGknq4d+1HTWa GlTo/2Zu3Lh0bml7l1ovbE28O7VjMu9lBiz+X6bgccHs5YyanNLyWIYF/xDgrCkl KMN4oOFjrSU= =xL+f - -----END PGP PUBLIC KEY BLOCK----- If you're not a US or Canadian citizen or permanent resident living in the US or Canada, use the UK shirt offer below. PAYMENT INFO YOU NEED TO INCLUDE IN YOUR EMAIL ORDER: VISA/MASTERCARD 1) Name on the card (exactly as it is printed on the card): 2) Card Type: (Visa/MC) 3) Card Number: 4) Card Expiration Date: PERSONAL CHECK If paying by Telecheck, please follow these instructions carefully and double-check all your entries for accuracy and completeness. Please note that the check must be drawn on a U.S. Bank. First, take out your checkbook and write a check (made payable to 'ALH') just as though you were going to mail it to us. Don't forget to enter the information in your check register. Use the check you have written as the source of the information we will be asking for below. The first item of information we need is the name or names printed on the check. Include all spaces, commas, periods, etc exactly as printed on the check. (For example, if there is a period after the initial, use it . . . if no period, don't put one in.) If it is a joint account, include the joint name also. Name(s) EXACTLY as it appears on your check: Check Number: Dollar Amount: $ Bank Name: Bank Address: Bank City/State/Zip: Across the bottom of every check is a series of funny-looking (MICR) numbers. These numbers include the routing codes for the bank, your account number, and the check number. There are also some non-numeric symbols. Just leave a blank space in the number where these symbols appear. Also include a blank space where there is a blank space in the number. After you have entered the numbers from left to right, it is a good idea to double-check them from right to left. (It's easier to catch mistakes this way.) MICR Numbers: (Double-Checked) Enter any comments that you would like to have appear on the check as memo: If you are NOT a citizen of and living in the US or Canada: =========================================================================== Free world: printed in the UK for shipping to anywhere http://dcs.ex.ac.uk/~aba/rsa/uk-shirt.html Cost only (estimated cost, if there is any change, it goes to the PZLDF also) If you're in the US Don's offer is going to work out cheaper. (If you're a foreign national living in the US or Canada you should order through this option as it would be illegal for Don to sell to you) My prices are (all in UKP): Prices inclusive of UK postage, and packing, see below for overseas postage T-shirts only 2 sizes available: Large (L), and Extra Large (XL), both the same price: 8 UKP Sweatshirts only 2 sizes available: Large (L), and Extra Large (XL), both the same price: 14 UKP Overseas postage: Add 0.75 UKP per shirt for Europe Add 1.50 UKP per shirt for US & Canada Add 2.00 UKP per shirt for Australia, NewZealand, South Africa or other I will accept payment in UK currency cheques or UK cashable money orders, or if you want to risk cash in the post, UK cash or US cash (you bear risk). I CAN'T take credit cards etc, as I'm just a student, and don't have facilities for this kind of thing. So you'll have to use cheques/cash as described above. (The costs are estimated because it is impossible to get a firm quote without knowing how many to order, which I can't know until I have the orders, so if works out cheaper due to higher volume than expected and there is any change left over, I will forward it to the Phil Zimmermann legal defense fund). My snail address is: Adam Back South Blagdon Farm Thorndon Cross OKEHAMPTON Devon UK EX20 4NJ Please make sure to include: - your email address in case of query - your snail mail address - details of choice of T-shirt or sweat-shirt and size (L or XL) - payment Adam Here is my PGP public key, if you feel the need to say anything financially related, or prefer secure email (you'll need to edit off the leading "- " which my PGP signing the whole mail has added, before you feed it to PGP): - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2i mQCNAiwUXUEAAAEEAJnWEHE3juLAyMnEt3hrID3t8tblJvJPfoPz4Plg+2a5y4HA TonXBomkhm8hrRu1umruUUaeW1mxIbpvP413a2JyU7pdyfyoFVpWW5iT9pXYOgSW 65d+5GWe4g4PLrSbJZPBFIezd8xddnx5+5hbRk1K6UpfReQuOynIuJ1VakpnAAUT tBxBZGFtIEJhY2sgPGFiYUBkY3MuZXguYWMudWs+iQCVAwUQL9gNKSnIuJ1Vakpn AQHH6AP/T7dwXid03U7UM2/QzU+y6F4kHrGBuvJcyJewWbEb16ItkMngjzXP47kx gZygR4MWXsyQlvE2inSYzRJ3L+6ftaPvX8JsvVCll7JIejfmNGZYSWw9E/vPi/ls aa+pN3WqPxnzpwr8PL6b8w1fZZ47antgdZlOXgGO+hRbWV7zPcc= =KGUk - -----END PGP PUBLIC KEY BLOCK----- - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMBebrp5C4hMDAC3JAQHXgwP/RSnLZgJiDMEa13b4Ccq0/iwaep2WXzRt ev5zoZG8oItXYp+Rtm1WeIoOucxLR3k5y0qQKnIEYYhBixnWMU8Xo/ySLvjN8x6t UU+Jbx802vPIRfXB99nuXdzvEsXAjB0ceyzg0iRYaOG3BI4AjFdGnsO6LwU1W1d1 6ctLmgR759k= =PZUo - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMBecOZ5C4hMDAC3JAQHQgAP9GPs/v5JV6aEAQvKTi+YcO6/5IeOMzu/y wF17l4CBSCj3tB4XRA4cOCyZgrPXnaIvGzJztKzxcRPxhFkZM4sjvOQA13uGTH/w YG1yN04FMZ7SsjErOHAvpm3W/S1RwLxOHVfucIoXcnFi2sRUZndfV/Kb3s0a8Ztk BhlrLCZG164= =/gvS -----END PGP SIGNATURE----- Don Henson, Managing Director (PGP Key ID = 0X03002DC9) West El Paso Information Network (WEPIN) Check out The WEPIN Store at URL: http://colossus.net/wepinsto/wshome.html From anon-remailer at utopia.hacktic.nl Wed Aug 9 11:55:31 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Wed, 9 Aug 95 11:55:31 PDT Subject: this looked like it might be interesting Message-ID: <199508091852.UAA23821@utopia.hacktic.nl> it was on a floppy i got in the mail last week: /* TOP SECRET */ /* See label file for codeword restrictions */ /*****************************************************************/ /* TOP SECRET */ /* See label file for codeword restrictions */ /* */ /* S-1 CIPHER ALGORITHM software chip simulator */ /* */ /* NOT INTENDED FOR EXTERNAL, PRODUCTION, OR CONTRACTOR USE OR */ /* DISCLOSURE. */ /* NOT CERTIFIED OR APPROVED FOR USE AS REFERENCE. */ /* FOR SECONDARY ANALYTIC USE ONLY. */ /* */ /* Basic chip functions. Block encryption methods are not */ /* implemented. */ /* */ /* SOFTWARE HISTORY: */ /* 1 FEBRUARY 1989 --- Submitted to source control. */ /* 31 JULY 1991 --- Moved UFV support into basic functions. */ /* */ /* TOP SECRET */ /* See label file for codeword restrictions */ /*****************************************************************/ /* local declarations are for ANSI C */ #include #include /* S-1 F table - these differ in the S-2 version */ static u_char F[4][256]; /* S-1 F selection (G) table */ static u_char G[2][256]; /* exported interface */ int S1_self_check(void); int S1_zeroize(void); int S1_load_key(int, u_char *); int S1_encrypt_block(int, u_char *); int S1_decrypt_block(int, u_char *); int S1_create_key(u_char *, u_char *); /* local functions */ static void f_initialize(void); static void rotatekey(int, u_char *); static u_char f(int,int); static u_char g(int,int); /* CHIP PARAMETERS */ #define KEYGEN_CHIP 1 /* delete this to simulate operational chipsets */ #define KEY_REGISTERS 4 #define INTEGRITY KEY_REGISTERS /* user family vectors (UFV) */ static u_char clear_family[8] = {129,3,5,7,2,4,6,131}; static u_char cipher_family[8] = {1,254,253,252,128,129,130,8}; static u_char key_integrity_key[10] = {0,0,0,0,0,0,0,0,0,0}; static u_char key[KEY_REGISTERS+1][10]; static u_char fullkey[KEY_REGISTERS+1][32][6]; /* SOFTWARE ONLY */ static int initialized=0; /* EXPORTED SIMULATED CHIP INTERFACE */ /* SEE NOTES FOR INTERFACE DESCRIPTIONS */ int S1_self_check() { f_initialize(); rotatekey(INTEGRITY,key_integrity_key); initialized=1; return 0; } int S1_zeroize() { int i, j, k; i=0; while (i= KEY_REGISTERS)) return 9; memcpy(key_buffer,key_vector,12); S1_decrypt_block(INTEGRITY,key_buffer); S1_decrypt_block(INTEGRITY,key_buffer+4); if ((key_buffer[10] != 0) || (key_buffer[11] != 0)) return 2; rotatekey(key_register,key_buffer); memcpy(key[key_register],key_buffer,10); return 0; } int S1_encrypt_block(int key_register, u_char *block) { int r, startf, i; if (initialized == 0) return 1; i=0; while (i<8) { block[i] = block[i] ^ clear_family[i]; i=i+1; } i=0; while (i<32) { r=i*2; startf = g(0,fullkey[key_register][r][0] ^ block[(r+4) % 8]) + g(1,fullkey[key_register][r][1] ^ block[(r+5) % 8])*2; block[(r+6) % 8] = block[(r+6) % 8] ^ f(((startf+0) % 4), fullkey[key_register][r][2] ^ block[(r+2) % 8]); block[(r+6) % 8] = block[(r+6) % 8] ^ (f(((startf+1) % 4), fullkey[key_register][r][3] ^ block[(r+3) % 8]) << 4); block[(r+7) % 8] = block[(r+7) % 8] ^ f(((startf+2) % 4), fullkey[key_register][r][4] ^ block[(r+0) % 8]); block[(r+7) % 8] = block[(r+7) % 8] ^ (f(((startf+3) % 4), fullkey[key_register][r][5] ^ block[(r+1) % 8]) << 4); i = i+1; } i=0; while (i<8) { block[i] = block[i] ^ cipher_family[i]; i=i+1; } return 0; } int S1_decrypt_block(int key_register, u_char *block) { int r, startf, i; if (initialized == 0) return 1; i=0; while (i<8) { block[i] = block[i] ^ cipher_family[i]; i=i+1; } i=32; while (i>0) { i = i-1; r=i*2; startf = g(0,fullkey[key_register][r][0] ^ block[(r+4) % 8]) + g(1,fullkey[key_register][r][1] ^ block[(r+5) % 8])*2; block[(r+6) % 8] = block[(r+6) % 8] ^ f(((startf+0) % 4), fullkey[key_register][r][2] ^ block[(r+2) % 8]); block[(r+6) % 8] = block[(r+6) % 8] ^ (f(((startf+1) % 4), fullkey[key_register][r][3] ^ block[(r+3) % 8]) << 4); block[(r+7) % 8] = block[(r+7) % 8] ^ f(((startf+2) % 4), fullkey[key_register][r][4] ^ block[(r+0) % 8]); block[(r+7) % 8] = block[(r+7) % 8] ^ (f(((startf+3) % 4), fullkey[key_register][r][5] ^ block[(r+1) % 8]) << 4); } i=0; while (i<8) { block[i] = block[i] ^ clear_family[i]; i=i+1; } return 0; } #ifdef KEYGEN_CHIP /* WARNING: this feature is not implemented on all chip sets */ int S1_create_key(u_char *key_value, u_char *key_vector) { if (initialized == 0) return 1; memcpy(key_vector,key_value,10); key_vector[10] = 0; key_vector[11] = 0; S1_encrypt_block(INTEGRITY,key_vector+4); S1_encrypt_block(INTEGRITY,key_vector); return 0; } #else int S1_create_key(u_char *key_value, u_char *key_vector) { return 7; } #endif /* SUPPORT FUNCTIONS */ static void rotatekey(int key_register, u_char *key_value) { int i, j; int jshift[6] = {5, 8, 3, 1, 4, 0}; key_register = key_register % KEY_REGISTERS; i=0; while (i<32) { j=0; while (j<6) { fullkey[key_register][i][j] = f(0,(key_value[(i*6+j+jshift[j]) % 10])) ^ f(1,(key_value[(i*6+j+jshift[(j+1)%6]) % 10])) ^ (f(2,(key_value[(i*6+j+jshift[(j+2)%6]) % 10]))<<4) ^ (f(3,(key_value[(i*6+j+jshift[(j+3)%6]) % 10]))<<4); j=j+1; } i=i+1; } } static void f_initialize() { /* NON-LINEAR (F0, F1, F2, F3) */ F[0][0] = 07; F[0][1] = 02; F[0][2] = 011; F[0][3] = 014; F[0][4] = 010; F[0][5] = 016; F[0][6] = 01; F[0][7] = 06; F[0][8] = 015; F[0][9] = 02; F[0][10] = 00; F[0][11] = 04; F[0][12] = 017; F[0][13] = 07; F[0][14] = 03; F[0][15] = 017; F[0][16] = 010; F[0][17] = 017; F[0][18] = 012; F[0][19] = 05; F[0][20] = 013; F[0][21] = 00; F[0][22] = 017; F[0][23] = 02; F[0][24] = 05; F[0][25] = 015; F[0][26] = 017; F[0][27] = 017; F[0][28] = 011; F[0][29] = 011; F[0][30] = 06; F[0][31] = 014; F[0][32] = 07; F[0][33] = 017; F[0][34] = 012; F[0][35] = 016; F[0][36] = 012; F[0][37] = 06; F[0][38] = 04; F[0][39] = 04; F[0][40] = 014; F[0][41] = 04; F[0][42] = 017; F[0][43] = 013; F[0][44] = 03; F[0][45] = 014; F[0][46] = 014; F[0][47] = 06; F[0][48] = 06; F[0][49] = 00; F[0][50] = 02; F[0][51] = 010; F[0][52] = 012; F[0][53] = 012; F[0][54] = 03; F[0][55] = 015; F[0][56] = 013; F[0][57] = 014; F[0][58] = 017; F[0][59] = 05; F[0][60] = 05; F[0][61] = 00; F[0][62] = 07; F[0][63] = 014; F[0][64] = 016; F[0][65] = 011; F[0][66] = 03; F[0][67] = 011; F[0][68] = 010; F[0][69] = 014; F[0][70] = 012; F[0][71] = 014; F[0][72] = 017; F[0][73] = 05; F[0][74] = 07; F[0][75] = 05; F[0][76] = 07; F[0][77] = 016; F[0][78] = 03; F[0][79] = 02; F[0][80] = 011; F[0][81] = 014; F[0][82] = 04; F[0][83] = 00; F[0][84] = 010; F[0][85] = 016; F[0][86] = 02; F[0][87] = 03; F[0][88] = 02; F[0][89] = 016; F[0][90] = 013; F[0][91] = 04; F[0][92] = 010; F[0][93] = 01; F[0][94] = 06; F[0][95] = 013; F[0][96] = 016; F[0][97] = 010; F[0][98] = 017; F[0][99] = 014; F[0][100] = 00; F[0][101] = 02; F[0][102] = 00; F[0][103] = 01; F[0][104] = 01; F[0][105] = 013; F[0][106] = 016; F[0][107] = 00; F[0][108] = 02; F[0][109] = 013; F[0][110] = 017; F[0][111] = 013; F[0][112] = 016; F[0][113] = 016; F[0][114] = 02; F[0][115] = 05; F[0][116] = 02; F[0][117] = 00; F[0][118] = 016; F[0][119] = 01; F[0][120] = 010; F[0][121] = 013; F[0][122] = 011; F[0][123] = 06; F[0][124] = 01; F[0][125] = 05; F[0][126] = 07; F[0][127] = 07; F[0][128] = 016; F[0][129] = 014; F[0][130] = 012; F[0][131] = 011; F[0][132] = 011; F[0][133] = 016; F[0][134] = 07; F[0][135] = 014; F[0][136] = 011; F[0][137] = 015; F[0][138] = 012; F[0][139] = 00; F[0][140] = 010; F[0][141] = 00; F[0][142] = 07; F[0][143] = 012; F[0][144] = 015; F[0][145] = 013; F[0][146] = 00; F[0][147] = 012; F[0][148] = 04; F[0][149] = 017; F[0][150] = 05; F[0][151] = 00; F[0][152] = 015; F[0][153] = 02; F[0][154] = 016; F[0][155] = 03; F[0][156] = 03; F[0][157] = 013; F[0][158] = 06; F[0][159] = 011; F[0][160] = 014; F[0][161] = 03; F[0][162] = 017; F[0][163] = 014; F[0][164] = 00; F[0][165] = 013; F[0][166] = 06; F[0][167] = 017; F[0][168] = 010; F[0][169] = 015; F[0][170] = 01; F[0][171] = 012; F[0][172] = 05; F[0][173] = 010; F[0][174] = 06; F[0][175] = 07; F[0][176] = 06; F[0][177] = 03; F[0][178] = 017; F[0][179] = 06; F[0][180] = 015; F[0][181] = 015; F[0][182] = 01; F[0][183] = 013; F[0][184] = 04; F[0][185] = 012; F[0][186] = 03; F[0][187] = 00; F[0][188] = 06; F[0][189] = 011; F[0][190] = 011; F[0][191] = 015; F[0][192] = 012; F[0][193] = 017; F[0][194] = 016; F[0][195] = 01; F[0][196] = 015; F[0][197] = 016; F[0][198] = 017; F[0][199] = 04; F[0][200] = 015; F[0][201] = 06; F[0][202] = 07; F[0][203] = 04; F[0][204] = 00; F[0][205] = 017; F[0][206] = 016; F[0][207] = 017; F[0][208] = 010; F[0][209] = 02; F[0][210] = 04; F[0][211] = 012; F[0][212] = 01; F[0][213] = 02; F[0][214] = 011; F[0][215] = 07; F[0][216] = 010; F[0][217] = 010; F[0][218] = 02; F[0][219] = 02; F[0][220] = 07; F[0][221] = 010; F[0][222] = 010; F[0][223] = 013; F[0][224] = 03; F[0][225] = 016; F[0][226] = 017; F[0][227] = 011; F[0][228] = 06; F[0][229] = 011; F[0][230] = 00; F[0][231] = 017; F[0][232] = 014; F[0][233] = 06; F[0][234] = 04; F[0][235] = 02; F[0][236] = 03; F[0][237] = 00; F[0][238] = 011; F[0][239] = 013; F[0][240] = 014; F[0][241] = 05; F[0][242] = 03; F[0][243] = 016; F[0][244] = 013; F[0][245] = 017; F[0][246] = 04; F[0][247] = 05; F[0][248] = 017; F[0][249] = 011; F[0][250] = 03; F[0][251] = 06; F[0][252] = 010; F[0][253] = 013; F[0][254] = 014; F[0][255] = 06; F[1][0] = 017; F[1][1] = 06; F[1][2] = 016; F[1][3] = 015; F[1][4] = 012; F[1][5] = 07; F[1][6] = 07; F[1][7] = 03; F[1][8] = 03; F[1][9] = 01; F[1][10] = 017; F[1][11] = 00; F[1][12] = 013; F[1][13] = 07; F[1][14] = 02; F[1][15] = 010; F[1][16] = 01; F[1][17] = 014; F[1][18] = 012; F[1][19] = 01; F[1][20] = 07; F[1][21] = 03; F[1][22] = 01; F[1][23] = 016; F[1][24] = 014; F[1][25] = 011; F[1][26] = 00; F[1][27] = 01; F[1][28] = 06; F[1][29] = 02; F[1][30] = 011; F[1][31] = 013; F[1][32] = 014; F[1][33] = 011; F[1][34] = 07; F[1][35] = 012; F[1][36] = 03; F[1][37] = 03; F[1][38] = 010; F[1][39] = 00; F[1][40] = 00; F[1][41] = 012; F[1][42] = 04; F[1][43] = 00; F[1][44] = 02; F[1][45] = 017; F[1][46] = 015; F[1][47] = 013; F[1][48] = 02; F[1][49] = 017; F[1][50] = 05; F[1][51] = 04; F[1][52] = 03; F[1][53] = 013; F[1][54] = 017; F[1][55] = 03; F[1][56] = 011; F[1][57] = 012; F[1][58] = 01; F[1][59] = 011; F[1][60] = 07; F[1][61] = 011; F[1][62] = 011; F[1][63] = 010; F[1][64] = 01; F[1][65] = 05; F[1][66] = 02; F[1][67] = 03; F[1][68] = 010; F[1][69] = 017; F[1][70] = 07; F[1][71] = 012; F[1][72] = 015; F[1][73] = 011; F[1][74] = 010; F[1][75] = 017; F[1][76] = 03; F[1][77] = 016; F[1][78] = 03; F[1][79] = 015; F[1][80] = 011; F[1][81] = 013; F[1][82] = 05; F[1][83] = 07; F[1][84] = 017; F[1][85] = 012; F[1][86] = 012; F[1][87] = 07; F[1][88] = 017; F[1][89] = 05; F[1][90] = 07; F[1][91] = 00; F[1][92] = 04; F[1][93] = 04; F[1][94] = 04; F[1][95] = 06; F[1][96] = 011; F[1][97] = 04; F[1][98] = 07; F[1][99] = 010; F[1][100] = 010; F[1][101] = 015; F[1][102] = 017; F[1][103] = 00; F[1][104] = 012; F[1][105] = 02; F[1][106] = 01; F[1][107] = 016; F[1][108] = 00; F[1][109] = 05; F[1][110] = 03; F[1][111] = 011; F[1][112] = 05; F[1][113] = 014; F[1][114] = 011; F[1][115] = 00; F[1][116] = 011; F[1][117] = 00; F[1][118] = 013; F[1][119] = 010; F[1][120] = 016; F[1][121] = 014; F[1][122] = 04; F[1][123] = 03; F[1][124] = 015; F[1][125] = 016; F[1][126] = 02; F[1][127] = 03; F[1][128] = 012; F[1][129] = 06; F[1][130] = 017; F[1][131] = 00; F[1][132] = 011; F[1][133] = 011; F[1][134] = 02; F[1][135] = 017; F[1][136] = 013; F[1][137] = 04; F[1][138] = 07; F[1][139] = 02; F[1][140] = 02; F[1][141] = 014; F[1][142] = 04; F[1][143] = 07; F[1][144] = 014; F[1][145] = 01; F[1][146] = 00; F[1][147] = 03; F[1][148] = 01; F[1][149] = 010; F[1][150] = 01; F[1][151] = 07; F[1][152] = 012; F[1][153] = 00; F[1][154] = 015; F[1][155] = 04; F[1][156] = 00; F[1][157] = 017; F[1][158] = 04; F[1][159] = 00; F[1][160] = 017; F[1][161] = 014; F[1][162] = 04; F[1][163] = 07; F[1][164] = 013; F[1][165] = 011; F[1][166] = 012; F[1][167] = 017; F[1][168] = 017; F[1][169] = 03; F[1][170] = 07; F[1][171] = 00; F[1][172] = 04; F[1][173] = 07; F[1][174] = 07; F[1][175] = 03; F[1][176] = 05; F[1][177] = 06; F[1][178] = 017; F[1][179] = 03; F[1][180] = 017; F[1][181] = 02; F[1][182] = 04; F[1][183] = 017; F[1][184] = 00; F[1][185] = 014; F[1][186] = 017; F[1][187] = 04; F[1][188] = 05; F[1][189] = 016; F[1][190] = 015; F[1][191] = 04; F[1][192] = 012; F[1][193] = 013; F[1][194] = 00; F[1][195] = 04; F[1][196] = 017; F[1][197] = 07; F[1][198] = 013; F[1][199] = 04; F[1][200] = 010; F[1][201] = 05; F[1][202] = 07; F[1][203] = 04; F[1][204] = 013; F[1][205] = 05; F[1][206] = 016; F[1][207] = 010; F[1][208] = 015; F[1][209] = 00; F[1][210] = 04; F[1][211] = 04; F[1][212] = 017; F[1][213] = 010; F[1][214] = 05; F[1][215] = 015; F[1][216] = 011; F[1][217] = 01; F[1][218] = 012; F[1][219] = 013; F[1][220] = 015; F[1][221] = 03; F[1][222] = 010; F[1][223] = 05; F[1][224] = 07; F[1][225] = 06; F[1][226] = 00; F[1][227] = 02; F[1][228] = 011; F[1][229] = 06; F[1][230] = 00; F[1][231] = 017; F[1][232] = 01; F[1][233] = 010; F[1][234] = 03; F[1][235] = 06; F[1][236] = 05; F[1][237] = 010; F[1][238] = 010; F[1][239] = 012; F[1][240] = 014; F[1][241] = 02; F[1][242] = 02; F[1][243] = 02; F[1][244] = 010; F[1][245] = 04; F[1][246] = 013; F[1][247] = 07; F[1][248] = 016; F[1][249] = 015; F[1][250] = 05; F[1][251] = 017; F[1][252] = 05; F[1][253] = 03; F[1][254] = 010; F[1][255] = 010; F[2][0] = 013; F[2][1] = 011; F[2][2] = 017; F[2][3] = 07; F[2][4] = 01; F[2][5] = 012; F[2][6] = 00; F[2][7] = 011; F[2][8] = 06; F[2][9] = 010; F[2][10] = 012; F[2][11] = 014; F[2][12] = 00; F[2][13] = 012; F[2][14] = 01; F[2][15] = 012; F[2][16] = 011; F[2][17] = 014; F[2][18] = 05; F[2][19] = 05; F[2][20] = 07; F[2][21] = 04; F[2][22] = 013; F[2][23] = 015; F[2][24] = 04; F[2][25] = 00; F[2][26] = 01; F[2][27] = 010; F[2][28] = 017; F[2][29] = 02; F[2][30] = 015; F[2][31] = 012; F[2][32] = 06; F[2][33] = 00; F[2][34] = 07; F[2][35] = 017; F[2][36] = 014; F[2][37] = 013; F[2][38] = 011; F[2][39] = 03; F[2][40] = 07; F[2][41] = 013; F[2][42] = 06; F[2][43] = 05; F[2][44] = 011; F[2][45] = 010; F[2][46] = 00; F[2][47] = 02; F[2][48] = 07; F[2][49] = 011; F[2][50] = 016; F[2][51] = 01; F[2][52] = 012; F[2][53] = 014; F[2][54] = 012; F[2][55] = 06; F[2][56] = 011; F[2][57] = 016; F[2][58] = 015; F[2][59] = 06; F[2][60] = 07; F[2][61] = 05; F[2][62] = 014; F[2][63] = 07; F[2][64] = 01; F[2][65] = 06; F[2][66] = 012; F[2][67] = 06; F[2][68] = 05; F[2][69] = 04; F[2][70] = 03; F[2][71] = 011; F[2][72] = 04; F[2][73] = 014; F[2][74] = 013; F[2][75] = 00; F[2][76] = 010; F[2][77] = 016; F[2][78] = 03; F[2][79] = 06; F[2][80] = 00; F[2][81] = 017; F[2][82] = 02; F[2][83] = 010; F[2][84] = 010; F[2][85] = 012; F[2][86] = 012; F[2][87] = 017; F[2][88] = 07; F[2][89] = 03; F[2][90] = 012; F[2][91] = 012; F[2][92] = 013; F[2][93] = 014; F[2][94] = 013; F[2][95] = 03; F[2][96] = 011; F[2][97] = 012; F[2][98] = 06; F[2][99] = 02; F[2][100] = 02; F[2][101] = 02; F[2][102] = 011; F[2][103] = 04; F[2][104] = 06; F[2][105] = 010; F[2][106] = 05; F[2][107] = 01; F[2][108] = 016; F[2][109] = 07; F[2][110] = 017; F[2][111] = 00; F[2][112] = 013; F[2][113] = 012; F[2][114] = 016; F[2][115] = 07; F[2][116] = 016; F[2][117] = 01; F[2][118] = 04; F[2][119] = 015; F[2][120] = 07; F[2][121] = 014; F[2][122] = 00; F[2][123] = 04; F[2][124] = 06; F[2][125] = 016; F[2][126] = 011; F[2][127] = 014; F[2][128] = 06; F[2][129] = 011; F[2][130] = 012; F[2][131] = 02; F[2][132] = 012; F[2][133] = 016; F[2][134] = 013; F[2][135] = 00; F[2][136] = 00; F[2][137] = 03; F[2][138] = 03; F[2][139] = 015; F[2][140] = 07; F[2][141] = 012; F[2][142] = 00; F[2][143] = 012; F[2][144] = 017; F[2][145] = 011; F[2][146] = 05; F[2][147] = 05; F[2][148] = 010; F[2][149] = 04; F[2][150] = 04; F[2][151] = 05; F[2][152] = 014; F[2][153] = 012; F[2][154] = 011; F[2][155] = 015; F[2][156] = 015; F[2][157] = 013; F[2][158] = 017; F[2][159] = 014; F[2][160] = 011; F[2][161] = 07; F[2][162] = 013; F[2][163] = 01; F[2][164] = 00; F[2][165] = 015; F[2][166] = 011; F[2][167] = 05; F[2][168] = 015; F[2][169] = 016; F[2][170] = 012; F[2][171] = 017; F[2][172] = 01; F[2][173] = 015; F[2][174] = 07; F[2][175] = 012; F[2][176] = 010; F[2][177] = 017; F[2][178] = 07; F[2][179] = 04; F[2][180] = 011; F[2][181] = 013; F[2][182] = 01; F[2][183] = 010; F[2][184] = 06; F[2][185] = 03; F[2][186] = 010; F[2][187] = 02; F[2][188] = 05; F[2][189] = 010; F[2][190] = 011; F[2][191] = 02; F[2][192] = 04; F[2][193] = 017; F[2][194] = 012; F[2][195] = 06; F[2][196] = 05; F[2][197] = 05; F[2][198] = 015; F[2][199] = 012; F[2][200] = 00; F[2][201] = 03; F[2][202] = 04; F[2][203] = 015; F[2][204] = 016; F[2][205] = 015; F[2][206] = 015; F[2][207] = 011; F[2][208] = 03; F[2][209] = 05; F[2][210] = 013; F[2][211] = 016; F[2][212] = 02; F[2][213] = 017; F[2][214] = 013; F[2][215] = 00; F[2][216] = 03; F[2][217] = 012; F[2][218] = 02; F[2][219] = 07; F[2][220] = 03; F[2][221] = 010; F[2][222] = 011; F[2][223] = 01; F[2][224] = 06; F[2][225] = 02; F[2][226] = 014; F[2][227] = 01; F[2][228] = 012; F[2][229] = 010; F[2][230] = 02; F[2][231] = 012; F[2][232] = 013; F[2][233] = 017; F[2][234] = 013; F[2][235] = 014; F[2][236] = 05; F[2][237] = 02; F[2][238] = 02; F[2][239] = 013; F[2][240] = 011; F[2][241] = 013; F[2][242] = 02; F[2][243] = 05; F[2][244] = 014; F[2][245] = 017; F[2][246] = 06; F[2][247] = 015; F[2][248] = 01; F[2][249] = 011; F[2][250] = 012; F[2][251] = 00; F[2][252] = 013; F[2][253] = 05; F[2][254] = 03; F[2][255] = 015; F[3][0] = 013; F[3][1] = 07; F[3][2] = 04; F[3][3] = 01; F[3][4] = 03; F[3][5] = 017; F[3][6] = 07; F[3][7] = 05; F[3][8] = 014; F[3][9] = 02; F[3][10] = 05; F[3][11] = 016; F[3][12] = 013; F[3][13] = 04; F[3][14] = 013; F[3][15] = 01; F[3][16] = 015; F[3][17] = 015; F[3][18] = 014; F[3][19] = 015; F[3][20] = 01; F[3][21] = 010; F[3][22] = 04; F[3][23] = 02; F[3][24] = 07; F[3][25] = 015; F[3][26] = 016; F[3][27] = 016; F[3][28] = 01; F[3][29] = 03; F[3][30] = 011; F[3][31] = 011; F[3][32] = 010; F[3][33] = 017; F[3][34] = 06; F[3][35] = 04; F[3][36] = 013; F[3][37] = 010; F[3][38] = 014; F[3][39] = 013; F[3][40] = 03; F[3][41] = 010; F[3][42] = 015; F[3][43] = 07; F[3][44] = 07; F[3][45] = 00; F[3][46] = 05; F[3][47] = 01; F[3][48] = 03; F[3][49] = 013; F[3][50] = 015; F[3][51] = 04; F[3][52] = 017; F[3][53] = 015; F[3][54] = 03; F[3][55] = 017; F[3][56] = 013; F[3][57] = 03; F[3][58] = 013; F[3][59] = 011; F[3][60] = 00; F[3][61] = 010; F[3][62] = 01; F[3][63] = 07; F[3][64] = 03; F[3][65] = 04; F[3][66] = 04; F[3][67] = 03; F[3][68] = 03; F[3][69] = 010; F[3][70] = 016; F[3][71] = 00; F[3][72] = 01; F[3][73] = 011; F[3][74] = 015; F[3][75] = 02; F[3][76] = 013; F[3][77] = 03; F[3][78] = 07; F[3][79] = 010; F[3][80] = 010; F[3][81] = 07; F[3][82] = 014; F[3][83] = 015; F[3][84] = 013; F[3][85] = 05; F[3][86] = 00; F[3][87] = 012; F[3][88] = 012; F[3][89] = 016; F[3][90] = 07; F[3][91] = 02; F[3][92] = 017; F[3][93] = 06; F[3][94] = 017; F[3][95] = 015; F[3][96] = 013; F[3][97] = 02; F[3][98] = 03; F[3][99] = 013; F[3][100] = 01; F[3][101] = 02; F[3][102] = 017; F[3][103] = 06; F[3][104] = 04; F[3][105] = 07; F[3][106] = 04; F[3][107] = 017; F[3][108] = 03; F[3][109] = 03; F[3][110] = 02; F[3][111] = 00; F[3][112] = 05; F[3][113] = 01; F[3][114] = 00; F[3][115] = 016; F[3][116] = 014; F[3][117] = 05; F[3][118] = 02; F[3][119] = 04; F[3][120] = 07; F[3][121] = 014; F[3][122] = 07; F[3][123] = 012; F[3][124] = 05; F[3][125] = 017; F[3][126] = 011; F[3][127] = 01; F[3][128] = 06; F[3][129] = 00; F[3][130] = 015; F[3][131] = 014; F[3][132] = 017; F[3][133] = 01; F[3][134] = 00; F[3][135] = 04; F[3][136] = 00; F[3][137] = 00; F[3][138] = 011; F[3][139] = 04; F[3][140] = 013; F[3][141] = 012; F[3][142] = 03; F[3][143] = 015; F[3][144] = 01; F[3][145] = 05; F[3][146] = 04; F[3][147] = 02; F[3][148] = 011; F[3][149] = 07; F[3][150] = 00; F[3][151] = 011; F[3][152] = 015; F[3][153] = 011; F[3][154] = 00; F[3][155] = 05; F[3][156] = 07; F[3][157] = 016; F[3][158] = 017; F[3][159] = 02; F[3][160] = 05; F[3][161] = 013; F[3][162] = 06; F[3][163] = 04; F[3][164] = 06; F[3][165] = 01; F[3][166] = 013; F[3][167] = 04; F[3][168] = 06; F[3][169] = 015; F[3][170] = 010; F[3][171] = 012; F[3][172] = 03; F[3][173] = 010; F[3][174] = 017; F[3][175] = 013; F[3][176] = 011; F[3][177] = 010; F[3][178] = 07; F[3][179] = 00; F[3][180] = 014; F[3][181] = 03; F[3][182] = 05; F[3][183] = 00; F[3][184] = 013; F[3][185] = 016; F[3][186] = 013; F[3][187] = 014; F[3][188] = 01; F[3][189] = 02; F[3][190] = 016; F[3][191] = 06; F[3][192] = 012; F[3][193] = 016; F[3][194] = 014; F[3][195] = 03; F[3][196] = 04; F[3][197] = 06; F[3][198] = 00; F[3][199] = 017; F[3][200] = 00; F[3][201] = 014; F[3][202] = 05; F[3][203] = 016; F[3][204] = 01; F[3][205] = 01; F[3][206] = 04; F[3][207] = 03; F[3][208] = 01; F[3][209] = 010; F[3][210] = 00; F[3][211] = 013; F[3][212] = 010; F[3][213] = 03; F[3][214] = 015; F[3][215] = 03; F[3][216] = 07; F[3][217] = 017; F[3][218] = 014; F[3][219] = 012; F[3][220] = 06; F[3][221] = 01; F[3][222] = 01; F[3][223] = 03; F[3][224] = 00; F[3][225] = 06; F[3][226] = 012; F[3][227] = 05; F[3][228] = 05; F[3][229] = 06; F[3][230] = 07; F[3][231] = 010; F[3][232] = 017; F[3][233] = 016; F[3][234] = 01; F[3][235] = 05; F[3][236] = 00; F[3][237] = 016; F[3][238] = 00; F[3][239] = 00; F[3][240] = 014; F[3][241] = 017; F[3][242] = 010; F[3][243] = 00; F[3][244] = 06; F[3][245] = 012; F[3][246] = 011; F[3][247] = 016; F[3][248] = 017; F[3][249] = 017; F[3][250] = 03; F[3][251] = 03; F[3][252] = 014; F[3][253] = 00; F[3][254] = 015; F[3][255] = 017; /* PSEUDO-LINEAR (G0, G1) */ G[0][0] = 00; G[0][1] = 00; G[0][2] = 01; G[0][3] = 01; G[0][4] = 00; G[0][5] = 01; G[0][6] = 01; G[0][7] = 00; G[0][8] = 00; G[0][9] = 01; G[0][10] = 00; G[0][11] = 00; G[0][12] = 01; G[0][13] = 01; G[0][14] = 00; G[0][15] = 01; G[0][16] = 01; G[0][17] = 00; G[0][18] = 00; G[0][19] = 01; G[0][20] = 00; G[0][21] = 00; G[0][22] = 01; G[0][23] = 01; G[0][24] = 00; G[0][25] = 01; G[0][26] = 01; G[0][27] = 00; G[0][28] = 00; G[0][29] = 01; G[0][30] = 00; G[0][31] = 00; G[0][32] = 01; G[0][33] = 01; G[0][34] = 00; G[0][35] = 01; G[0][36] = 01; G[0][37] = 00; G[0][38] = 00; G[0][39] = 01; G[0][40] = 00; G[0][41] = 00; G[0][42] = 01; G[0][43] = 01; G[0][44] = 00; G[0][45] = 01; G[0][46] = 01; G[0][47] = 00; G[0][48] = 00; G[0][49] = 01; G[0][50] = 00; G[0][51] = 00; G[0][52] = 01; G[0][53] = 01; G[0][54] = 00; G[0][55] = 01; G[0][56] = 01; G[0][57] = 00; G[0][58] = 00; G[0][59] = 01; G[0][60] = 00; G[0][61] = 00; G[0][62] = 01; G[0][63] = 01; G[0][64] = 00; G[0][65] = 01; G[0][66] = 01; G[0][67] = 00; G[0][68] = 00; G[0][69] = 01; G[0][70] = 00; G[0][71] = 00; G[0][72] = 01; G[0][73] = 01; G[0][74] = 00; G[0][75] = 01; G[0][76] = 01; G[0][77] = 00; G[0][78] = 00; G[0][79] = 01; G[0][80] = 00; G[0][81] = 00; G[0][82] = 01; G[0][83] = 01; G[0][84] = 00; G[0][85] = 01; G[0][86] = 01; G[0][87] = 00; G[0][88] = 00; G[0][89] = 01; G[0][90] = 00; G[0][91] = 00; G[0][92] = 01; G[0][93] = 01; G[0][94] = 00; G[0][95] = 01; G[0][96] = 01; G[0][97] = 00; G[0][98] = 00; G[0][99] = 01; G[0][100] = 00; G[0][101] = 00; G[0][102] = 01; G[0][103] = 01; G[0][104] = 00; G[0][105] = 01; G[0][106] = 01; G[0][107] = 00; G[0][108] = 00; G[0][109] = 01; G[0][110] = 00; G[0][111] = 00; G[0][112] = 01; G[0][113] = 01; G[0][114] = 00; G[0][115] = 01; G[0][116] = 01; G[0][117] = 00; G[0][118] = 00; G[0][119] = 01; G[0][120] = 00; G[0][121] = 00; G[0][122] = 01; G[0][123] = 01; G[0][124] = 00; G[0][125] = 01; G[0][126] = 01; G[0][127] = 00; G[0][128] = 00; G[0][129] = 01; G[0][130] = 00; G[0][131] = 00; G[0][132] = 01; G[0][133] = 01; G[0][134] = 00; G[0][135] = 01; G[0][136] = 01; G[0][137] = 00; G[0][138] = 00; G[0][139] = 01; G[0][140] = 00; G[0][141] = 00; G[0][142] = 01; G[0][143] = 01; G[0][144] = 00; G[0][145] = 01; G[0][146] = 01; G[0][147] = 00; G[0][148] = 00; G[0][149] = 01; G[0][150] = 00; G[0][151] = 00; G[0][152] = 01; G[0][153] = 01; G[0][154] = 00; G[0][155] = 01; G[0][156] = 01; G[0][157] = 00; G[0][158] = 00; G[0][159] = 01; G[0][160] = 00; G[0][161] = 00; G[0][162] = 01; G[0][163] = 01; G[0][164] = 00; G[0][165] = 01; G[0][166] = 01; G[0][167] = 00; G[0][168] = 00; G[0][169] = 01; G[0][170] = 00; G[0][171] = 00; G[0][172] = 01; G[0][173] = 01; G[0][174] = 00; G[0][175] = 01; G[0][176] = 01; G[0][177] = 00; G[0][178] = 00; G[0][179] = 01; G[0][180] = 00; G[0][181] = 00; G[0][182] = 01; G[0][183] = 01; G[0][184] = 00; G[0][185] = 01; G[0][186] = 01; G[0][187] = 00; G[0][188] = 00; G[0][189] = 01; G[0][190] = 00; G[0][191] = 00; G[0][192] = 01; G[0][193] = 01; G[0][194] = 00; G[0][195] = 01; G[0][196] = 01; G[0][197] = 00; G[0][198] = 00; G[0][199] = 01; G[0][200] = 00; G[0][201] = 00; G[0][202] = 01; G[0][203] = 01; G[0][204] = 00; G[0][205] = 01; G[0][206] = 01; G[0][207] = 00; G[0][208] = 00; G[0][209] = 01; G[0][210] = 00; G[0][211] = 00; G[0][212] = 01; G[0][213] = 01; G[0][214] = 00; G[0][215] = 01; G[0][216] = 01; G[0][217] = 00; G[0][218] = 00; G[0][219] = 01; G[0][220] = 00; G[0][221] = 00; G[0][222] = 01; G[0][223] = 01; G[0][224] = 00; G[0][225] = 01; G[0][226] = 01; G[0][227] = 00; G[0][228] = 00; G[0][229] = 01; G[0][230] = 00; G[0][231] = 00; G[0][232] = 01; G[0][233] = 01; G[0][234] = 00; G[0][235] = 01; G[0][236] = 01; G[0][237] = 00; G[0][238] = 00; G[0][239] = 01; G[0][240] = 00; G[0][241] = 00; G[0][242] = 01; G[0][243] = 01; G[0][244] = 00; G[0][245] = 01; G[0][246] = 01; G[0][247] = 00; G[0][248] = 00; G[0][249] = 01; G[0][250] = 00; G[0][251] = 00; G[0][252] = 01; G[0][253] = 01; G[0][254] = 00; G[0][255] = 01; G[1][0] = 00; G[1][1] = 01; G[1][2] = 01; G[1][3] = 00; G[1][4] = 01; G[1][5] = 00; G[1][6] = 00; G[1][7] = 01; G[1][8] = 00; G[1][9] = 01; G[1][10] = 01; G[1][11] = 00; G[1][12] = 01; G[1][13] = 00; G[1][14] = 00; G[1][15] = 01; G[1][16] = 01; G[1][17] = 00; G[1][18] = 00; G[1][19] = 01; G[1][20] = 00; G[1][21] = 01; G[1][22] = 01; G[1][23] = 00; G[1][24] = 01; G[1][25] = 00; G[1][26] = 00; G[1][27] = 01; G[1][28] = 00; G[1][29] = 01; G[1][30] = 01; G[1][31] = 00; G[1][32] = 00; G[1][33] = 01; G[1][34] = 01; G[1][35] = 00; G[1][36] = 01; G[1][37] = 00; G[1][38] = 00; G[1][39] = 01; G[1][40] = 00; G[1][41] = 01; G[1][42] = 01; G[1][43] = 00; G[1][44] = 01; G[1][45] = 00; G[1][46] = 00; G[1][47] = 01; G[1][48] = 01; G[1][49] = 00; G[1][50] = 00; G[1][51] = 01; G[1][52] = 00; G[1][53] = 01; G[1][54] = 01; G[1][55] = 00; G[1][56] = 01; G[1][57] = 00; G[1][58] = 00; G[1][59] = 01; G[1][60] = 00; G[1][61] = 01; G[1][62] = 01; G[1][63] = 00; G[1][64] = 00; G[1][65] = 01; G[1][66] = 01; G[1][67] = 00; G[1][68] = 01; G[1][69] = 00; G[1][70] = 00; G[1][71] = 01; G[1][72] = 00; G[1][73] = 01; G[1][74] = 01; G[1][75] = 00; G[1][76] = 01; G[1][77] = 00; G[1][78] = 00; G[1][79] = 01; G[1][80] = 01; G[1][81] = 00; G[1][82] = 00; G[1][83] = 01; G[1][84] = 00; G[1][85] = 01; G[1][86] = 01; G[1][87] = 00; G[1][88] = 01; G[1][89] = 00; G[1][90] = 00; G[1][91] = 01; G[1][92] = 00; G[1][93] = 01; G[1][94] = 01; G[1][95] = 00; G[1][96] = 00; G[1][97] = 01; G[1][98] = 01; G[1][99] = 00; G[1][100] = 01; G[1][101] = 00; G[1][102] = 00; G[1][103] = 01; G[1][104] = 00; G[1][105] = 01; G[1][106] = 01; G[1][107] = 00; G[1][108] = 01; G[1][109] = 00; G[1][110] = 00; G[1][111] = 01; G[1][112] = 01; G[1][113] = 00; G[1][114] = 00; G[1][115] = 01; G[1][116] = 00; G[1][117] = 01; G[1][118] = 01; G[1][119] = 00; G[1][120] = 01; G[1][121] = 00; G[1][122] = 00; G[1][123] = 01; G[1][124] = 00; G[1][125] = 01; G[1][126] = 01; G[1][127] = 00; G[1][128] = 00; G[1][129] = 01; G[1][130] = 01; G[1][131] = 00; G[1][132] = 01; G[1][133] = 00; G[1][134] = 00; G[1][135] = 01; G[1][136] = 00; G[1][137] = 01; G[1][138] = 01; G[1][139] = 00; G[1][140] = 01; G[1][141] = 00; G[1][142] = 00; G[1][143] = 01; G[1][144] = 01; G[1][145] = 00; G[1][146] = 00; G[1][147] = 01; G[1][148] = 00; G[1][149] = 01; G[1][150] = 01; G[1][151] = 00; G[1][152] = 01; G[1][153] = 00; G[1][154] = 00; G[1][155] = 01; G[1][156] = 00; G[1][157] = 01; G[1][158] = 01; G[1][159] = 00; G[1][160] = 00; G[1][161] = 01; G[1][162] = 01; G[1][163] = 00; G[1][164] = 01; G[1][165] = 00; G[1][166] = 00; G[1][167] = 01; G[1][168] = 00; G[1][169] = 01; G[1][170] = 01; G[1][171] = 00; G[1][172] = 01; G[1][173] = 00; G[1][174] = 00; G[1][175] = 01; G[1][176] = 01; G[1][177] = 00; G[1][178] = 00; G[1][179] = 01; G[1][180] = 00; G[1][181] = 01; G[1][182] = 01; G[1][183] = 00; G[1][184] = 01; G[1][185] = 00; G[1][186] = 00; G[1][187] = 01; G[1][188] = 00; G[1][189] = 01; G[1][190] = 01; G[1][191] = 00; G[1][192] = 00; G[1][193] = 01; G[1][194] = 01; G[1][195] = 00; G[1][196] = 01; G[1][197] = 00; G[1][198] = 00; G[1][199] = 01; G[1][200] = 00; G[1][201] = 01; G[1][202] = 01; G[1][203] = 00; G[1][204] = 01; G[1][205] = 00; G[1][206] = 00; G[1][207] = 01; G[1][208] = 01; G[1][209] = 00; G[1][210] = 00; G[1][211] = 01; G[1][212] = 00; G[1][213] = 01; G[1][214] = 01; G[1][215] = 00; G[1][216] = 01; G[1][217] = 00; G[1][218] = 00; G[1][219] = 01; G[1][220] = 00; G[1][221] = 01; G[1][222] = 01; G[1][223] = 00; G[1][224] = 00; G[1][225] = 01; G[1][226] = 01; G[1][227] = 00; G[1][228] = 01; G[1][229] = 00; G[1][230] = 00; G[1][231] = 01; G[1][232] = 00; G[1][233] = 01; G[1][234] = 01; G[1][235] = 00; G[1][236] = 01; G[1][237] = 00; G[1][238] = 00; G[1][239] = 01; G[1][240] = 01; G[1][241] = 00; G[1][242] = 00; G[1][243] = 01; G[1][244] = 00; G[1][245] = 01; G[1][246] = 01; G[1][247] = 00; G[1][248] = 01; G[1][249] = 00; G[1][250] = 00; G[1][251] = 01; G[1][252] = 00; G[1][253] = 01; G[1][254] = 01; G[1][255] = 00; } static u_char f(int table, int value) { if ((table<0) || (table>3) || (value<0) || (value>255)) { fprintf(stderr,"\n\nF TABLE EXCEPTION %x %x\n\n",table,value); exit(1001); } return F[table][value]; } static u_char g(int table, int value) { if ((table<0) || (table>2) || (value<0) || (value>255)) { fprintf(stderr,"\n\nG TABLE EXCEPTION %x %x\n\n",table,value); exit(1001); } return G[table][value]; } /* TOP SECRET */ /* See label file for codeword restrictions */ From tcmay at got.net Wed Aug 9 12:00:59 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 9 Aug 95 12:00:59 PDT Subject: Crypto = Competitive Advantage? Message-ID: At 2:17 PM 8/9/95, Duncan Frissell wrote: >Note to Mr. Bill - > >I was watching CNBC this morning while reading my mail and they had a story >on the Netscape Communications IPO (ticker NSCP btw). Some analyst said >when asked whether Microsoft couldn't just wipe them out that the most >important part of Netscape's product was that it offered end-to-end >encryption. He said that this was important for the growth of the nets and >was something that people wanted. As long as the Netscape IPO topic has come up... A former member of our list, Marc Andreessen, just became worth $70 million or so in today's IPO. (IPO = Initial Public Offering, or "Internet PGP Offering") Personally, I think this valuation of Netscape at a few billion dollars is way too high. They've got a leading product, which most folks have gotten for free, and they've signed a bunch of corporate deals. But a few billion for a brand new company? ...and who knows how many of their sudden multimillionaire developers will now leave...? Crypto could be the next big wave of IPOs, with "Verisign" and "RSADSI" both rumored to be offered. Some of the digital commerce companies may be next. It seems that anything involving the Internet, the Web, and digital commerce is really, really hot. --Timothy C. May, President, Bank of the Web Special note: My ISP has changed its domain name from "sensemedia.net" to "got.net" (as in "got milk?"), so I have to again ask you all to bear with me and use my new e-mail address, "tcmay at got.net". ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rfb at lehman.com Wed Aug 9 12:01:26 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 9 Aug 95 12:01:26 PDT Subject: Crypto = Competitive Advantage? In-Reply-To: <199508091417.KAA17510@panix.com> Message-ID: <9508091859.AA16290@cfdevx1.lehman.com> Date: Wed, 09 Aug 1995 10:17:30 -0400 From: Duncan Frissell I was watching CNBC this morning while reading my mail and they had a story on the Netscape Communications IPO (ticker NSCP btw). Apparently the opening price was doubled very shortly before the IPO (late yesterday afternoon) from $14 to $28. By lunch-time (in NYC), shares were trading at $72. -- Rick Busdiecker Please do not send electronic junk mail! net: rfb at lehman.com or rfb at cmu.edu PGP Public Key: 0xDBD9994D www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html send mail, subject "send index" for mailbot info, "send pgp key" gets my key From rfb at lehman.com Wed Aug 9 12:06:09 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 9 Aug 95 12:06:09 PDT Subject: PGP at work? Message-ID: <9508091904.AA16481@cfdevx1.lehman.com> Sorry for the FAQ. Really, I've spent the last hour scanning the distributed docs and hopping around to different web pages looking for this info. What constitutes ``commercial use'' of PGP? I could swear (if I were a theist :-) that I'd seen some sort of statement from RSADSI, PKP and/or MIT that it is ok to use PGP for mail at work providing that the *purpose* of the mail is not commercial. Could someone confirm or deny this, preferably with a reference? -- Rick Busdiecker Please do not send electronic junk mail! net: rfb at lehman.com or rfb at cmu.edu PGP Public Key: 0xDBD9994D www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html send mail, subject "send index" for mailbot info, "send pgp key" gets my key From jweis at primenet.com Wed Aug 9 12:32:54 1995 From: jweis at primenet.com (Jason Weisberger) Date: Wed, 9 Aug 95 12:32:54 PDT Subject: Crypto = Competitive Advantage? In-Reply-To: <9508091859.AA16290@cfdevx1.lehman.com> Message-ID: <199508091932.MAA22814@usr5.primenet.com> > > Date: Wed, 09 Aug 1995 10:17:30 -0400 > From: Duncan Frissell > > I was watching CNBC this morning while reading my mail and they had a story > on the Netscape Communications IPO (ticker NSCP btw). > > Apparently the opening price was doubled very shortly before the IPO > (late yesterday afternoon) from $14 to $28. By lunch-time (in NYC), > shares were trading at $72. Amazing aint it - a moron girl at Goldman Sachs of course told me I was crazy and anyone who felt Netscape was going to go over the top was a moron. I guess these corporate types are going to have to get used to the idea that the "net" is here to stay and a huge industry to boot. From carolab at censored.org Wed Aug 9 12:33:49 1995 From: carolab at censored.org (Censored Girls Anonymous) Date: Wed, 9 Aug 95 12:33:49 PDT Subject: Sizzling!!! Was: Crypto = Co In-Reply-To: Message-ID: Dear Mr. Bank President, Seems? All of the Net' stocks are far outpacing my Coca-Cola shares right now. And, my Coke stock is at all time highs. My Coke stock is up 1150% in 10 years. Sizzling appears to be a better word for it. Good Coke traders everywhere ARE trying to cash in on this very fab trading pattern. It looks to me that Viacrypt would do really well when PGP 3.0 comes out, particularly if it has a GUI interface. And if TCMAY ever became a "pink sheet" stock, I'd stop everything and buy some shares in it. Love Always, Carol Anne On Wed, 9 Aug 1995, Timothy C. May wrote: > It seems that anything involving the Internet, the Web, and digital > commerce is really, really hot. > --Timothy C. May, President, Bank of the Web > tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero Member Internet Society - Certified BETSI Programmer - WWW Page Creation ------------------------------------------------------------------------- Carol Anne Braddock <--now running linux 1.0.9 for your pleasure carolann at censored.org __ __ ____ ___ ___ ____ carolab at primenet.com /__)/__) / / / / /_ /\ / /_ / carolb at spring.com / / \ / / / / /__ / \/ /___ / ------------------------------------------------------------------------- A great place to start My Cyber Doc... From sbryan at maroon.tc.umn.edu Wed Aug 9 13:19:23 1995 From: sbryan at maroon.tc.umn.edu (Steve Bryan) Date: Wed, 9 Aug 95 13:19:23 PDT Subject: Only 1/3 of Government Computers Down So Far Message-ID: At 12:29 pm 8/9/95, KALLISTE at delphi.com wrote: >Perry, > Many people are interested in cryptology because they don't >want the NSA (among others) invading their privacy. The Foster story >concerns the chief NSA privacy-invasion of modern times: spying on >domestic banking transactions. So it's relevant. > The Grand Inquisitor role is getting a little old. So if >you want to continue to play it, my response is: Fuck Off. > >-Orlin I'm thankful that someone can occassionally (or even always) point out that the messages are getting rather far from what is considered the main topics of the list. This is a very high volume mailing list, at least three times as high as anything else I try to read. I didn't subscribe to a conspiracy buff list but it is not my intention to go out of my way to insult anyone here. But there are lists (aren't there?) for people who find such speculation interesting. +---------------------------------------------------------------------- |Steve Bryan Internet: sbryan at maroon.tc.umn.edu |Sexton Software CompuServe: 76545,527 |Minneapolis, MN Fax: (612) 929-1799 |PGP key fingerprint: B4 C6 E2 A6 5F 87 57 7D E1 8C A6 9B A9 BE 96 CB +---------------------------------------------------------------------- From andrew_loewenstern at il.us.swissbank.com Wed Aug 9 13:23:23 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Wed, 9 Aug 95 13:23:23 PDT Subject: Crypto = Competitive Advantage? Message-ID: <9508092021.AA02019@ch1d157nwk> Jason Weisenberger writes: > > Apparently the opening price was doubled very shortly before the > IPO > (late yesterday afternoon) from $14 to $28. By lunch-time > (in NYC), > shares were trading at $72. > > Amazing aint it - a moron girl at Goldman Sachs of course told me > I was crazy and anyone who felt Netscape was going to go over the > top was a moron. It may have "opened" at $28, but the first bid was $71 and now it's trading at $50something. Not quite so spectacular as at first glance... So unless you shorted it or were an insider it wasn't such a hot thing (so far). Quarterdeck is probably a better buy. ob crypto: the "top secret" source just posted looks interesting... 64-bit blocks, 80-bit keys, 32 rounds hmmmm.... andrew From hfinney at shell.portal.com Wed Aug 9 16:00:53 1995 From: hfinney at shell.portal.com (Hal) Date: Wed, 9 Aug 95 16:00:53 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) Message-ID: <199508092259.PAA10092@jobe.shell.portal.com> I suppose the unstated implication is that this might be Skipjack. I have looked at the program a bit and have a few observations: There is an obvious typo in the "g" function, whose first parameter should be 0 or 1, but which tests it for 0, 1, or 2. This suggests an amateur effort. The coding style in general suggests a lack of familiarity with C (absence of "for" loops, with equivalent "while" loops substituted). The program appears to be based on a hardware-based description of the algorithm, judging from comments and style. The algorithm uses two fixed arrays F and G. Comments indicate that F was designed as four independent arrays F0, F1, F2, and F3. These are suposed to be non-linear. Each takes 8 bits in and 8 bits out. G is two arrays, each 8 bits in and 1 bit out. The comments indicate that it is supposed to be "pseudo-linear". G1 is the odd parity function. G0[i] is 0 0 1 1 0 1 1 0 0 1 repeated over and over. This is unusual because it is period 10 (the second 5 bits are the inverse of the first 5). I don't know whether there would be a more concise algorithmic representation of G0. Key size is 80 bits. The program implements the ability to hold 5 keys at once. Block size is 64 bits. The keys are expanded internally into a large array. I haven't looked at the key scheduling in detail. The encrypt and decrypt block functions have fixed xor's applied to the 64 bits of input and output. This appears to be cryptographically useless (or at least not very useful), similar to the initial permutation in DES. It is curious that xor's are used here rather than a permutation. That may represent an attempt to design the cipher to run well in software. The encryption function itself is a modified Feistel type cipher, with the blocks broken into 8 pieces and xor'd with functions involving F, G, the key and other pieces in a reversable pattern. The loop iterates 32 times but only two of the 8 pieces are changed each iteration so each 8 bit piece actually gets modified only 8 times. The pattern is: piece 6 modified by pieces 4, 5, 2, 3 piece 7 modified by pieces 4, 5, 0, 1 piece 0 modified by pieces 6, 7, 4, 5 piece 1 modified by pieces 6, 7, 2, 3 piece 2 modified by pieces 0, 1, 6, 7 piece 3 modified by pieces 0, 1, 4, 5 piece 4 modified by pieces 2, 3, 0, 1 piece 5 modified by pieces 2, 3, 6, 7 repeated 8 times. Decryption goes in the inverse order as is typical of these ciphers. The key is basically 80 bits, however there is a function S1_create_key which pads it with 16 bits of 0 and then encrypts it with two overlapping encryptions using the all-zeros key. The resulting 96 bit key is then fed as input to S1_load_key which decrypts it and checks for the 0's to ensure validity. I am not much of a cryptanalyst, but from what I understand the overall security of a Feistel-type cipher like this depends a great deal on the structure of the F (and in this case G) boxes. I would not be at all qualified to analyze those. So potentially this may be a strong cipher or it may be weak. The actual implementation does as I remarked show some signs of amateur programming skills. In addition to the points mentioned it is curious that the G arrays are initialized with a list of 256 values rather than taking advantage of the apparent regularities noted. Hal Finney hfinney at shell.portal.com From unicorn at access.digex.net Wed Aug 9 16:06:07 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 9 Aug 95 16:06:07 PDT Subject: Bank Fees and E-Cash Message-ID: -----BEGIN PGP SIGNED MESSAGE----- - - - Bank Fees and the E-cash Niche. Banks have gorged themselves on rocketing fees for the last five years. The result is that typical bank customer currently pays 150% of the amount of interest collected on accounts in a given year in the form of fees. My prediction, and my hope, is that e- cash will cut through the pretense upon which the rationalization of many of these fees is based, and even market itself on this point- Lower Fees. - - - New Fee Schemes "Overdraft Assistance" and the Myth That Only Irresponsible Bank Customers Bounce Checks or Overdraft. Banks have begun to implement policies intended to help the customer overdraft. They may, for example, cash the largest checks first such than an overdraft will hit with several small checks rather than one or two large ones causing multiple overdraft fees. Banks have begun to routinely delay crediting checks for 48 and 72 hours, and out of state checks for anywhere from 3-14 business days. ATM cash deposits are typically subject to 24-48 hours delay. The "Unofficial Credit." Many times the delays in crediting various transactions are hidden by the "unofficial credit." Most noticeable in ATM deposits, a credit is given but should demands on the account draw into the "unofficial credit" an overdraft will be posted on the rationale that an "official credit" has not yet been posted and the funds are thus not "officially" available, this despite the fact that the funds will appear available to ATM balance requests and statements. Of course the bank will profit from the "unofficial credit" to "official credit" interest float regardless of what overdraft fees might be charged. The "wire credit" and "official wire credit" are another example. Banks receive a wire transfer on Monday, send a "electronic payment advice" the same day, but post the credit to the account "officially" on Tuesday. The original intent is for the bank to be able to take advantage of the interest "float" between the receipt of funds and its credit to the account. The result is an additional overdraft potential. The Separate Wire Office Hours. Often times the bank's "wire" office will close hours before the branch closes. Wires received some hours before closing on Friday will not be credited until the following Monday. The ATM Processing Time Table. Many bank only begin processing ATM deposit transactions an hour before closing, crediting only as many deposits as can be processed in this time, the remainder are not processed until the next morning. ATM debits are, of course, processed all day. Check Processing Time Table. In a given day, debit checks are processed on an account before deposit checks are processed. Obviously, an account that overdrafts overdrafts only because of the order in which checks are processed. - - - The Created Convenience Fee A great many bank fees fall into what I call "created convenience fees." Really created convenience fees resemble airport customs bribes in third world countries. The customs officer makes what should be an easy passage terribly difficult, then demands a "fee" to make travel as easy as it should have been to begin with. The net effect is for the traveler to pay to dispense with a problem created by the party receiving the fee. Nigeria is a prime example. Upon arrival the average traveler will find him or herself embroiled with licensing deficiencies, visa fees, entry fees, the threat of quarantine, seizure of expensive equipment for "inspection" and other such invented requirements. Some hours into the "negotiations" the customs official will offer to "overlook" these transgressions for a "fee." This is a created convenience fee. Banks fall into this category by such programs as "overdraft insurance" whereby banks enact policies which, as we have seen, make it painfully easy to overdraft and then charge a monthly fee to avoid the overdraft charges. - - - The Result Bob is a sort of combination of my own experience and discussions with other bank customers in D.C. Bob has an account in Washington, D.C. with $1500.00 in it. Bob Receives a wire at 3pm Friday for $1700.00 Bob writes five checks on Friday, one for $1400.00, one for $200.00, one for $150.00 and two for $100.00. Totaling $1950.00. Bob deposits 4 checks totaling $2000.00 in the night depository Saturday. Bob deposits $50.00 in cash in an ATM on Saturday Night. Bob checks his ATM balance ($3250.00) and withdraws $50.00 from an ATM on Sunday Morning. Bob's wire arrives after the wire office has closed for the day - an "unofficial credit" is posted Friday before closing anyhow. Bob's bank processes the $1400.00 check first, leaving Bob's account with an "official" $100.00 and $1700.00 in "unofficial funds." Bob's bank processes the $200.00 check, notes a $100.00 overdraft, charges $25.00 for this check, refuses payment on the remaining three checks and drops a $25.00 overdraft fee plus a $10.00 "bad check" fee for each. Total charges: $130.00 Bob's bank processes the $50.00 ATM withdrawal, which overdrafts. $25.00 fee is posted. Total fees so far: $155.00. Bob's balance for the majority of Monday: -$255.00. Bob's bank begins to process deposits, notes all the checks for deposit, $1000.00 of which are out of state. No checks are credited. Bob's bank notes the ATM transaction at the end of the day on Monday, but does not credit it immediately despite the fact that it is cash. Bob's bank credits the ATM deposit to Bob's account on Tuesday. Bob's balance is now -$205.00 Middle of the day Tuesday, Bob's account has been below its required minimum $500 balance for 24 hours. A $50.00 fee is charged. End of the day Bob's wire is "officially" credited - a $10.00 fee is charged for receiving the wire. (No, I'm not kidding) Bob's bank credits the $1000.00 of in state checks on Wednesday Finally, on Friday, Bob's out of state checks are deposited. Bob will likely be liable for $50.00-$75.00 fees for each of his bounced checks as vendors will probably charge hefty fees. Telecheck will have Bob on the 10 most wanted list for $350.00 in bounced checks. Bob's check writing ability is about nil in D.C. for the month it will take him to clear it up. Bob gets a mailing a week later telling him of the advantages of his bank's newest "overdraft insurance" program. $150 a year. Bob, for what would literally be a series of very responsible transactions, is looking at over $215.00 in bank fees, and at least $150 in bounced check fees from vendors because of violation of technical rules the bank has designed to cause fees to be charged. - - - E-Cash I cannot believe that e-cash won't be able to solve some of these problems, and I hope it will limit its own fees to usage. To me this is a classic argument for small house e-cash shops. Citibank and Mastercard are going to fight for their fees. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMClJUS1onm9OaF05AQEhugf/T2FquzHdEhHp8dQI5FRYcuayTusig1F3 pHejUdry84F1MqLArSZukVGxEWtZVR0qh2xq4AiN/UwlW9ZKasFdbPPGJtbD6gpO aALJIhQaYJSTQkW4fmieejhcNPMf7e59YaerOl83LkKS/+1tFi9ib1Xz2ZnmXlph 0mWuJjONzH45tPylyJy8fyB9nrpk5WDCAiLhUSxqHRdVmA9nq6uIIZbdmz7sEpLq 82cHyHXKeufGKGvx26R4z3lu0o5Ykd/dGAWADpJ6OT2bhlWFinApF/HMJAA9mLvi w70StZZL/94ncQQWF7LU5vMhGu7/5WNsrpRTzZXG5A0EfFL0ZAdYPw== =ew58 -----END PGP SIGNATURE----- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From hfinney at shell.portal.com Wed Aug 9 16:11:36 1995 From: hfinney at shell.portal.com (Hal) Date: Wed, 9 Aug 95 16:11:36 PDT Subject: "S1" encryption system Message-ID: <199508092310.QAA11567@jobe.shell.portal.com> Correction, I just noticed that the four F functions have 4 bit output not 8 as I wrote. Realize that all this is based on a very cursory examination of the code. BTW I just was starting to look at the key scheduling and I noticed that fullkey is indexed in its 2nd slot by i*2 where i goes from 0 to 31, but is only declared as being 32 in size in that slot. So I think this is another typo, probably the index should be i. This kind of thing does not inspire confidence... Hal From stripes at va.pubnix.com Wed Aug 9 16:49:53 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Wed, 9 Aug 95 16:49:53 PDT Subject: Crypto = Competitive Advantage? In-Reply-To: <199508091417.KAA17510@panix.com> Message-ID: In message <199508091417.KAA17510 at panix.com>, Duncan Frissell writes: >Note to Mr. Bill - > >I was watching CNBC this morning while reading my mail and they had a story >on the Netscape Communications IPO (ticker NSCP btw). Some analyst said >when asked whether Microsoft couldn't just wipe them out that the most >important part of Netscape's product was that it offered end-to-end >encryption. He said that this was important for the growth of the nets and >was something that people wanted. [...] He may or may not be right that end-to-end encryption is important, but: (a) Netscape has documented exactly how SSL should work, and (b) Microsoft can licence RC4 and RSA from PKP just as well as Netscape can. In addition it is far from clear that SSL will be the winning end-to-end encryption in the web world ('tho it looks that way at the moment - a few well publicised attacks - say one agenst the 40bit keys, and say a man-in-the-middle may make S-HTTP, or PGP-HTTP look alot better then SSL to the public - or it may not). From mab at crypto.com Wed Aug 9 16:51:42 1995 From: mab at crypto.com (Matt Blaze) Date: Wed, 9 Aug 95 16:51:42 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) In-Reply-To: <199508092259.PAA10092@jobe.shell.portal.com> Message-ID: <199508100000.UAA07792@crypto.com> Hal writes: >I suppose the unstated implication is that this might be Skipjack. > >I have looked at the program a bit and have a few observations: > .... >The encryption function itself is a modified Feistel type cipher, with >the blocks broken into 8 pieces and xor'd with functions involving F, ... Someone sent me (to my bell labs address) a copy of this this afternoon via an anon server in the netherlands. It looks like others got it as well, and it appears to have been posted to the cypherpunks list, though it hasn't yet shown up here from the list (my mail seems to be slow today). Did anyone else have a copy mailed directly to them? I don't quite know what to make of it. A couple of random quick first-order observations: The code appears to have been translated from some other language by someone not skilled in C. Hal noted the lack of "for" loops where they are obviously called for, and at least two odd bits of code that appear to be bugs, at least one of which one would suspect would cause it to fail to interoperate with correct implementations (if we are to assume the "correct" cipher uses the entire key schedule). Also note the awkward assignement to the F and G tables. S1 could suggest Skipjack, but it is also a pretty generic name for a cryptosystem. I thought Skipjack (like most other NSA cryptosystems) is SECRET, not TOP SECRET, but on the other hand this appears to be part of some kind of "secondary analysis" package, whatever that is, so if this is really spook stuff, the TOP SECRET designation could be reasonable. The cipher is similar in some ways to one designed by Bruce Schneier and I last year (MacGuffin, described in ftp://research.att.com/dist/mab/mcg.ps ). In particular, note that in each of the 32 rounds, 16 bits are operated on by 48 (or 40, depending on the effect of the G function). There is at least one novel feature - the G function used to select which F's (Sboxes) to use. I've not seen this before. The cipher appears to be designed for software implementation (byte oriented, etc.). The software, on the the other hand, goes to some trouble to emulate a hardware interface, as if it were written to be dropped in to some pre-existing code or library. The F outputs are not uniformly distributed. In fact, some outputs appear far more often than others (I base this on running "grep|wc", not on any real analysis.) What a strange key schedule. The "family" XOR business at the begining and end suggests RSA's DESX. The lanuage in the comments suggests that it's there to allow for non-interoperable "families" of users. GOST has similar features, though GOST couples this more closely to the cipher's internal structure. As far as I know, no one has EVER leaked TOP SECRET material cryptosystem in this way, so I'm very skeptical. But there's always a first time. I don't know what to believe. If this is a real, classified cryptosystem, it would be a very unusual first. On the other hand, if this is a hoax, whoever did it appears to have gone to some trouble, and has included some interesting design features. A third possibility, if we are to believe the spook markings, is that it is a re-implementation of someone else's cryptosystem, created for the purpose of cryptanlysis. All in all, I remain very skeptical. It smells like a hoax to me, but I'm willing to look at it with an open mind. -matt From turner at telecheck.com Wed Aug 9 17:05:47 1995 From: turner at telecheck.com (turner at telecheck.com) Date: Wed, 9 Aug 95 17:05:47 PDT Subject: Bank Fees and E-Cash In-Reply-To: Message-ID: <9508100004.AA03734@TeleCheck.com> I have no love for most banks, and have experienced your senario on at least two seperate times... In fact, I tried to deposit a cashiers check from another bank to open a CD in one bank, and they had to "hold" the check for one week. I can imagine holding it so I don't start forging checks on a forged cashiers check, but on a 30 day CD? Ugh. unicorn at access.digex.net said: > Banks have gorged themselves on rocketing fees for the last five > years. The result is that typical bank customer currently pays 150% > of the amount of interest collected on accounts in a given year in > the form of fees. My prediction, and my hope, is that e- cash will > cut through the pretense upon which the rationalization of many of > these fees is based, and even market itself on this point- Lower > Fees. My bank charges me a flat rate of $2/month +$1/month for producing an image copy of my checks. It took me a while to find it, but I did. Its called shopping. unicorn at access.digex.net said: > Telecheck will have Bob on the 10 most wanted list for $350.00 in > bounced checks. Bob's check writing ability is about nil in D.C. > for the month it will take him to clear it up. Not to pick nits, but TeleCheck probably won't get involved until 1-2 months after the checks were bounced (UNLESS the checks are reported stolen, then we will attempt to shut you down), and usually only if the merchants were guarantee customers (we will pay the merchant for a bad check he/she accepts based on a TeleCheck approval). Furthermore, if you write a bad check on a customer of SCAN (TeleCheck's evil competitor), we won't think twice about you. Secondly, most banks will automatically resubmit checks several times to cover temporary short falls. unicorn at access.digex.net said: > I cannot believe that e-cash won't be able to solve some of these > problems, and I hope it will limit its own fees to usage. To me > this is a classic argument for small house e-cash shops. Citibank > and Mastercard are going to fight for their fees. Unfortunately, what most people term e-cash isn't e-cash. The problems associated with bringing up the electronic equivalent of cash are gigantic. I for one, have a new found respect for Chaum and the rest of the pioneers in the field. Citibank and MasterCard are developing an "internet" ways for you to use your credit cards, not e-cash. Microsoft is developing ways to pipe that information to them. These are not going to solve the problem, especially at 18.9% A.P.R... From jburrell at crl.com Wed Aug 9 17:33:12 1995 From: jburrell at crl.com (Jason Burrell) Date: Wed, 9 Aug 95 17:33:12 PDT Subject: How To Spot a Spook page In-Reply-To: <199508090550.AAA07775@arnet.arn.net> Message-ID: <199508100020.TAA02354@crl.com> > > As a start on a Web page, here are some things I thought of. What else? What > are the initials of some of the world's intelligence groups (CIA, NSA, KGB, > DGI, MI5(?), ???) > > 1> Antennas - more than TV/Ham/CB/Satellite (or 'unusually' shaped antennas). Well, no, but I do have access to a lot of computer equipment(*) and some 'unusual' connectivity software floating around. * - The 'good' powered stuff isn't here; just this thing that runs like a 486/10 on valium. > 2> No, or *very* few, visitors (esp. kids) I seldom have any visitors to speak of here. > 3> Visitors are seldom the same, or almost always the same. That describes me perfectly. > 4> Doesn't talk about job/company. I don't. > 5> Activity at 'unusual' times. The times for much of my activity could be described as quite unusual. > 6> Not very 'sociable' (keep to themselves). That's definately me. Ask anyone who knows me. > Or, tell me to forget it, it doesn't belong here.... :-/ > > Dave I guess this proves I'm a spook. My friends probably suspected as much... :-) You know, now that I think about it, I probably *am* quite "mysterious" to the great majority of people who know of me personally (off-net), for a variety of reasons. -- PGP public key available via finger. GCS/M/S d>++ s: a--- C++++ UL++++ P+ L++++ E- W+(++) N+++ K+++ w--- O- M-- V-- PS+++ PE+ Y++ PGP++(+++) t 5+++ X+ R+++ tv+ b+ DI(+) D G+++ e>+++++ h+ r y? From stripes at va.pubnix.com Wed Aug 9 17:59:48 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Wed, 9 Aug 95 17:59:48 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) In-Reply-To: <199508092259.PAA10092@jobe.shell.portal.com> Message-ID: In message <199508092259.PAA10092 at jobe.shell.portal.com>, Hal writes: >I suppose the unstated implication is that this might be Skipjack. I don't suppose anyone has access to Skipjack to verify or refute this claim? [...much intresting analisys deleted...] > In addition to the points >mentioned it is curious that the G arrays are initialized with a list of >256 values rather than taking advantage of the apparent regularities >noted. It is fairly simple to cut & paste 10 values ~25 times, it is harder to write and verify code to initilize the array. More intresting is that Gx[i % 10] is faster then a stright index on many systems (anything you could expect cache line conflicts or cache capacity overfills on, and supports a modulis signifigantly faster then the first few parts of the memory hierachy). Also note that the code may have been written from a dissasembled binary rather then a hardware spec. [...] >Hal Finney >hfinney at shell.portal.com > From solman at MIT.EDU Wed Aug 9 18:05:40 1995 From: solman at MIT.EDU (solman at MIT.EDU) Date: Wed, 9 Aug 95 18:05:40 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) In-Reply-To: <199508100000.UAA07792@crypto.com> Message-ID: <9508100105.AA11391@ua.MIT.EDU> On a fair number of occassions I have been told that federal type folks have made statements to the effect that there is no such thing as a "TOP SECRET" classification of US government docs. Since really secret things tend to get neither confirmed nor denied, I am inclined to believe this. Thus SECRET is the top classification in today's government/military. If anybody knows otherwise I would be interested in the information. JWS From mab at crypto.com Wed Aug 9 18:08:53 1995 From: mab at crypto.com (Matt Blaze) Date: Wed, 9 Aug 95 18:08:53 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) In-Reply-To: <9508100105.AA11391@ua.MIT.EDU> Message-ID: <199508100116.VAA08345@crypto.com> >On a fair number of occassions I have been told that federal type folks >have made statements to the effect that there is no such thing as a "TOP >SECRET" classification of US government docs. Since really secret things >tend to get neither confirmed nor denied, I am inclined to believe this. >Thus SECRET is the top classification in today's government/military. If >anybody knows otherwise I would be interested in the information. > >JWS Well, I don't hold (and have never held) a clearance, but I've seen declasified/sanitized documents that have crossed out "TOP SECRET" markings all over them. -matt From ghio at cmu.edu Wed Aug 9 18:19:47 1995 From: ghio at cmu.edu (Matthew Ghio) Date: Wed, 9 Aug 95 18:19:47 PDT Subject: this looked like it might be interesting In-Reply-To: <199508091852.UAA23821@utopia.hacktic.nl> Message-ID: Hmm.. This is interesting indeed. It is a 32-round cipher operating on a 64-bit block. It has an 80-bit key with a 16-bit cryptographic checkword. This seems a lot like a certain hardware-based encryption system some TLA spooks were pushing about a year ago. If this isn't Skipjack, someone sure went to a lot of trouble to make it look like skipjack. It's also possible that it is an early development version of what later became Skipjack/Clipper. It is dated February 1989 and July 1991, which would be consistent with NSA's claim that they had been working on Skipjack for about 5 years. It also mentions a "S-2" revision. It'd be interesting to try to see if it will interoperate with a real clipper chip, but I wouldn't bet on it. Hal Finney noticed that the coding style seems sloppy or amateurish. This is probably just an attempt by the programmer to hide his tracks. The RC4 stuff also had unnecessary operations in it, presumably for the same reason. Hal also comments on the use of XOR instead of bit permutations as in DES, and the use of 8-bit table sizes, which would make a software implementation easier. This is odd, considering that the algorithm purports to be designed for hardware. However, NSA did say that part of the clipper algorithm was in software, which was designed to be erased if the chip was tampered with... From tcmay at got.net Wed Aug 9 18:34:58 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 9 Aug 95 18:34:58 PDT Subject: This summer's special delivery? Message-ID: At 11:59 PM 8/9/95, Matt Blaze wrote: >Someone sent me (to my bell labs address) a copy of this this afternoon via >an anon server in the netherlands. It looks like others got it as well, and >it appears to have been posted to the cypherpunks list, though it hasn't >yet shown up here from the list (my mail seems to be slow today). Did >anyone else have a copy mailed directly to them? I got a copy mailed to me directly as well. I don't know why he/she/it sent it me, but I got it. I have nothing further to add on this. But recall that it was just about this time last year--just before Crypto--that the "alleged RC4 code" was posted anonymously to the list. Hmmhhh.... --Tim May Special note: My ISP has changed its domain name from "sensemedia.net" to "got.net" (as in "got milk?"), so I have to again ask you all to bear with me and use my new e-mail address, "tcmay at got.net". ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From perry at panix.com Wed Aug 9 18:35:44 1995 From: perry at panix.com (Perry E. Metzger) Date: Wed, 9 Aug 95 18:35:44 PDT Subject: Only 1/3 of Government Computers Down So Far In-Reply-To: <01HTVAYUCH6W90PB08@delphi.com> Message-ID: <199508100134.VAA03975@panix4.panix.com> KALLISTE at delphi.com writes: > Many people are interested in cryptology because they don't > want the NSA (among others) invading their privacy. So, the question is this: do people want to follow the standard "ooh, lets shudder at the conspiracy theories" track, and fall flat on their faces, or do they want to see cryptography implemented and widely deployed? The noise levels on this list have driven most of the important crypto types off it. People like Phil Karn and Steve Bellovin, who actually implement stuff, aren't here any more. Instead, we have a vast flood of ciphergroupies who love to post the latest funny bit they found on the net, discuss whether David Koresh was being unfairly persecuted, and how many bits of toe lint they found last week. What we used to have was the cafe where the politically motivated cryptographers hung out and gossiped. Now we have an open sewer in which the occassional pearl still floats, and the cryptographers are mostly gone. Those of us who want to discuss cryptography here have been displaced. If your goal is to impede communication about cryptography, you've admirably succeeded. You've cut off one more place where people were discussing how to deploy real-world solutions. Tim May is wrong. I don't care what you call a "cypherpunk" -- thats your business. However, the useful people *are* the people who write code, spend long hours working to get standards implemented, work lobbying in Congress, etc. Those of you who just rant, like Tim, were very useful two years ago, but its getting rather thin listening to you guys make it impossible to discuss real work while you blather. (Sorry, Tim. However, as long as you are going to call me "abusive" I might as well speak my mind. If you are going to do the time, might as well do the crime.) > The Foster story concerns the chief NSA privacy-invasion of modern > times: spying on domestic banking transactions. So it's relevant. Actually, what you've been posting has been even below the standards of journalistic integrity (i.e. few) that you find on a Pacifica radio station. I don't even care if all the conspiracies are real. Isn't what is out in the open enough? If the invasions of privacy that the government acknowledges and the crap like Clipper that they try to foist on us isn't horrifying enough, what weak-assed conspiracy theory that someone came up with while tripping is going to do it for you. Reality is frightening enough. FINCEN is real. The NSA really spied on people at least until the congressional hearings in the '70s. The government really invades privacy every day. Why do I need crap? > The Grand Inquisitor role is getting a little old. So if > you want to continue to play it, my response is: Fuck Off. > > -Orlin Frankly, Orlin, I think you are, with respect to the goals we are trying to advance here, a useless lump of flesh. I've spent about $50,000 of my own money trying to make the internet safe for root-eaters like yourself. I've spent months of my life struggling to get RFCs out, and I'm spending most of this month locked in my apartment writing code. Right now, we are coordinating an effort to try to get get IPSEC widely implemented in the next several months and deployed by spring. What do you do, exactly, other than generate chaff to make it impossible for any real work to be seen on the radar? When people bring up real work, like cryptographic libraries or Wei's stuff or the work I've been doing in the IETF and that sort of thing people like Matt Blaze notice, and maybe Ray Cromwell and Hal Finney (cypherpunks both, not ciphergroupies) try to discuss things, but the folks like you basically drown everything out by making more noise about random conspiracy garbage. Frankly, if anyone is helping the NSA, its you. They don't want to see universally deployed crypto. You could be out trying to spread cryptography by coding, by handing people crypto when they need it, or any one of dozens of other things. Instead, what you are doing is making it impossible for people to try to get work done. I have no idea what you are like personally. Maybe you're a nice, smart guy. Maybe you are really a useful person in your other life. However, I don't think your posting more conspiracy tracts is improving life as we know it. You have become an impediment -- a lump of rock in the highway. You aren't part of the solution -- you are part of the problem. Perry From perry at panix.com Wed Aug 9 19:06:51 1995 From: perry at panix.com (Perry E. Metzger) Date: Wed, 9 Aug 95 19:06:51 PDT Subject: This summer's special delivery? In-Reply-To: Message-ID: <199508100206.WAA08666@panix4.panix.com> Timothy C. May writes: > >Someone sent me (to my bell labs address) a copy of this this afternoon via > >an anon server in the netherlands. > I got a copy mailed to me directly as well. I don't know why he/she/it sent > it me, but I got it. Ditto for me. I haven't had time to examine it in detail yet, but... My impuse is to assume its a hoax but examine it in detail. Anyone have a Tessera card to test it against? .pm From perry at panix.com Wed Aug 9 19:14:34 1995 From: perry at panix.com (Perry E. Metzger) Date: Wed, 9 Aug 95 19:14:34 PDT Subject: IPSEC goes to RFC Message-ID: <199508100214.WAA28860@panix2.panix.com> RFCs 1825, 1826, 1827, 1828, and 1829 came out today. These RFCs describe in detail the IPSEC protocol, which is designed to secure the internet from the ground up. IPSEC permits the cryptographic encapsulation of all your IP traffic, which means all your internet communications. IPSEC is now a Proposed Standard. Please read them and help us in the effort to universally deploy this protocol. Still to come will be a key management system. The current notion is to store RSA keys in the DNS -- a proposal to do this made by Eastlake and Kaufman has been accepted by the IETF. Eastlake is now working on a certificate format that will be an alternative to X.509. The keys will be used by a modified version of the STS protocol (a signed Diffie-Hellman exchange) that is being worked on by Phil Karn -- the key management system is to be called "Photuris" and is currently an internet draft. Again, *we need your help*. Cypherpunks write code. Help us make the internet safe for personal privacy by contributing to this effort. Perry From gt7508b at prism.gatech.edu Wed Aug 9 19:15:22 1995 From: gt7508b at prism.gatech.edu (PHrEaK!) Date: Wed, 9 Aug 95 19:15:22 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) (fwd) Message-ID: <199508100215.WAA05968@acmex.gatech.edu> Forwarded message: > On a fair number of occassions I have been told that federal type folks > have made statements to the effect that there is no such thing as a "TOP > SECRET" classification of US government docs. Since really secret things > tend to get neither confirmed nor denied, I am inclined to believe this. > Thus SECRET is the top classification in today's government/military. If > anybody knows otherwise I would be interested in the information. > > JWS > In high school I was in JROTC and was put in charge of security for our batallion. I read the army's guides to physical security. These books were dated early 80's and late 70's, so the situation might have changed, but I doubt it. They denoted three information security clearance levels. CLASSIFIED, SECRET, and TOP SECRET. If TOP SECRET doesn't exist now, it definately did just a few years ago. -- =-=-=-=-=-=-= Tom Cross AKA The White Ninja / Decius 6i5 */^\* -=-=-=-=-=-=-=- -=-=-=-=-=- TWN615 at mindvox.phantom.com GT7508B at prism.gatech.edu =-=-=-=-=-=-= =- "Government is not a reason, not an eloquence; it is a force. Like fire, =- -=- it is a dangerous servant and a fearful master." -- George Washington -=-= From jcaldwel at iquest.net Wed Aug 9 19:37:30 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Wed, 9 Aug 95 19:37:30 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) (fwd) In-Reply-To: <199508100215.WAA05968@acmex.gatech.edu> Message-ID: PHrEaK! wrote: > > Forwarded message: > > On a fair number of occassions I have been told that federal type folks > > have made statements to the effect that there is no such thing as a "TOP > > SECRET" classification of US government docs. Since really secret things > > tend to get neither confirmed nor denied, I am inclined to believe this. > > Thus SECRET is the top classification in today's government/military. If > > anybody knows otherwise I would be interested in the information. > > > > JWS > In high school I was in JROTC and was put in charge of security for our > batallion. I read the army's guides to physical security. These books > were dated early 80's and late 70's, so the situation might have changed, > but I doubt it. They denoted three information security clearance levels. > CLASSIFIED, SECRET, and TOP SECRET. If TOP SECRET doesn't exist now, it > definately did just a few years ago. _ Actually there is one other For Official Use Only (FOUO), not as bad a penelty if these docs get out. -- So you may wonder -- "But what does that have to do with me?" Answer: I have locked horns with "The Devil", buddy boy, and compared to him, you ain't sh**. Brian Francis Redman to Chip Berlet From tbyfield at panix.com Wed Aug 9 20:01:42 1995 From: tbyfield at panix.com (Ted Byfield) Date: Wed, 9 Aug 95 20:01:42 PDT Subject: >actual< classification categories Message-ID: I have copies of declassified documents with the following markings: secret (1985) top secret (1986) classified (1984) confidential (1985) eyes only (1986) Some have various combinations, such as: secret/sensitive top secret/sensitive eyes only/top secret/sensitive This isn't a complete list, but it's better than idle speculation. The vast majority of declassified paper documents that I've seen (not a small number) have explicit statements regarding _who_ is allowed to see it, _how_ they are allowed to move and/or distribute it, control #s and copy #s, semicomprehensible strings of characters, and so on; many have thiings like destruction instructions and expiry dates. More and more, slight variations are being introduced into each version for purposes of compartmentalization. It's conceivable that this is the source of the typo Hal spotted, but I doubt it. The fact that specific instrux were relegated to a separate "label file" seems very suspect; the fact that the warning tag is tacked onto the end is maybe noteworthy--it's in a different format, which is possibly odd, but it might've been put there for silly theatrical purposes. Basically, "top secret" without further comment is James Bond stuff, since in and of itself it doesn't tell those who need to know what they need to know. My guess is that someone stuck the "top secret" stuff on the beginning and end of something they found. But that doesn't make it a hoax, necessarily. Ted From adam at bwh.harvard.edu Wed Aug 9 20:10:19 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 9 Aug 95 20:10:19 PDT Subject: IPSEC goes to RFC In-Reply-To: <199508100214.WAA28860@panix2.panix.com> Message-ID: <199508100310.XAA11723@bwh.harvard.edu> Perry wrote: | RFCs 1825, 1826, 1827, 1828, and 1829 came out today. | | These RFCs describe in detail the IPSEC protocol, which is designed to | secure the internet from the ground up. IPSEC permits the | cryptographic encapsulation of all your IP traffic, which means all | your internet communications. | | IPSEC is now a Proposed Standard. | Again, *we need your help*. Cypherpunks write code. Help us make the | internet safe for personal privacy by contributing to this effort. How about posting a list of 'things that need doing?' I assume one is floating around, possibly even with time estimates? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From hfinney at shell.portal.com Wed Aug 9 21:05:00 1995 From: hfinney at shell.portal.com (Hal) Date: Wed, 9 Aug 95 21:05:00 PDT Subject: "S1" encryption system Message-ID: <199508100403.VAA20160@jobe.shell.portal.com> Sorry, yet another correction: the G1 box, G[1][i], is parity(i&0x17), not parity(i) as I said, where parity is 0 or 1 depending on whether its argument has an even or odd number of 1 bits. I have checked via a small program that this is correct and that the earlier formula I posted for G0 is correct. Hal From hfinney at shell.portal.com Wed Aug 9 21:22:48 1995 From: hfinney at shell.portal.com (Hal) Date: Wed, 9 Aug 95 21:22:48 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) Message-ID: <199508100421.VAA22301@jobe.shell.portal.com> A couple of people have indicated that they did not see the original posting. I changed the subject heading in my followup. The original message was posted under the subject title, "this looked like it might be interesting". At least one person had commented on the similarity to Skipjack which is what prompted me to look at it a little more closely. Hal From sommerfeld at orchard.medford.ma.us Wed Aug 9 21:48:01 1995 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Wed, 9 Aug 95 21:48:01 PDT Subject: "S1" encryption system In-Reply-To: <199508092310.QAA11567@jobe.shell.portal.com> Message-ID: <199508100443.EAA00611@orchard.medford.ma.us> -----BEGIN PGP SIGNED MESSAGE----- BTW, I compiled it and confirmed that decryption is the inverse of encryption for at least one (key, plaintext) pair.. > BTW I just was starting to look at the key scheduling and I noticed that > fullkey is indexed in its 2nd slot by i*2 where i goes from 0 to 31, but > is only declared as being 32 in size in that slot. So I think this is > another typo, probably the index should be i. This kind of thing does > not inspire confidence... It looks very much like the sort of typo you would get from a mistranslation from assembly language if the target architecture had a *4-bit* processor. (This is also consistant with the "<<4"'s which show up in several places in the code). The typo is consistant -- it shows up every time the key schedule is referenced; it looks like a semi-mechanical translation was done.. - Bill -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBMCmOdbT+rHlVUGpxAQFdNQP+I5lvR0itV0l2ypGF7EGGKrYcTnSNa0Fn UqD7IIQ/BqViSeoXFHWzWJ5KUj9+y9RuKmwnMGGrlxRunZSDUya4VX0PZOX0bP4K rbtu2j2H33cIrDPA+POvVYNAXBj3Sw1paIVf/07937oDZfdsqrn8c4rgXEeMgk4U aoH4lpMfxY8= =dd0O -----END PGP SIGNATURE----- From liberty at gate.net Wed Aug 9 21:52:02 1995 From: liberty at gate.net (Jim Ray) Date: Wed, 9 Aug 95 21:52:02 PDT Subject: Hail South Florida Cypherpunks!! Message-ID: <199508100449.AAA17358@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- [All the rest of ye can delete this message now, with my sincere apologies, and return to the regularly scheduled flamewar. ] HEAR YE, HEAR YE, the inaugural meeting of South Florida's Brew Crew O' (Cypherpunks), is scheduled for Saturday, August 12 at Ye Olde Riverwalk Brewery in Ft. Lauderdale. Good ale, good discussion and good friends will hopefully be a highlight of the fest. And should the invited Dark Knights (cops) arrive [we're expecting one] a lively jousting contest will ensue (the loser will be ceremoniously placed in the C-punk stockade and force fed Clipper Chips). Should Sen. Exon, the evil Sheriff of Congressham (or was that Congresspork?) attend our noble round table, we will have a hanging in the town square, preceded, of course by the traditional legume toss. [Beano, anyone?] There will be a short speech by my friend Ginger who is fresh back from Las Vegas-shire and the DefCon III convention. She will describe what it's like to be one of the few wenches at a conference full of male hackers [guys, it looks like we're all in for some trouble!]... If one of ye brings a PGP-infested notebook, there may even be a keysigning! We can even discuss the recent "spooky" psoting to the list. Anyway, _everyone_ is invited! Peasants, squires, lords and ladies, jesters, knights, and royalty, a chair and ale await ye all. Feel free to invite any south-Floridians not on the list. No need to RSVP, (ye olde e-mail box is full-to-overflowing already), just show up around 5:00 and have fun! The Riverwalk Brewery isn't exactly Sir May's house, but here are the stats: Riverwalk Brewery 111 SW 2nd Avenue Ft. Lauderdale, FL 33301 (305) 764-8448 >From Miamishire: I-95 North to Broward Blvd., Take Broward East (right) 2 miles to Moffat (just before RR tracks), Turn Right, second building on the right. >From Palm Beachshire: I-95 South to Broward Blvd., Take Broward East (left) 2 miles to Moffat (just before RR tracks), Turn Right, second building on the right. Specialty Beers: - Marlin's Light, Blackbeard's Gold, and Riverwalk Red. Dark Specials: - Offered on rotation: Panther's Porter, Swampwater Stout, Black Marlin Oatmeal Stout, Ramsey's Imperial Stout. Brewmaster's Special - changes monthly Pints $3.00 / 10oz Mugs $2.50 Happy Hour 4-7pm Pints $2.50 Appetizers Chicken Fingers, Wings, Spinach Dip, Calamari, [Mmmm...tentacles! :) ] Italian Baked Ziti, Fried Mozzarella, Potato Skins. ($4.50-$5.95) Soups & Salads Onion Soup, "Geek"/Caesar/Chef Salad, Souvlaki, Chicken Kebab ($3.50-$7.50) Dinner (Sorry, Dragon meat is unavailable.) New York Strip Steak, Grilled Twin Pork Chops, Shish Kebab, Chicken Marsala, "Shaslik of Steer" ??? (whatever *that* is), Grilled Sirloin Beef Tips, Grilled/Kebab Swordfish, Grilled Mahi-Mahi [dolphin], Cajun Chicken Fettucini ($10.95-15.95) Sandwiches & Burgers Burger/Cheeseburger, Chicken/Mahi Mahi [dolphin] Sandwiches ($5.95-$6.95) Dinners served 'till 11:00pm, Sandwiches served 'till 11:30pm, Bar closes at 1:00am., party will [probably] end before that. Ready your mounts and make haste! Ging and I will arrive ~5:00pm to partake of happy hour and fight back any invading hordes for a table. One of us (Ginger) may even be wearing a "munition," so watch out. I will wear my red "Hillary" headband. Hope to see you there! :) Ging. & Jim. JMR - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMCmKv21lp8bpvW01AQH0BAQAgZNgdkA/6zdMeHXdD1djYN2/yuw8th53 cftYhVxvdA65qMSAlgZPR2NN+2RC16LhAvLS3E3g2OuSRIpbI/V1OcvpcMG1/JvB HTs1mxhsQrF8YwrUMhe4gOxftXryeR7lalmMBhfka2kpmeZNN2Cev52WQgr8ahWQ NZ20pnfDhLY= =dAdE - -----END PGP SIGNATURE----- Regards, Jim Ray "The people will again respect the law when the law again respects the will of the people." Jim Ray, Campaign '92 - ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 - ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMCmPtioZzwIn1bdtAQFmTQF/SHKgZ/eKjEvBY4HBkDPKIMqpbiCP1agy aFuGk5ly6YePLPHo2bEn0KWIvrqSrd9j =f+JI -----END PGP SIGNATURE----- From unicorn at access.digex.net Wed Aug 9 21:54:06 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 9 Aug 95 21:54:06 PDT Subject: NSA, NRO, and Keeping Secrets In-Reply-To: Message-ID: On Thu, 3 Aug 1995, Timothy C. May wrote: > Date: Thu, 3 Aug 1995 13:49:35 -0700 > From: Timothy C. May > To: Childers James , Jim Ray > Cc: cypherpunks at toad.com > Subject: NSA, NRO, and Keeping Secrets > > At 7:50 PM 8/3/95, Childers James wrote: > > >I'm afraid I don't follow. Are you saying that the NSA is assuming a more > >public role because (apparently) stong crypto is now widely available to > >the public? I don't see the connection between A and B if this is what > >you are claiming. > > > >Unless they're gearing up for a PR campaign... I wonder how the NSA has > >been portrayed in Hollywood in the past. I've just seen them mentioned in > >one movie I can think about ("Crimson Tide"). Anyone else know of references? > > The NSA has been mentioned in many recent movies, even in television shows > (like "The X Files"). I haven't been keeping a list, but the last Clancy > movie, "A Clear and Present Danger," had references. And in more than one > movie the reference to "NSA agents" doing various things is made. > > The NSA has a high profile today. "No Such Agency" is clearly marked as an > exit on the Baltimore-Washington highway, and of course even has a museum > open to the public. > > Even the National Reconnaissance Organization is public knowledge, partly > because of the Burrows book "Deep Black," and partly because of the > controversy over the huge building out near Dulles Airport. > > Some things are mostly secret, though. The cover of Consular Operations was > almost blown some years back by former agent Ludlum, but ConsOps has faded > back into obscurity. Then there are the e-systems like companies, operating in the U.S., often conducting operations under the guise of corporations yet ducking below the umbrella of "classified information" at the first sign of a suit. Yet, the employees walk about armed and turn up with bugging equipment in drug trafficker's neighborhoods. e-systems is just the latest to be under public scrutiny. Is it any wonder the government has begun to lean heavily on corporations where traditional institutional secrecy has been circumvented by FOIA and such? Hell, e-systems is publically traded, dekalg has been talking about initial public offerings for months. There is perhaps more protection in the corporation of former intelligence types than in any agency. I commented before that NRO and NSA were public relations savvy now because most of the deeply hidden projects had found their way elsewhere. > > --Tim May > > .......................................................................... > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at sensemedia.net | anonymous networks, digital pseudonyms, zero > 408-728-0152 | knowledge, reputations, information markets, > Corralitos, CA | black markets, collapse of governments. > Higher Power: 2^756839 | Public Key: PGP and MailSafe available. > "National borders are just speed bumps on the information superhighway." > > > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From nzook at bga.com Wed Aug 9 21:57:03 1995 From: nzook at bga.com (Nathan Zook) Date: Wed, 9 Aug 95 21:57:03 PDT Subject: Classification levels (was: Re: "S1" encryption system (was: this looked like it might be interesting) (fwd)) In-Reply-To: Message-ID: On Wed, 9 Aug 1995, James Caldwell wrote: > PHrEaK! wrote: > > > > In high school I was in JROTC and was put in charge of security for our > > batallion. I read the army's guides to physical security. These books > > were dated early 80's and late 70's, so the situation might have changed, > > but I doubt it. They denoted three information security clearance levels. > > CLASSIFIED, SECRET, and TOP SECRET. If TOP SECRET doesn't exist now, it > > definately did just a few years ago. > _ > Actually there is one other For Official Use Only (FOUO), not as bad a > penelty if these docs get out. > I was in the USAF 1987-1990, Tenn ANG 1990-1. Documents are classified to five levels: EEFI: Essential Elements of Friendly Information-- pieced together, documents containing EEFIs may compromise classified info. Usually, documents containing EEFIs are classified FOUO, but it is not required. FUOU: Usually not considered damaging by themselves. FUOU documents are not considered classified, per se. CONFIDENTIAL: SECRET: TOP SECRET: These three differ in a matter of degrees. Secret/Top Secret information may cost lives, or millions of $. All TOP SECRET information is automatically given an SCI (Special Compartmentalized Information) Category, and placed on a NTK (Need To Know) only access. Many of the SCI abbreviations are themselves classified TS. (The only one I know is "Q"--Nuclear.) Each time clearance is extended to a new SCI, a new security background check must be made. If you have clearance Q, and you want to see the plans for the MX, you had better be able to demonstrate NTK (usually from orders). And no--there is no way under the sun that TS is going to be removed any time soon. Nathan From nzook at bga.com Wed Aug 9 22:01:42 1995 From: nzook at bga.com (Nathan Zook) Date: Wed, 9 Aug 95 22:01:42 PDT Subject: Prime Number Gen's. In-Reply-To: <199508091413.KAA00112@clark.net> Message-ID: On Wed, 9 Aug 1995, Ray Cromwell wrote: > Nathan Zook wrote: > > > don't have a GNU ftp site to hand. > > > > > > There's a function > > > > > > int mpz_probab_prime_p(mpnum, SURETY) > > > > > > which returns true if the prime passes SURETY probablistic prime tests. > > > > > > I think if it passes say 25 tests, then there will be less than a > > > 1/2^25 chance that it is not prime. > > > > > > Also, on: > > > > > > http://dcs.ex.ac.uk/~aba/rsa-keygen.html > > > > > > > The proper thing to do is to then search for a number which demonstrates > > p is prime.... > > And how do you do this? I'm not aware of any deterministic primality > test which isn't atleast as hard as factoring. P-1 factorial is such > a number which could demonstrate P is prime (compute the gcd, check if > they are relatively prime). Good luck computing it. > > -Ray Common, Ray! floor(sqrt(p))! would work fine.... ;-) Seriously, at least 1/4 of the numbers between can p and 0 prove that p is prime. So you try for a while. If you don't get it, you can flip back. I apologize for being so vague. I don't have the paper I read a couple years ago in front of me. You might contact your local math department & ask... Nathan From nzook at bga.com Wed Aug 9 22:12:59 1995 From: nzook at bga.com (Nathan Zook) Date: Wed, 9 Aug 95 22:12:59 PDT Subject: There's a hole in your crypto... In-Reply-To: <9508070918.AA19988@cs.umass.edu> Message-ID: On Mon, 7 Aug 1995, Futplex wrote: > No crypto/privacy relevance, delete or flame now.... > > Nathan writes: > > This is why the "not a Turing machine" assertion that the "Professor" is > > important. We know that Turing machine is undecidable, so if we want to > > limit behavior, we can't have one. BUT---we don't know that being a > > Turing machine is equivalent to having "unpredictable" behavior. > > Furthermore, a "proof" of the "not a Turing machine" assertion is going > > to have to be done by--you guessed it--a computer. And this computer is > > running a program which definitely IS a Turing machine, if it is capable > > of "proving" that other (suitably non-trivial) programs are not Turing > > machines. > > I think this is a bit misguided. The Turing machine (TM) is an extremely general > abstract model of computation. The gargantuan hunk of code that runs the > Space Shuttle can be viewed as a Turing machine, as can a "Hello world" program > written in Visual BASIC. So, there's not really a question about whether or > not we're talking about Turing machines (unless perhaps you want to discuss > quantum theorem provers and QTMs :) If a statement is vacuous, it needs refining :-). If I were to state that "Program X is not a Turing Machine", I would be stating that program X does not model all Turing machines throught its input. It is the ability of some Turing machines to model all Turing machines through their input that makes them undecidable. > Now, Rice's Theorem says that all non-trivial properties of TMs are undecidable. > If I pick a "non-trivial" property, I can't conceivably build a TM ("write a > program", if you like) that, upon input of the specification of an arbitrary TM, > can tell whether or not that TM exhibits the property I picked. This does not > mean that I can't decide whether some particular TMs have that property or not -- > I can. I just can't write down a procedure that handles the general case. The problem here is that it is the interesting cases with which we are concerned. If someone wants to write a computer program to "verify" my proof of the RSA algorithm, fine. But I have to be convinced that there program does what they claim before I care. And since their program takes mathematical theorems as input, it is already demonstrating near-Turing ( :-P) behavior. > Also, this theorem clearly hinges on the meaning of "trivial". From what I've > seen, a very strict interpretation is largely appropriate; nearly everything > except the least exciting of trivial low-level properties of TMs seems to come > out to be "non-trivial" in this regard. The proof of the theorem is more > precise about this, naturally, but I've found this useful as a working > colloquial definition. I'll buy that. > -Futplex Nathan From jlasser at rwd.goucher.edu Wed Aug 9 23:19:09 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Wed, 9 Aug 95 23:19:09 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) In-Reply-To: <199508100000.UAA07792@crypto.com> Message-ID: On Wed, 9 Aug 1995, Matt Blaze wrote: > I don't know what to believe. If this is a real, classified cryptosystem, > it would be a very unusual first. On the other hand, if this is a hoax, > whoever did it appears to have gone to some trouble, and has included some > interesting design features. A third possibility, if we are to believe > the spook markings, is that it is a re-implementation of someone else's > cryptosystem, created for the purpose of cryptanlysis. Two other possibilities: (1) It's merely an independently produced cryptosystem disguised as a "leak" to save its creator the trouble of asking experts to analyze it for him/her. (2) It's a misleading / intentionally "wrong" version of something, "leaked" by a government official of whatever ilk to precipitate a legal investigation of Cypherpunks, remailers, etc. (ie to show a judge to get wiretaps, etc.) I'm skeptical of (2), but it occured to me, and one can't be too safe... Jon ------------------------------------------------------------------------------ Jon Lasser (410) 494-3253 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From unicorn at access.digex.net Wed Aug 9 23:20:26 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 9 Aug 95 23:20:26 PDT Subject: Sat phone permit "wire"taps In-Reply-To: <199508010141.AA02724@tyrell.net> Message-ID: On Mon, 31 Jul 1995, Phil Fraering wrote: > Date: Mon, 31 Jul 1995 20:41:37 -0500 > From: Phil Fraering > To: stewarts at ix.netcom.com > Cc: hoz at univel.telescan.com, cypherpunks at toad.com > Subject: Sat phone permit "wire"taps > > Bill, I also understood that the Walkers also leaked to the Soviets > details on U.S. submarine sonar operating procedures. > > _Anyway_, my point was, if they can't keep _that_ secret, I doubt > they'd be able to keep secret the details/keys for activating the > backdoor on whatever artificially weakened system they're forced to > use (if they are). > > Phil > What the walkers really gave over was the ability to decode U.S. Naval and some diplomatic ciphers through the surrender of codebooks, procedures, keycards and repair manuals for the crypto hardware. The resulting traffic and crypto analysis was backbreaking- and valuable enough to make Walker Sr. the best paid spy to that date in the Soviet scheme of things. Sov's discovered their traffic was being read on the Ivy line by listening to naval and diplomatic communication referencing it directly- and a little bit of selective transmission to confirm the source of intelligence. (The U.S. played a similar trick on the Japanese to verify Midway as their target in the Pacific- they were reading Purple and the JN-12 and JN series flawlessly at the time) Sov's discovered their subs were being tracked with amazing ease by listening to U.S. Naval anti-sub communications and reports. The result: Directed attention to the noise emmisions of their sub fleet, something they might have overlooked for years otherwise. The grand result: Among others: Stronger Soviet Encryption, and the purchase from Japan of high precision milling equipment which allowed the Sov's to produce perfected and hyper quiet propellers for their subs- they jumped 10 years in technology in 12 months. The most damaging and most coveted espionage information is cryptanalysis. Period. --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From tbyfield at panix.com Thu Aug 10 00:38:13 1995 From: tbyfield at panix.com (Ted Byfield) Date: Thu, 10 Aug 95 00:38:13 PDT Subject: PGPFOne article in MacWeek URL Message-ID: MacWeek News Aug 7, Vol 9 No 31 "PGPFone locks down phone conversations," by Robert Hess From mab at crypto.com Thu Aug 10 01:45:04 1995 From: mab at crypto.com (Matt Blaze) Date: Thu, 10 Aug 95 01:45:04 PDT Subject: "S-1" key schedule Message-ID: <199508100853.EAA13204@crypto.com> Well, I have to admit I've been staying up late playing with the "S-1" cipher that was posted here earlier. Hal Finney already noted what is clearly a bug in the code; only half the key schedule is ever used, and only in the first 16 of the 32 rounds. Even assuming that that is a typo rather than intentional, "S-1" still appears to suffer from key-related weaknesses. The key expansion function in "S-1" produces a skewed key schedule given uniformly distributed 80 bit input keys. Here's a histogram of the distribution of key schedule bytes produced by all 2^32 ways of generating each byte (each key schedule byte is a function of the F functions applied to four selected input keys bytes). The expected value for each line is 16777216. For just about any conventional block cipher, (e.g., DES) we'd expect this graph to be absolutely flat. Yet here some values are more than 5% away from expected. This behavior appears to be a consequence of the non-uniform distributon of "S-1"'s F output values, which are used to create the expanded key. This does not bode well for "S-1"; it means that some key bytes are applied against the ciphertext slightly more often than others, even when the input key itself is uniformly chosen. (Ditto for the outputs of the F functions themselves, even when their inputs are uniformly distributed, but that's still another story). Still, this may not be fatal; the key schedule is still much larger than the keyspace, so there might not be any easy way for the cryptanalyst to exploit this property to any great advantage. It is possible that the cipher's structure somehow cancels this out in some non-obvious way that manages to provide a flat 2^80 keyspace, but it's hard to see exactly how. My money still says the "TOP SECRET" markings and other clues that suggest that "S-1" has something to do with Skipjack are a hoax. -matt key number val produced #/exptd -- -------- ------- 00 = 16396100 (0.977) *************************************************** 01 = 16153930 (0.963) ************************************************** 02 = 15820450 (0.943) ************************************************* 03 = 16197600 (0.965) ************************************************** 04 = 16142020 (0.962) ************************************************** 05 = 15907790 (0.948) ************************************************* 06 = 16300820 (0.972) ************************************************** 07 = 16471530 (0.982) *************************************************** 08 = 16439770 (0.980) *************************************************** 09 = 16165840 (0.964) ************************************************** 0a = 16126140 (0.961) ************************************************** 0b = 16693850 (0.995) **************************************************** 0c = 16503290 (0.984) *************************************************** 0d = 16221420 (0.967) ************************************************** 0e = 15931610 (0.950) ************************************************* 0f = 16705760 (0.996) **************************************************** 10 = 16933000 (1.009) **************************************************** 11 = 16682900 (0.994) **************************************************** 12 = 16338500 (0.974) *************************************************** 13 = 16728000 (0.997) **************************************************** 14 = 16670600 (0.994) **************************************************** 15 = 16428700 (0.979) *************************************************** 16 = 16834600 (1.003) **************************************************** 17 = 17010900 (1.014) ***************************************************** 18 = 16978100 (1.012) ***************************************************** 19 = 16695200 (0.995) **************************************************** 1a = 16654200 (0.993) **************************************************** 1b = 17240500 (1.028) ***************************************************** 1c = 17043700 (1.016) ***************************************************** 1d = 16752600 (0.999) **************************************************** 1e = 16453300 (0.981) *************************************************** 1f = 17252800 (1.028) ***************************************************** 20 = 16916480 (1.008) **************************************************** 21 = 16666624 (0.993) **************************************************** 22 = 16322560 (0.973) *************************************************** 23 = 16711680 (0.996) **************************************************** 24 = 16654336 (0.993) **************************************************** 25 = 16412672 (0.978) *************************************************** 26 = 16818176 (1.002) **************************************************** 27 = 16994304 (1.013) ***************************************************** 28 = 16961536 (1.011) ***************************************************** 29 = 16678912 (0.994) **************************************************** 2a = 16637952 (0.992) *************************************************** 2b = 17223680 (1.027) ***************************************************** 2c = 17027072 (1.015) ***************************************************** 2d = 16736256 (0.998) **************************************************** 2e = 16437248 (0.980) *************************************************** 2f = 17235968 (1.027) ***************************************************** 30 = 16416750 (0.979) *************************************************** 31 = 16174275 (0.964) ************************************************** 32 = 15840375 (0.944) ************************************************* 33 = 16218000 (0.967) ************************************************** 34 = 16162350 (0.963) ************************************************** 35 = 15927825 (0.949) ************************************************* 36 = 16321350 (0.973) *************************************************** 37 = 16492275 (0.983) *************************************************** 38 = 16460475 (0.981) *************************************************** 39 = 16186200 (0.965) ************************************************** 3a = 16146450 (0.962) ************************************************** 3b = 16714875 (0.996) **************************************************** 3c = 16524075 (0.985) *************************************************** 3d = 16241850 (0.968) ************************************************** 3e = 15951675 (0.951) ************************************************* 3f = 16726800 (0.997) **************************************************** 40 = 16908220 (1.008) **************************************************** 41 = 16658486 (0.993) **************************************************** 42 = 16314590 (0.972) ************************************************** 43 = 16703520 (0.996) **************************************************** 44 = 16646204 (0.992) **************************************************** 45 = 16404658 (0.978) *************************************************** 46 = 16809964 (1.002) **************************************************** 47 = 16986006 (1.012) ***************************************************** 48 = 16953254 (1.010) **************************************************** 49 = 16670768 (0.994) **************************************************** 4a = 16629828 (0.991) *************************************************** 4b = 17215270 (1.026) ***************************************************** 4c = 17018758 (1.014) ***************************************************** 4d = 16728084 (0.997) **************************************************** 4e = 16429222 (0.979) *************************************************** 4f = 17227552 (1.027) ***************************************************** 50 = 17003210 (1.013) ***************************************************** 51 = 16752073 (0.999) **************************************************** 52 = 16406245 (0.978) *************************************************** 53 = 16797360 (1.001) **************************************************** 54 = 16739722 (0.998) **************************************************** 55 = 16496819 (0.983) *************************************************** 56 = 16904402 (1.008) **************************************************** 57 = 17081433 (1.018) ***************************************************** 58 = 17048497 (1.016) ***************************************************** 59 = 16764424 (0.999) **************************************************** 5a = 16723254 (0.997) **************************************************** 5b = 17311985 (1.032) ****************************************************** 5c = 17114369 (1.020) ***************************************************** 5d = 16822062 (1.003) **************************************************** 5e = 16521521 (0.985) *************************************************** 5f = 17324336 (1.033) ****************************************************** 60 = 17147760 (1.022) ***************************************************** 61 = 16894488 (1.007) **************************************************** 62 = 16545720 (0.986) *************************************************** 63 = 16940160 (1.010) **************************************************** 64 = 16882032 (1.006) **************************************************** 65 = 16637064 (0.992) *************************************************** 66 = 17048112 (1.016) ***************************************************** 67 = 17226648 (1.027) ***************************************************** 68 = 17193432 (1.025) ***************************************************** 69 = 16906944 (1.008) **************************************************** 6a = 16865424 (1.005) **************************************************** 6b = 17459160 (1.041) ****************************************************** 6c = 17259864 (1.029) ***************************************************** 6d = 16965072 (1.011) ***************************************************** 6e = 16661976 (0.993) **************************************************** 6f = 17471616 (1.041) ****************************************************** 70 = 16792580 (1.001) **************************************************** 71 = 16544554 (0.986) *************************************************** 72 = 16203010 (0.966) ************************************************** 73 = 16589280 (0.989) *************************************************** 74 = 16532356 (0.985) *************************************************** 75 = 16292462 (0.971) ************************************************** 76 = 16694996 (0.995) **************************************************** 77 = 16869834 (1.006) **************************************************** 78 = 16837306 (1.004) **************************************************** 79 = 16556752 (0.987) *************************************************** 7a = 16516092 (0.984) *************************************************** 7b = 17097530 (1.019) ***************************************************** 7c = 16902362 (1.007) **************************************************** 7d = 16613676 (0.990) *************************************************** 7e = 16316858 (0.973) ************************************************** 7f = 17109728 (1.020) ***************************************************** 80 = 16920610 (1.009) **************************************************** 81 = 16670693 (0.994) **************************************************** 82 = 16326545 (0.973) *************************************************** 83 = 16715760 (0.996) **************************************************** 84 = 16658402 (0.993) **************************************************** 85 = 16416679 (0.979) *************************************************** 86 = 16822282 (1.003) **************************************************** 87 = 16998453 (1.013) ***************************************************** 88 = 16965677 (1.011) ***************************************************** 89 = 16682984 (0.994) **************************************************** 8a = 16642014 (0.992) **************************************************** 8b = 17227885 (1.027) ***************************************************** 8c = 17031229 (1.015) ***************************************************** 8d = 16740342 (0.998) **************************************************** 8e = 16441261 (0.980) *************************************************** 8f = 17240176 (1.028) ***************************************************** 90 = 17416210 (1.038) ****************************************************** 91 = 17158973 (1.023) ***************************************************** 92 = 16804745 (1.002) **************************************************** 93 = 17205360 (1.026) ***************************************************** 94 = 17146322 (1.022) ***************************************************** 95 = 16897519 (1.007) **************************************************** 96 = 17315002 (1.032) ****************************************************** 97 = 17496333 (1.043) ****************************************************** 98 = 17462597 (1.041) ****************************************************** 99 = 17171624 (1.024) ***************************************************** 9a = 17129454 (1.021) ***************************************************** 9b = 17732485 (1.057) ******************************************************* 9c = 17530069 (1.045) ****************************************************** 9d = 17230662 (1.027) ***************************************************** 9e = 16922821 (1.009) **************************************************** 9f = 17745136 (1.058) ******************************************************* a0 = 17581410 (1.048) ****************************************************** a1 = 17321733 (1.032) ****************************************************** a2 = 16964145 (1.011) ***************************************************** a3 = 17368560 (1.035) ****************************************************** a4 = 17308962 (1.032) ****************************************************** a5 = 17057799 (1.017) ***************************************************** a6 = 17479242 (1.042) ****************************************************** a7 = 17662293 (1.053) ******************************************************* a8 = 17628237 (1.051) ******************************************************* a9 = 17334504 (1.033) ****************************************************** aa = 17291934 (1.031) ****************************************************** ab = 17900685 (1.067) ******************************************************* ac = 17696349 (1.055) ******************************************************* ad = 17394102 (1.037) ****************************************************** ae = 17083341 (1.018) ***************************************************** af = 17913456 (1.068) ******************************************************* b0 = 17048640 (1.016) ***************************************************** b1 = 16796832 (1.001) **************************************************** b2 = 16450080 (0.981) *************************************************** b3 = 16842240 (1.004) **************************************************** b4 = 16784448 (1.000) **************************************************** b5 = 16540896 (0.986) *************************************************** b6 = 16949568 (1.010) **************************************************** b7 = 17127072 (1.021) ***************************************************** b8 = 17094048 (1.019) ***************************************************** b9 = 16809216 (1.002) **************************************************** ba = 16767936 (0.999) **************************************************** bb = 17358240 (1.035) ****************************************************** bc = 17160096 (1.023) ***************************************************** bd = 16867008 (1.005) **************************************************** be = 16565664 (0.987) *************************************************** bf = 17370624 (1.035) ****************************************************** c0 = 16705850 (0.996) **************************************************** c1 = 16459105 (0.981) *************************************************** c2 = 16119325 (0.961) ************************************************** c3 = 16503600 (0.984) *************************************************** c4 = 16446970 (0.980) *************************************************** c5 = 16208315 (0.966) ************************************************** c6 = 16608770 (0.990) *************************************************** c7 = 16782705 (1.000) **************************************************** c8 = 16750345 (0.998) **************************************************** c9 = 16471240 (0.982) *************************************************** ca = 16430790 (0.979) *************************************************** cb = 17009225 (1.014) ***************************************************** cc = 16815065 (1.002) **************************************************** cd = 16527870 (0.985) *************************************************** ce = 16232585 (0.968) ************************************************** cf = 17021360 (1.015) ***************************************************** d0 = 16949520 (1.010) **************************************************** d1 = 16699176 (0.995) **************************************************** d2 = 16354440 (0.975) *************************************************** d3 = 16744320 (0.998) **************************************************** d4 = 16686864 (0.995) **************************************************** d5 = 16444728 (0.980) *************************************************** d6 = 16851024 (1.004) **************************************************** d7 = 17027496 (1.015) ***************************************************** d8 = 16994664 (1.013) ***************************************************** d9 = 16711488 (0.996) **************************************************** da = 16670448 (0.994) **************************************************** db = 17257320 (1.029) ***************************************************** dc = 17060328 (1.017) ***************************************************** dd = 16768944 (1.000) **************************************************** de = 16469352 (0.982) *************************************************** df = 17269632 (1.029) ***************************************************** e0 = 16953650 (1.011) **************************************************** e1 = 16703245 (0.996) **************************************************** e2 = 16358425 (0.975) *************************************************** e3 = 16748400 (0.998) **************************************************** e4 = 16690930 (0.995) **************************************************** e5 = 16448735 (0.980) *************************************************** e6 = 16855130 (1.005) **************************************************** e7 = 17031645 (1.015) ***************************************************** e8 = 16998805 (1.013) ***************************************************** e9 = 16715560 (0.996) **************************************************** ea = 16674510 (0.994) **************************************************** eb = 17261525 (1.029) ***************************************************** ec = 17064485 (1.017) ***************************************************** ed = 16773030 (1.000) **************************************************** ee = 16473365 (0.982) *************************************************** ef = 17273840 (1.030) ***************************************************** f0 = 16573690 (0.988) *************************************************** f1 = 16328897 (0.973) *************************************************** f2 = 15991805 (0.953) ************************************************* f3 = 16373040 (0.976) *************************************************** f4 = 16316858 (0.973) ************************************************** f5 = 16080091 (0.958) ************************************************** f6 = 16477378 (0.982) *************************************************** f7 = 16649937 (0.992) **************************************************** f8 = 16617833 (0.991) *************************************************** f9 = 16340936 (0.974) *************************************************** fa = 16300806 (0.972) ************************************************** fb = 16874665 (1.006) **************************************************** fc = 16682041 (0.994) **************************************************** fd = 16397118 (0.977) *************************************************** fe = 16104169 (0.960) ************************************************** ff = 16886704 (1.007) **************************************************** From futplex at pseudonym.com Thu Aug 10 01:45:34 1995 From: futplex at pseudonym.com (Futplex) Date: Thu, 10 Aug 95 01:45:34 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) In-Reply-To: Message-ID: <199508100845.EAA18756@thor.cs.umass.edu> Jon writes: > Two other possibilities: (1) It's merely an independently produced > cryptosystem disguised as a "leak" to save its creator the trouble of > asking experts to analyze it for him/her. It strikes me as rather foolish to mail off anonymous copies to several individual recipients (Matt, Perry, Tim, ...) in addition to the list, if S1 is a real leak. Why aid the traffic analysts by firing off multiple messages through the remailers ? BTW, the code has been posted to Usenet by a Frank Falstaff -- look for message ID <40b8tk$cj4 at news.xs4all.nl> in sci.crypt (Wed, Aug. 9, 1995). His article refers to a message ID (namely <40b50l$oa8 at utopia.hacktic.nl>) that differs from the message ID of the copy sent to c'punks. So it looks like there was at least one additional recipient. That's a minimum of 5 originals so far.... -Futplex From ic58 at jove.acs.unt.edu Thu Aug 10 02:03:29 1995 From: ic58 at jove.acs.unt.edu (Childers James) Date: Thu, 10 Aug 95 02:03:29 PDT Subject: "S-1" key schedule In-Reply-To: <199508100853.EAA13204@crypto.com> Message-ID: On Thu, 10 Aug 1995, Matt Blaze wrote: > My money still says the "TOP SECRET" markings and other clues that > suggest that "S-1" has something to do with Skipjack are a hoax. Has anyone checked to see if this is just an older but obscure published algorithm? If it uses an 80-bit key, that tells me it's not too old, but I'm new to this stuff. If it is a new algorithm, is it just a variant, or something completely new? [Sorry in advance if this is noise...] From asb at nexor.co.uk Thu Aug 10 03:15:19 1995 From: asb at nexor.co.uk (Andy Brown) Date: Thu, 10 Aug 95 03:15:19 PDT Subject: "S1" encryption system In-Reply-To: <199508100443.EAA00611@orchard.medford.ma.us> Message-ID: On Thu, 10 Aug 1995, Bill Sommerfeld wrote: > It looks very much like the sort of typo you would get from a > mistranslation from assembly language if the target architecture had a > *4-bit* processor. (This is also consistant with the "<<4"'s which > show up in several places in the code). I'll back up the disassembly theory. I've done it myself once when I lost some of my own source code from years previous and had to get out the dissassembler. Very painful work which resulted in a first set of source much like the "S1" sample posted here. Only difference was that I went back over the "first draft" after verifying it and cleaned it up somewhat. The poster either does not know 'C' or thinks that a cleanup will reveal his/her style. - Andy +-------------------------------------------------------------------------+ | Andrew Brown Internet Telephone +44 115 952 0585 | | PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A C0 1F 9F 66 64 02 4C 88 | +-------------------------------------------------------------------------+ From danisch at ira.uka.de Thu Aug 10 04:40:26 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Thu, 10 Aug 95 04:40:26 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) Message-ID: <9508101139.AA27386@elysion.iaks.ira.uka.de> > BTW, the code has been posted to Usenet by a Frank Falstaff -- look for > message ID <40b8tk$cj4 at news.xs4all.nl> in sci.crypt (Wed, Aug. 9, 1995). > His article refers to a message ID (namely <40b50l$oa8 at utopia.hacktic.nl>) > that differs from the message ID of the copy sent to c'punks. So it looks > like there was at least one additional recipient. That's a minimum of 5 > originals so far.... It has been posted twice to sci.crypt, once from "Frank Falstaff", and once through the remailer at utopia.hacktic.nl. sci.crypt seems to have been one of the recipients... Hadmut From rah at shipwright.com Thu Aug 10 05:29:41 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 10 Aug 95 05:29:41 PDT Subject: ciphergroupies Message-ID: As one of ciphergroupies (call a spade a spade, the man said, and, frankly, I don't write code, much less cryto-code) I agree with Perry. While I understand that crypto isn't the only thing discussed on this list, it used be quite apparent to anyone who signed on to this list that strong crypto and its consequences was the the focus of the group. Some days it's very apparent that that is not the focus. My mail.torrent skills are pretty well advanced these days, because I sit on lots of mail groups. The first high volume one was cypherpunks, where I got my bones in such matters, and I've gotten pretty adept at thrashing the noise out of the way. However, it does seem that, like Tim said a while ago, we're getting a lot of forwards from other groups, which dilute the content here pretty significantly. I've done this myself. A lot. Not as much as I used to, but it still happens: I just forwarded here an announcement for a digital commerce conference in Texas, for instance. So, I have a few suggestions. First, we might try to be more considerate of the other's wetware, while developing our own, and try to limit our postings to this net to original contributions where possible, even if it's just a summary of something you've read. Write it in your own words, in other words ;-). I'm not saying rewrite instead of forward if the message is extremely crypto (or consequent) relevant, we get action messages from EPIC, for instance, which are mostly relevant (opinions of the efficacy of EPIC aside, of course). Second, if you have something which people here might be interested in, and it's vaguely tangental, post a pointer. The classic case here is someone, who shall remain nameless for reasons you'll see in a moment, who's brilliantly cryptic (!) pointers to his droid-fed article stash have been a very useful and pleasantly salient feature of the landscape here for more than a year now. You can point to an FTP file, a web page, have people ask for it in an e-mail reply from you, and if it's something er, professionally written, and want it handled er, gingerly, you can probably contact the above mentioned droid-master for his help in distributing your find. I just sent him such an article on dark fiber / frequency multiplexing which he pointed the group to within the last week. Not that you should choke the droid factory, mind you, but it can be done in a special circumstance. Perry seems pretty burned up, and he's burned up for the right reasons, not the least of which is that he's been busting his butt in a project which will encrypt the net at the very core: the TCP/IP layer itself. This is very very important, and people should pay attention to it, and help however they can. (It's also likely to make Perry insufferable -- deservedly -- pretty soon ;-)). Like everyone else, he subscribes to this group to learn more about crypto, and he's finding the crypto content dwindling, the "S1" discussion notwithstanding, and as someone who's invested a lot of time, energy, and emotions in this group, he doesn't sound happy about it. This is also compounded by the fact that while Perry is one of my favorite people here, Perry is also a grouch. I usually laugh when he goes over the top about something, because his polemics are some of the best I've ever seen. That doesn't make it any better if you're on the receiving end of such invective, and he's pissed off people who agree with him most of the rest of the time as a result. He's usually right, however, and he's a grownup, so I don't think he's going to change his tone anytime soon, and I've just learned to ignore his more inflamitory remarks as a cost of doing business with his not inconsiderable talents. That goes for several people around here, by the way, and it's a shame when they don't play well with others, but, like Perry, they're grownups. Another cost of doing business. So, in summary, point instead of forward where possible, particularly if it's not explicitly crypto or crypto consequent; a good immediate way to help the cause of crypto on the net is to bone up on this IPSP stuff and see what you can do to help, because it's very important; and Perry and other people here are grouches and can't seem to play nice with each other on occasion (So, what else is new? ;-)). Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From asb at nexor.co.uk Thu Aug 10 05:48:09 1995 From: asb at nexor.co.uk (Andy Brown) Date: Thu, 10 Aug 95 05:48:09 PDT Subject: Why DES in IPSEC ESP? Message-ID: I suppose this is really addressed at Perry: Why was (single) DES chosen as the algorithm for the ESP part of IPSEC? If someone's IP traffic is being monitored and collected offline by some agency then they're going to get about a couple of hours of security while the special purpose key search hardware kicks into action. I know other algorithms can optionally be used, but surely it would have been better to have a second, stronger algorithm specified mandatory as well. - Andy +-------------------------------------------------------------------------+ | Andrew Brown Internet Telephone +44 115 952 0585 | | PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A C0 1F 9F 66 64 02 4C 88 | +-------------------------------------------------------------------------+ From jya at pipeline.com Thu Aug 10 06:00:28 1995 From: jya at pipeline.com (John Young) Date: Thu, 10 Aug 95 06:00:28 PDT Subject: CAC_kle Message-ID: <199508101300.JAA14840@pipe2.nyc.pipeline.com> 8-10-95. NYPaper Page-Oner: "With Internet Cachet, Not Profit, New Stock Is Wall St.'s Darling." A 15-month-old company that has never made a dime of profit had one of the most stunning debuts in Wall Street history yesterday as investors rushed to pour their money into cyberspace. The Netscape Communications Corporation became the latest -- and hottest -- company in the Internet business to list shares on the nation's stock exchanges. Shares of Netscape, which had been priced at $28 before trading began at 11 A.M. opened far higher -- at $71. The shares soon surged to as high as $74.75. It was the best opening day for a stock in Wall Street history for an issue of its size. But even more significantly, it was a sign of how the rush to commercialize the global computing web known as the Internet has created an investor frenzy not seen in the technology industry since the early days of the personal computer more than a decade ago. "There is a mania under way," said Michael Murphy, the editor of The Overpriced Stock Service, a newsletter in Half Moon Bay, Calif. The company's co-founder and chairman, who holds 9.7 million shares, ended up holding a stake valued at a half-billion dollars. Making his first fortune yesterday was Marc L. Andreessen, Netscape's 24-year-old vice president of technology and an inventor of its prize software. Based on yesterday's closing price, his interest in Netscape is worth more than $58 million. CAC_kle From trei Thu Aug 10 06:10:07 1995 From: trei (Peter Trei) Date: Thu, 10 Aug 95 06:10:07 PDT Subject: "S1" encryption system (was: this looked like it might Message-ID: <9508101310.AA25693@toad.com> > On a fair number of occassions I have been told that federal type folks > have made statements to the effect that there is no such thing as a "TOP > SECRET" classification of US government docs. Since really secret things > tend to get neither confirmed nor denied, I am inclined to believe this. > Thus SECRET is the top classification in today's government/military. If > anybody knows otherwise I would be interested in the information. > JWS Well, I held an active SECRET clearance until last November. This is how I remember it. There are three basic levels of classification - Confidential, Secret, and Top Secret. There are many sub-categories, such as FOUO (For Official Use Only), NOFORN (no foreigners), COMSEC (Communications Security) etc. Within TS, data may be placed in 'compartments', the names of which may themselves be classified, and separate clearance is needed for each compartment. Orthoganal to that is the existance of three separate agencies which provide clearance - the Department of Energy, the Department of Defense, and the NSA. If you had a DoD clearance, that did not cut much ice with the spooks - you needed to have a separate investigation to their standards (though the actual groundpounding and investigation was done by the same organization for all three). Finally, there was 'need to know'. It didn't matter if you had a Tippy Toppest Secret clearance, signed by the directors of the NRO, NSA, and DoE; if there was a piece of classified information which was not relevant to your work, you didn't get it. (One of the problems with the system is that this leads to a lot of duplicated effort). While I did not get to see Top Secret data (and in fact, avoided classified projects whenever possible), TS was a very real classification level at least until late last year. The only explanation I can think of for your claim above is that most TS data is not simply 'TS'; it usually has various endorsments, such as which compartment it's in. Peter Trei From mark at unicorn.com Thu Aug 10 06:15:34 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Thu, 10 Aug 95 06:15:34 PDT Subject: PGP Tools on Linux Message-ID: Did anyone ever get PGP Tools working on Linux ? I can compile it, but it has a marked tendency to get SEGVs when destroying fifos... Mark From adam at bwh.harvard.edu Thu Aug 10 06:28:38 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Thu, 10 Aug 95 06:28:38 PDT Subject: Why DES in IPSEC ESP? In-Reply-To: Message-ID: <199508101327.JAA14573@bwh.harvard.edu> | I suppose this is really addressed at Perry: | | Why was (single) DES chosen as the algorithm for the ESP part of IPSEC? | If someone's IP traffic is being monitored and collected offline by some | agency then they're going to get about a couple of hours of security while | the special purpose key search hardware kicks into action. I know other | algorithms can optionally be used, but surely it would have been better to | have a second, stronger algorithm specified mandatory as well. Since Perry is hopefully off busily implementing things, I'll try to answer. :) First, DES is still pretty strong. Try throwing Pentiums at it. It suffices as a fast, known to be reasonably strong, block ethernet sniffers algorithim. Second, no other algotrithm is known to be well designed. We can trust that the NSA did a fair job in the design. Thus, choosing a second algorithm is a difficult, and political task. (There are also patent and licensing issues with other ciphers) So, in order to ship sooner rather than later, DES was chosen. 3DES will probably be available soon afterwards. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From usura at replay.com Thu Aug 10 06:41:16 1995 From: usura at replay.com (Alex de Joode) Date: Thu, 10 Aug 95 06:41:16 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) Message-ID: <199508101341.AA07297@xs1.xs4all.nl> Futplex sez: : BTW, the code has been posted to Usenet by a Frank Falstaff -- look for : message ID <40b8tk$cj4 at news.xs4all.nl> in sci.crypt (Wed, Aug. 9, 1995). : His article refers to a message ID (namely <40b50l$oa8 at utopia.hacktic.nl>) : that differs from the message ID of the copy sent to c'punks. So it looks : like there was at least one additional recipient. That's a minimum of 5 : originals so far.... The remailers at utopia.hacktic.nl use news.xs4all.nl as their newsserver, all messages get an "news.xs4all.nl-ID", all mail ID's will have "utopia.hacktic.nl" in it. -- Alex de Joode Fear Uncertainty and Doubt, Inc. From habs at warwick.com Thu Aug 10 07:39:58 1995 From: habs at warwick.com (Harry S. Hawk) Date: Thu, 10 Aug 95 07:39:58 PDT Subject: ciphergroupies In-Reply-To: Message-ID: <199508101435.KAA03188@cmyk.warwick.com> > > As one of ciphergroupies (call a spade a spade, the man said, and, frankly, > I don't write code, much less cryto-code) I agree with Perry. For anyone who is interested in writing code and other related activies I'm willing to redistribute the cypherpunks from my site via MailWeir so users can kill and prune what messages they read and which ones they don't. /hawk From alex at proust.suba.com Thu Aug 10 07:44:01 1995 From: alex at proust.suba.com (Alex Strasheim) Date: Thu, 10 Aug 95 07:44:01 PDT Subject: commercial advance vcrs Message-ID: <199508101453.JAA01058@proust.suba.com> This isn't directly relevant to crypto, but it is a scheme to allow people to filter out unwanted media content. Has anyone heard of it, and does anyone know how it works? This is from TV Guide: CHEERS to commercial-free TV, or more exactly, Commercial Advance VCRs. Check it out: this month, RCA will unveil a VCR that skips past virtually all commercials during playback of a recorded show. Imagine: three minutes of commercials will whiz by in 10 seconds. The downside? This summer, commercials may be the most interesting things on network tv. -- Alex Strasheim, alex at proust.suba.com From perry at panix.com Thu Aug 10 07:52:58 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 10 Aug 95 07:52:58 PDT Subject: IPSEC goes to RFC In-Reply-To: <199508100310.XAA11723@bwh.harvard.edu> Message-ID: <199508101452.KAA24637@panix4.panix.com> Adam Shostack writes: > | IPSEC is now a Proposed Standard. > > | Again, *we need your help*. Cypherpunks write code. Help us make the > | internet safe for personal privacy by contributing to this effort. > > How about posting a list of 'things that need doing?' I > assume one is floating around, possibly even with time estimates? The IETF was challenged by Steve Crocker to be ready for use of IPSEC for the Dallas meeting in December so that no IETFer who wanted to communicate securely with his home site need be insecure. To accomplish that, we need to produce versions of the security stack for many architectures. Right now, we have AIX and 4.4BSD fairly solidly covered. Less well covered is HPUX. People familiar with code like the Trumpet Winsock stack, Linux, or who have access to the innards of SunOS, Solaris, Windows 95, Mac stacks, and others, and can legitimately release implementations for those platforms, are probably needed. We need serious commitments from people but of course everyone is trying to help everyone else along. Basically, if you know how to hack kernels and networking code and you have a platform you can work on, we need you. We also lack work on the key management end of things -- people who can start playing around with implementing Photuris, even on a "toy" basis, would probably be of help. Perry From ab411 at detroit.freenet.org Thu Aug 10 08:01:10 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Thu, 10 Aug 95 08:01:10 PDT Subject: Dir.Byway Virus (NewsClip) Message-ID: <199508101500.LAA20644@detroit.freenet.org> turner at telecheck.com writes: >Seems like a good-press piece for a small anti-viral software >company. Just one small pick to nit: Actually, Dr. Sol's AVTK is consistently one of the very top DOS virus scanners, in terms of percent of known viruses it catches. >anonymous-remailer at shell.portal.com said: >> Bitton said the company's "Dr. Solomon's Anti-Virus Toolkit" will >> remove the virus from infected computers. New versions of the Toolkit >> for DOS, Windows, OS/2, and NetWare are slated to ship in late >> summer. S&S also plans Fall 1995 introductions of Toolkits for >> Macintosh, SCO Unix, Windows 95, and Windows NT server and >> workstations. > >Windows NT has an abstracted and object oriented design. User mode >programs no longer have access to the hardware (ie., you no longer >have access to the boot sector, and cannot hook an interrupt). In >short, viruses are much less likely to function under NT, yet these >blood-sucking people can't wait to introduce software for it... I can't speak for S&S, but I'd bet that what they are introducing is a scanner for archives of MS-DOS programs hosted on NT systems. Although it may be that NT-specific viruses have started appearing. (The restrictions on file access don't slow the spread of file infectors all that much -- it's enough for them to infect those things they have write permission for. I think the good Dr. Cohen has done some research on this?) In any case, this is more appropriate for comp.virus than cpunks. -- David R. Conrad, ab411 at detroit.freenet.org, http://web.grfn.org/~conrad/ Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 No, his mind is not for rent to any god or government. From perry at panix.com Thu Aug 10 08:25:44 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 10 Aug 95 08:25:44 PDT Subject: Why DES in IPSEC ESP? In-Reply-To: <199508101327.JAA14573@bwh.harvard.edu> Message-ID: <199508101525.LAA06371@panix4.panix.com> Adam Shostack writes: > choosing a second algorithm is a difficult, and political task. [...] > So, in order to ship sooner rather than later, DES was chosen. Well, if you define "ship" as "get the standards approved" you have the situation nailed. We basically could all agree on DES and the marketplace will dictate that in practice everyone has 3DES and other things available too. Perry From perry at panix.com Thu Aug 10 08:26:57 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 10 Aug 95 08:26:57 PDT Subject: Why DES in IPSEC ESP? In-Reply-To: Message-ID: <199508101521.LAA05002@panix4.panix.com> Andy Brown writes: > I suppose this is really addressed at Perry: > > Why was (single) DES chosen as the algorithm for the ESP part of IPSEC? It wasn't. Well, it wasn't *really*. IPSEC is a framework into which you drop any algorithm you like -- IDEA, 3DES, Skipjack (:-), or anything else. We picked a baseline algorithm to assure interoperability, but it is not our expectation that people would want to use DES in practice. Picking DES was largely a political, not a technical decision. RFCs describing 3DES and SHA modes are in the pipeline right now -- they are going before the IESG "real soon now". > I know other algorithms can optionally be used, but surely it would > have been better to have a second, stronger algorithm specified > mandatory as well. Well, lets remember this: algorithms go sour with time, like dairy products. People are going to have to get used to regularly switching them very soon anyway. Think of this as just a way to get people in the habit of building their implementations modularly from the start. My recommendation is that all implementations include 3DES in their initial algorithm set. I'm going to do it with mine. Perry From wilcoxb at nagina.cs.colorado.edu Thu Aug 10 08:56:29 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Thu, 10 Aug 95 08:56:29 PDT Subject: noise pollution, conspiracy theory, Perry's pet peeve Message-ID: <199508101556.JAA06190@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > You have become an impediment -- a lump of rock in the highway. You aren't > part of the solution -- you are part of the problem. I have to concur on this point. Posting conspiracy tracts to cypherpunks, or posting algorithm ideas to the conspiracy list, only serves to dilute the primary function of the list in question. J. Orlin Grabbe's actions in this respect are harmful (though of course I don't think they are malicious.) Bryce signatures follow: + /. island Life in a chaos sea / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMCosBvWZSllhfG25AQFWlQQAocyn68Ehj6S2gGvPnhnMglrWdKFsw3s8 +eJWlMMVsXfV7NVAezoxVaia5Uw0kXCc0liQRmXz/T5jJQHI/ko2PxQQ7PI2TeRa RiEM327boHr87WrtJO+3jInqjGDgjKkiBXW07QNZjvZudlEdm05XLGtJeVSRmIFJ xKvbLVj5v5M= =B1KZ -----END PGP SIGNATURE----- From sdw at lig.net Thu Aug 10 09:06:32 1995 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 10 Aug 95 09:06:32 PDT Subject: IPSEC goes to RFC In-Reply-To: <199508101452.KAA24637@panix4.panix.com> Message-ID: > Adam Shostack writes: > > | IPSEC is now a Proposed Standard. > > > > | Again, *we need your help*. Cypherpunks write code. Help us make the > > | internet safe for personal privacy by contributing to this effort. > > > > How about posting a list of 'things that need doing?' I > > assume one is floating around, possibly even with time estimates? > > The IETF was challenged by Steve Crocker to be ready for use of IPSEC > for the Dallas meeting in December so that no IETFer who wanted to > communicate securely with his home site need be insecure. > > To accomplish that, we need to produce versions of the security stack > for many architectures. Right now, we have AIX and 4.4BSD fairly > solidly covered. Less well covered is HPUX. People familiar with code Could we please share snapshots of any code that exists? Even if it's for a totally different OS, it's still extremely helpful if we're short on time. > like the Trumpet Winsock stack, Linux, or who have access to the I'm interested in doing/helping with Linux. I also have access to an SGI Indy (less well ready to develop though) and HPUX. > innards of SunOS, Solaris, Windows 95, Mac stacks, and others, and can > legitimately release implementations for those platforms, are probably > needed. We need serious commitments from people but of course everyone > is trying to help everyone else along. > > Basically, if you know how to hack kernels and networking code and you > have a platform you can work on, we need you. > > We also lack work on the key management end of things -- people who > can start playing around with implementing Photuris, even on a "toy" > basis, would probably be of help. > > Perry Does it make any sense to talk about loopback interface style wedges to convert OS native IP to IPSEC? What about a version of inetd that wraps apps? (I'm about to read the RFC's, so not sure if those suggestions make sense yet.) I really like the idea of using DNS for (public I assume) keys... sdw -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From marc at cam.ov.com Thu Aug 10 09:10:56 1995 From: marc at cam.ov.com (Marc Horowitz) Date: Thu, 10 Aug 95 09:10:56 PDT Subject: Why DES in IPSEC ESP? Message-ID: <199508101611.MAA03223@dun-dun-noodles.cam.ov.com> >> | Why was (single) DES chosen as the algorithm for the ESP part of IPSEC? Because people were going completely nuts about mandating something not easily specifiable at all. DES was an easier case to make than 3DES. >> So, in order to ship sooner rather than later, DES was chosen. >> 3DES will probably be available soon afterwards. Shipping is irrelevant. Perry is busily coding 3DES support into NetBSD. Once it's in the bsd network stack, it will spread everywhere. Presumably, someone will implement it outside the US as well. As Perry put it succinctly at a recent IETF meeting, people will not necessarily use what is mandated. They will use what is available. If 3DES is in the freely available reference implementation (which it will be), and it performs adequately, that is what will get used. Marc From perry at panix.com Thu Aug 10 09:16:55 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 10 Aug 95 09:16:55 PDT Subject: IPSEC goes to RFC In-Reply-To: Message-ID: <199508101615.MAA11483@panix4.panix.com> Stephen D. Williams writes: > Could we please share snapshots of any code that exists? Even if it's > for a totally different OS, it's still extremely helpful if we're short > on time. Thats certainly something people expect to do -- I'll begin letting people at my code in a couple of weeks. There is a mailing list for IPSEC developers right now -- people who have read the RFCs and decide to get serious might want to subscribe. > I'm interested in doing/helping with Linux. I also have access to > an SGI Indy (less well ready to develop though) and HPUX. Kernel sources are important here -- if you don't have kernel sources IPSEC may be a challenge to put into a kernel... > Does it make any sense to talk about loopback interface style wedges to > convert OS native IP to IPSEC? What about a version of inetd that > wraps apps? Steve Bellovin has a summer student who did an interesting wedge on PCs running packet driver interfaces in which he interposed his stuff between the stack and the real packet driver. However, this can only be of use for host-host keying and not user-user which is the real goal. .pm From perry at panix.com Thu Aug 10 09:19:10 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 10 Aug 95 09:19:10 PDT Subject: where to get RFCs and internet drafts Message-ID: <199508101619.MAA27815@panix2.panix.com> A couple of people have asked, so I'm posting... RFCs and internet drafts are both available for anonymous FTP from ds.internic.net. Phil Karn's photuris stuff is still in the early draft phase. Help speed up development by playing with it! .pm From mhobbs at rad.rpslmc.edu Thu Aug 10 09:59:56 1995 From: mhobbs at rad.rpslmc.edu (Michael Hobbs) Date: Thu, 10 Aug 95 09:59:56 PDT Subject: questions/info on premail Message-ID: <199508101701.AA09184@rad.rpslmc.edu> To all. Is there anyone out there that has incorporated premail into another script? Like a mail script or cgi script. I'm trying to expand the idea of integrating anon-mailers into web pages for more ease of use. If anyone has directly linked premail to a page, please let me know. I am having some problems calling it from a script and I thought someone might have solved this problem already. I wrote to Raph about this, but as you might know, his page states that he got married on Aug 5, so I don't expect the speediest of replies :) Michael Hobbs dochobbs at wwa.com mhobbs at rad.rpslmc.edu p.s. As to the cpremailer page that I posted here last week; -I have removed the hardwired remailer and now allow simple of choosing of remailers. I also think I have the news instructions up to date. http://miso.wwa.com/~dochobbs/cpremailer.html From jya at pipeline.com Thu Aug 10 10:58:08 1995 From: jya at pipeline.com (John Young) Date: Thu, 10 Aug 95 10:58:08 PDT Subject: Conspiracies Message-ID: <199508101757.NAA25579@pipe2.nyc.pipeline.com> I respect the view that sound crypto requires skeptical review and testing outside closed rooms. Conspiracies live or die by the same process. Crypto would die if there was no belief in conspiracies. Conspiracy theory drives the cypherpunk agenda, I surmised from the welcoming statement. Note the caution about "S1," and any other crypto offering. Perry's sharp statements on the urgent need for crypto deployment are motivated, it seems to me, by a view of a believable, if not wholly proveable, threat that crypto is believed to counter. I choose to believe him; Orlin's got my skeptical interest -- put up or shut up -- and he's not out of line. But who knows more than what we read in the conspiracy- driven media and hear from our respected leaders? Take your pick of them, or believe your own home-grown, they're unavoidable, on cypherpunks or elsewhere -- they're the crippling religion of the ages. My mouth waters to hear the latest conspiracies about cypherpunks' evil spread of demon crypto. From warlord at ATHENA.MIT.EDU Thu Aug 10 11:45:51 1995 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Thu, 10 Aug 95 11:45:51 PDT Subject: PGP Tools on Linux In-Reply-To: Message-ID: <199508101842.OAA22544@charon.MIT.EDU> > Did anyone ever get PGP Tools working on Linux ? I can compile it, but it > has a marked tendency to get SEGVs when destroying fifos... Yea, I did a long time ago. There was a bug in the code that caused destroying fifos to do this -- it would free the fifo and then try to set it, or something like that. You have to reorder a few commands to fix the problem. I've not looked at PGPTools in a long time, so I can't give you any more detailed information. -derek From dneal at usis.com Thu Aug 10 11:53:21 1995 From: dneal at usis.com (David Neal) Date: Thu, 10 Aug 95 11:53:21 PDT Subject: IPSEC goes to RFC In-Reply-To: Message-ID: On Thu, 10 Aug 1995, Stephen D. Williams wrote: > > > Adam Shostack writes: > > > | IPSEC is now a Proposed Standard. > > > > > > | Again, *we need your help*. Cypherpunks write code. Help us make the > > > | internet safe for personal privacy by contributing to this effort. > > > > > > How about posting a list of 'things that need doing?' I > > > assume one is floating around, possibly even with time estimates? > > > > Could we please share snapshots of any code that exists? Even if it's > for a totally different OS, it's still extremely helpful if we're short > on time. > > > like the Trumpet Winsock stack, Linux, or who have access to the > > I'm interested in doing/helping with Linux. I also have access to > an SGI Indy (less well ready to develop though) and HPUX. I'd like to also volunteer to do the linux port, whether it be coordination patches, hacking code, finding people, whatever. Also, if other cypherpunk subscribers feel that this topic is inappropriate for the list (not likely) or that it would generate too much traffic for the list (?) I can create a new majordomo list dedicated to the effort in 10 minutes. The aforementioned 'To Do List' could be the signup message you get when joining the list. Just a suggestion, David. David Neal - GNU Planet Aerospace 1-800-PLN-8-GNU Unix, Sybase and Networking consultant. "...you have a personal responsibility to be pro-active in the defense of your own civil liberties." - S. McCandlish From koontz at MasPar.COM Thu Aug 10 11:58:55 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Thu, 10 Aug 95 11:58:55 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) Message-ID: <9508101902.AA15691@argosy.MasPar.COM> >Jon writes: >> Two other possibilities: (1) It's merely an independently produced >> cryptosystem disguised as a "leak" to save its creator the trouble of >> asking experts to analyze it for him/her. >It strikes me as rather foolish to mail off anonymous copies to several >individual recipients (Matt, Perry, Tim, ...) in addition to the list, if >S1 is a real leak. Why aid the traffic analysts by firing off multiple >messages through the remailers ? A third possibility comes to mind, that person or persons associated with the list are using the post to focus on cryptographic efforts in lieu of political or apocalyptic diatribes. From tcmay at got.net Thu Aug 10 12:10:02 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 10 Aug 95 12:10:02 PDT Subject: Conspiracies and "Ciphergroupies" Message-ID: At 5:57 PM 8/10/95, John Young wrote: > I respect the view that sound crypto requires skeptical > review and testing outside closed rooms. Conspiracies live > or die by the same process. Crypto would die if there was > no belief in conspiracies. > > Conspiracy theory drives the cypherpunk agenda, I surmised > from the welcoming statement. Note the caution about "S1," > and any other crypto offering. I think a better, and less loaded, tern than "conspiracies" is "threat models." It has always been important to many of us that the policies and plans of potential threats be discussed, analyzed, etc. Thus, our recurring focus on the activities of the NSA, GCHQ, FinCEN, and so on. For example, all folks on this list should almost certainly read "The Puzzle Palace," even though it does not _directly_ help with the latest project in writing code. And like Orlin Grabbe, whose "End of Money" article I posted a pointer to last winter, I closely follow the recent developments involving the intelligence agencies, the plans to limit crypto, etc. (By the way, it was my close following of the NSA and related organizations, and my monitoring of what Dorothy Denning was saying, that led to my "A Trial Balloon to Ban Crypto?" article in this group and in sci.crypt three years ago. This warning, which generated much discussion on sci.crypt and here, prepared us for the Clipper announcement six months later.) Is this wasted time? Shouldn't I be using my time to write Trumpet Winsocks--whatever they are!--for WinCypherHyperPhone? Well, we all decide what our interests are, and exhortations by others that we are not working on what is "really" important are not very useful. There are probably a dozen different sorts of interests here, ranging from a bunch of folks interested in popularizing crypto to several law professors and lawyers interested in legal aspects to Internet programming experts. Even some pure mathematicians. Even some novices. > Perry's sharp statements on the urgent need for crypto > deployment are motivated, it seems to me, by a view of a > believable, if not wholly proveable, threat that crypto is > believed to counter. I choose to believe him; Orlin's got my > skeptical interest -- put up or shut up -- and he's not out > of line. Perry is Perry. He has certainly written his share of rants and "off-topic" posts, as have we all. Literally thousands of his posts over the past 3 years reside on my disk drives, and certainly until recently most of them were not about writing code. Ironically, just a few weeks ago, Perry was sharply criticizing me for my "Crisis Overload" post and was urging me to join him in a serious lobbying effort to undermine the Grassley bill. I declined, thinking it unlikely to succeed and preferring to concentrate on my other project (including a new release of SmalltalkAgents, just arrived). When I preferred to work on more technical things than launching a grassroots political campaign, he got abusive and insulting in e-mail and I told him I would no longer accept this sort of abuse. You may recall he chose to post this private message here in public, without of course the messages that preceeded this (and without my permission, needless to say). Again, Perry is Perry. People work on what interests them. It is nice for Perry, and maybe for all of us if his efforts work out, that he has thrown himself into this new programming project, but it is wrong for him to automatically dismiss the interests and efforts of others. There's also a certain "control freak" attitude that creeps into this list (and other lists, of course) at times, wherein people say that their current interest is vastly more important than anything else and that anyone who does not drop their frivolous other interests and begin work immediately on the One True Project are fools and knaves, and are probably secretly working for the NSA! (:-}). People should write about what interests them. Those who wish to program, should program. Those who wish to explore number theory, should explore number theory. And so on. Attempting to control what gets posted on this list is pointless. If you don't like a particular topic, or an author, use filters and kill files. This can be done in many ways, including mail programs, procmail, and even the "MailWeir" service that Harry Hawk offers. And many people dump the list traffic into local newsgroups, allowing threadified reading. Also, various digestified versions of the list exist--Eric Blossom has one. Insulting people as "ciphergroupies" because they are not working on one's current interest seems needlessly counterproductive. Just my views. If you don't like 'em, ignore them or filter them. That's the Cypherpunk way of doing things. --Tim May Special note: My ISP has changed its domain name from "sensemedia.net" to "got.net" (as in "got milk?"), so I have to again ask you all to bear with me and use my new e-mail address, "tcmay at got.net". ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From perry at panix.com Thu Aug 10 12:43:49 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 10 Aug 95 12:43:49 PDT Subject: Conspiracies and "Ciphergroupies" In-Reply-To: Message-ID: <199508101943.PAA27611@panix4.panix.com> This is only of interest to a very limited number of people. Its basically a flame about private matters. I discourage reading it. Timothy C. May writes: > Ironically, just a few weeks ago, Perry was sharply criticizing me for my > "Crisis Overload" post and was urging me to join him in a serious lobbying > effort to undermine the Grassley bill. You are rewriting history. I just asked you if you thought that hiring a Washington lobbying firm would be a good idea. I didn't urge you to join anything. I had no intention of involving any of us personally in any lobbying on the basis that professionals would do it better. > I declined, Actually, you were noncommittal. > thinking it unlikely to succeed and preferring to concentrate on my > other project (including a new release of SmalltalkAgents, just > arrived). When I preferred to work on more technical things than > launching a grassroots political campaign, he got abusive and > insulting in e-mail and I told him I would no longer accept this > sort of abuse. Actually Tim, this is again a rewrite of history. I was having a perfectly pleasant email conversation with you (the first in a while) when your tax situation came up and I advised you that you ought to get some professional tax people to look at your finances. I won't mention what the situation was since that was private, but if you insist I'll happily post our exchange. You claimed I was being "abusive" and went off in a huff. I don't recall urging you to do anything other than seeing a professional tax attorney. I just checked my archive of our private mail exchange on the subject, and it appears that my recollection is substantially accurate. As I noted, if you insist, I'll happily post the private mail. As for your activities: frankly, Tim, I haven't known you to do much of anything over the years. This is, of course, your right. You've earned your money and you now get to do whatever you like. Don't claim, however, that I said or did things that I did not say or do. > Insulting people as "ciphergroupies" because they are not working on one's > current interest seems needlessly counterproductive. If you'd read my messages, I listed a wide array of productive activities. Merely because I feel that polluting the list with messages about Vincent Foster's shoe size is a waste doesn't mean that I think everyone has to be a clone. There are dozens of valuable activities from lobbying to coding to spreading the word that people can do. However, posting conspiracy theories isn't in the list. Perry From mark at unicorn.com Thu Aug 10 13:28:13 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Thu, 10 Aug 95 13:28:13 PDT Subject: PGP Tools on Linux In-Reply-To: <199508101842.OAA22544@charon.MIT.EDU> Message-ID: On Thu, 10 Aug 1995, Derek Atkins wrote: > Yea, I did a long time ago. There was a bug in the code that caused > destroying fifos to do this -- it would free the fifo and then try to > set it, or something like that. You have to reorder a few commands to > fix the problem. No, it's not that one, I'm afraid - this version works fine on SunOS and has that fix in it... it just won't work on Linux. Mark From mab at crypto.com Thu Aug 10 13:35:24 1995 From: mab at crypto.com (Matt Blaze) Date: Thu, 10 Aug 95 13:35:24 PDT Subject: More "S-1" foolishness Message-ID: <199508102043.QAA17280@crypto.com> Yesterday I mentioned that I'd noticed that "S-1" has a non-uniform distribution of F (Sbox?) outputs - some values appear far more often than others. This means that some values are more likely to be XORed against the cleartext than others. Needless to say, this is a very unusual (and presumably very bad) property - in DES, for example, the Sbox outputs are completely flat. I've been avoiding real work today, so here's a breakdown of the distribution of output values for F0-F3 by value and by bit position, as well as the total for all four. (The expected numbers are 16 for the outputs by value and 128 for the outputs by bit). If I get more time, I'll try to figure out how to do a structure a differential attack (which will be a little bit tricky given the G function). I'm not sure this is worth putting much effort into, however, given that the closer I look the more hoax-like this seems. Much as I'd like to think this is a version of Skipjack, it's getting pretty hard to suspend disbelief. I might be willing to believe, however, that this is some kind of proprietary industrial cipher; perhaps the poster added the "TOP SECRET" stuff to attract additional attention to it. All in all, this is a most unusual cipher. On the surface at least, it has many elements of a really bad design. On the other hand, some of the other ideas are novel enough that I wonder why its inventors wouldn't want to be associated with them. -matt ---F0 output distribution--- F0:0 = 18 (1.12) ****************** F0:1 = 10 (0.62) ********** F0:2 = 17 (1.06) ***************** F0:3 = 15 (0.94) *************** F0:4 = 13 (0.81) ************* F0:5 = 12 (0.75) ************ F0:6 = 18 (1.12) ****************** F0:7 = 14 (0.88) ************** F0:8 = 17 (1.06) ***************** F0:9 = 18 (1.12) ****************** F0:a = 14 (0.88) ************** F0:b = 17 (1.06) ***************** F0:c = 18 (1.12) ****************** F0:d = 12 (0.75) ************ F0:e = 19 (1.19) ******************* F0:f = 24 (1.50) ************************ ---by bit--- F0:1 = 122 (0.95) *************** F0:2 = 138 (1.08) ***************** F0:4 = 130 (1.02) **************** F0:8 = 139 (1.09) ***************** ---F1 output distribution--- F1:0 = 21 (1.31) ********************* F1:1 = 13 (0.81) ************* F1:2 = 15 (0.94) *************** F1:3 = 20 (1.25) ******************** F1:4 = 22 (1.38) ********************** F1:5 = 15 (0.94) *************** F1:6 = 8 (0.50) ******** F1:7 = 22 (1.38) ********************** F1:8 = 19 (1.19) ******************* F1:9 = 18 (1.12) ****************** F1:a = 15 (0.94) *************** F1:b = 13 (0.81) ************* F1:c = 10 (0.62) ********** F1:d = 12 (0.75) ************ F1:e = 9 (0.56) ********* F1:f = 24 (1.50) ************************ ---by bit--- F1:1 = 137 (1.07) ***************** F1:2 = 126 (0.98) *************** F1:4 = 122 (0.95) *************** F1:8 = 120 (0.94) *************** ---F2 output distribution--- F2:0 = 16 (1.00) **************** F2:1 = 13 (0.81) ************* F2:2 = 16 (1.00) **************** F2:3 = 13 (0.81) ************* F2:4 = 12 (0.75) ************ F2:5 = 17 (1.06) ***************** F2:6 = 16 (1.00) **************** F2:7 = 16 (1.00) **************** F2:8 = 14 (0.88) ************** F2:9 = 22 (1.38) ********************** F2:a = 27 (1.69) *************************** F2:b = 19 (1.19) ******************* F2:c = 14 (0.88) ************** F2:d = 16 (1.00) **************** F2:e = 11 (0.69) *********** F2:f = 14 (0.88) ************** ---by bit--- F2:1 = 130 (1.02) **************** F2:2 = 132 (1.03) **************** F2:4 = 116 (0.91) ************** F2:8 = 137 (1.07) ***************** ---F3 output distribution--- F3:0 = 23 (1.44) *********************** F3:1 = 20 (1.25) ******************** F3:2 = 11 (0.69) *********** F3:3 = 23 (1.44) *********************** F3:4 = 17 (1.06) ***************** F3:5 = 15 (0.94) *************** F3:6 = 13 (0.81) ************* F3:7 = 17 (1.06) ***************** F3:8 = 15 (0.94) *************** F3:9 = 11 (0.69) *********** F3:a = 9 (0.56) ********* F3:b = 19 (1.19) ******************* F3:c = 14 (0.88) ************** F3:d = 16 (1.00) **************** F3:e = 14 (0.88) ************** F3:f = 19 (1.19) ******************* ---by bit--- F3:1 = 140 (1.09) ***************** F3:2 = 125 (0.98) *************** F3:4 = 125 (0.98) *************** F3:8 = 117 (0.91) ************** ===overall sum=== ---F* output distribution--- F:0 = 78 (1.22) ******************* F:1 = 56 (0.88) ************** F:2 = 59 (0.92) ************** F:3 = 71 (1.11) ***************** F:4 = 64 (1.00) **************** F:5 = 59 (0.92) ************** F:6 = 55 (0.86) ************* F:7 = 69 (1.08) ***************** F:8 = 65 (1.02) **************** F:9 = 69 (1.08) ***************** F:a = 65 (1.02) **************** F:b = 68 (1.06) ***************** F:c = 56 (0.88) ************** F:d = 56 (0.88) ************** F:e = 53 (0.83) ************* F:f = 81 (1.27) ******************** ---by bit--- F:1 = 529 (1.03) **************** F:2 = 521 (1.02) **************** F:4 = 493 (0.96) *************** F:8 = 513 (1.00) **************** From kelli at zeus.towson.edu Thu Aug 10 14:04:24 1995 From: kelli at zeus.towson.edu (K. M. Ellis) Date: Thu, 10 Aug 95 14:04:24 PDT Subject: Conspiracies and "Ciphergroupies" In-Reply-To: <199508101943.PAA27611@panix4.panix.com> Message-ID: On Thu, 10 Aug 1995, Perry E. Metzger wrote: > > This is only of interest to a very limited number of people. Its > basically a flame about private matters. I discourage reading it. > This disclaimer means nothing. Gentlemen, this discussion is pointless. Please, on behalf of the little people, shut up already! -=Kathleen M. Ellis=- kelli at zeus.towson.edu http://zeus.towson.edu/~kelli/ Diverse Sexual Orientation Coll.Towson State University DSOC at zeus.towson.edu From carolab at censored.org Thu Aug 10 14:16:08 1995 From: carolab at censored.org (Censored Girls Anonymous) Date: Thu, 10 Aug 95 14:16:08 PDT Subject: Conspiracies and "Ciphergroupies" In-Reply-To: Message-ID: Perry works too hard sometimes. Tim writes kewl articles. Mr. Young keeps us up tp date on the Times. Wei Dei has RSA on his case, in unwarranted fashion. Alex gets it all across the water. Brad is hung up on Vince Foster. Lucky Green needs his antique tin. Futplex has a cool name, and hot pointers. Joel lives in his own 'Private Idaho'. Robert now "Pinesigns" everything. And today My web counter showed that over 1,000 folks had now used my web page to get PGP. This includes over 300 shipped 'across the dreaded water zones'. (sound of 1 hand clapping!) I write code....html, that is...... I do attempt to use it judiciously. censored.org censors no one. Just quietly enters things to the unread mail stack (now 11.3 megs) for a rainy day. Have a fun summer...fall is coming soon, and light a candle for Jerry Garica today. Love Always, Carol Anne Member Internet Society - Certified BETSI Programmer - WWW Page Creation ------------------------------------------------------------------------- Carol Anne Braddock <--now running linux 1.0.9 for your pleasure carolann at censored.org __ __ ____ ___ ___ ____ carolab at primenet.com /__)/__) / / / / /_ /\ / /_ / carolb at spring.com / / \ / / / / /__ / \/ /___ / ------------------------------------------------------------------------- A great place to start My Cyber Doc... From jya at pipeline.com Thu Aug 10 14:31:44 1995 From: jya at pipeline.com (John Young) Date: Thu, 10 Aug 95 14:31:44 PDT Subject: DED_hed Message-ID: <199508102131.RAA26878@pipe1.nyc.pipeline.com> 8-10-95. NYPaper Page-Oner: "Jerry Garcia of Grateful Dead, Icon of 60's Spirit, Dies at 53." By Jon Pareles, Music Critic. [With] "Sadness From the Streets to High Offices." By John Markoff. DED_hed From corondan at eng.eds.com Thu Aug 10 15:06:08 1995 From: corondan at eng.eds.com (George A. Corondan corondan@eng.eds.com) Date: Thu, 10 Aug 95 15:06:08 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) Message-ID: <9508102205.AA23622@earth.troy.eng.eds.com> On Aug 10, 12:02pm, David G. Koontz wrote: > Subject: Re: "S1" encryption system (was: this looked like it might be int > >Jon writes: > >> Two other possibilities: (1) It's merely an independently produced > >> cryptosystem disguised as a "leak" to save its creator the trouble of > >> asking experts to analyze it for him/her. > > >It strikes me as rather foolish to mail off anonymous copies to several > >individual recipients (Matt, Perry, Tim, ...) in addition to the list, if > >S1 is a real leak. Why aid the traffic analysts by firing off multiple > >messages through the remailers ? > > A third possibility comes to mind, that person or persons associated with > the list are using the post to focus on cryptographic efforts in lieu of > political or apocalyptic diatribes. how about a fourth possibility: the government ___ agency did it. this was done to achieve two goals: 1) make cypherpunks easy to villify (look at all of the nasty crypto stuff being passed to foreign nationals) 2) a quick estimate of cypherpunks' ability to analyze an algorithm am i being too paranoid? probably, but you tell me :-). -- George A. Corondan Inet: corondan at eng.eds.com E.D.S. Mail Stop 4251 Voice: (810)265-2937 800 Tower Drive FAX: (810)265-3432 Troy, MI 48098-7019 From zeus at pinsight.com Thu Aug 10 15:12:26 1995 From: zeus at pinsight.com (J. Kent Hastings) Date: Thu, 10 Aug 95 15:12:26 PDT Subject: Legislative One-Liners Message-ID: <199508102212.PAA01472@utopia.pinsight.com> -- [ From: J. Kent Hastings * EMC.Ver #2.5.02 ] -- -----BEGIN PGP SIGNED MESSAGE----- DANGER: Legislature In Session! "One-Liners" List of 104th Congress privacy legislation. Latest update: 8/1/95. The overview compiled by the Electronic Privacy Information Center (EPIC), info at epic.org, http://www.epic.org is edited here into single line entries by J. Kent Hastings, zeus at pinsight.com, Assistant Director of the Agorist Institute, http://www.pinsight.com/~zeus/agorist/ The full text of pending bills, and other legislative materials is available from cpsr.org /cpsr/privacy/epic/104th_congress_bills/ - -- House Bills -- Taking Back Our Streets (HR 3). Limits sanctions for illegal searches. Personal Responsibility (HR 4). Databases of new hires and child support. Risk Assessment (HR 9). Government Information Locator Service (GILS). FBI Counterintelligence (HR 68). Easier access to credit reports by FBI. Electronic Anti-Stalking (HR 112). Electronic harassing a federal crime. Obscenity and Computers (HR 121). Network obscenity 10-year fed penalty. Quality Assurance in Drug Testing (HR 153). Requirements for drug testing. Individual Privacy Protection (HR 184). New national privacy commission. Interstate Child Support (HR 195). New hires database, IRS collection. Export Administration (HR 361). Studies software encryption overseas. Antitrust Reform (HR 411). Orders FCC privacy survey, limits CPNI. Postal Privacy (HR 434). Prohibits P.O. selling info to direct marketers. Fair Health Information Practices (HR 435). Health care privacy bill. Restricted Explosives Control (HR 488). Federal permits, even black powder. Social Security Anti-Fraud (HR 502). Telephone verification of applicants. Immigration Reform (HR 560). Tamperproof ID cards for immigrants. Consumer Reporting Reform (HR 561). Limits cost and use of credit reports. Enforce Employer Sanctions (HR 570). SS card w/fingerprint, barcode, photo. Exclusionary Rule Reform (HR 666). Violates 4th Amendment, except IRS/BATF. Criminal Alien Deportation (HR 668). Wiretaps OK for illegal immigration. Illegal Immigration Control (HR 756). Wiretaps, machine SSN I.D., databases. Child Support Responsibility (HR 785). Parents SSN birth/marriage documents. Paperwork Reduction (HR 830). Coordinates federal information policy. Comprehensive Antiterrorism (HR 896). "Terrorist organization" fund raising. Child Support Enforcement (HR 906). Allows access to all financial records. Communications Decency Act (HR 1004). Same as Exon bill in Senate (S 314). Illegal Immigration Control (HR 1018). Tamper proof Social Security cards. Welfare Transformation (HR 1157). Database of new employees, parent locator. American Health Security (HR 1200). Health records database for research. Food Stamp Simplification (HR 1214). Increases SSN use. Electronic benefits. Basic Health Care (HR 1234). Weak limits on medical information access. Sexual Crimes Against Children (HR 1240). New penalties, computer networks. DNA Identification (HR 1241). Revises funding authorized for Violent Crime. Family Stability (HR 1250). Database of employees, parents, more SSN use. Family Privacy Protection (HR 1271). Prohibits questionnaires of minors. Revise Aliens and Nationality laws (HR 1292). Employment verification card. Children's Media Protection (HR 1390). "V-Chip" TV filtering, ratings. Communications Act of 1995 (HR 1555). Privacy of customer info, except CDA. Antiterrorism Amendments (HR 1635). Eases wiretaps, credit report evidence. Quality Assurance in Drug Testing (HR 1706). Standards for drug testing. Comprehensive Antiterrorism (HR 1710). Eases wiretaps, credit evidence. Constitutional Rights Oversight (HR 1738). Creates inspector general review. Prevent Fraud in Health Care (HR 1758). Sharing of medical information. Health Information Modernization (HR 1766). Health Information Network. Counterterrorism Research (HR 1847). New DOJ surveillance and tracking. High Risk Drivers (HR 1866). SSN as common identifier for drivers liscenses. Health Care and Paperwork Reduction (HR 1912). Magnetic ID, SSN/health plan. Immigration in the National Interest (HR 1915). More wiretaps, bank records. Internet Freedom and Family Empowerment (HR 1978). On-line srvc screening. Parental Control Inappropriate Programming(-ed.) (HR 2030). Another V-Chip. -- Senate Bills -- Violent Crime Control (S 3). OK's illegal search, wiretaps by foreign govts. Family Health Insurance Protection (S 7). Democratic health care bill. Exclusionary Rule Limitation (S 54). OK's violations of 4th Amendment. Paperwork Reduction Act (S 244). Government Information Locator Svc (GILS). Immigrant Control (S 269). National registry for workplace verification. Private Long-Term Care (S 294). Creates "health information network". Communications Decency Act (S 314). Outlaws sexual and anonymous messages. High-risk Drivers Act (S 387). National system of driving records, uses SSN. Marking of Plastic Explosives (S 390). Wiretaps terror "material support." Interstate Child Support (S 456). Databank of new hires, SSA link. Illegal Immigration Control (S 580). Wiretaps immigration and smuggling. Child Custody Reform (S 632). Database of all child custody cases. Telecommunications Competition (S 652). Restricts indecent Internet speech. Taxpayer Browsing Protection (S 670). Stops unauthorized tax data viewing. Child Support (S 687). Support obligation database. SSNs related documents. Amend Fair Credit Reporting (S 709). Limits employment credit reports. Study of Internet Pornography (S 714). Replacement for Comm Decency (S.314). Comprehensive Terrorism (S 735). "Roving" wiretaps, Internet bomb info. Economic Opportunity (S 746). Expands National Parent Locator Service. Immigration Enforcement (S 754). Telephone verification for applicant SSNs. Illegal Immigration (S 759). Database non-immigrants' entrance/exit dates. Omnibus Counterterrorism (S 761). Pays for Digital Telephony and wiretaps. Interstate Child Support (S 828). Both parents' SSNs birth/marriage/driver. Real Welfare Reform (S 834). "Designated industries" support obligations. Work and Gainful Employment (S 840). Child support, new hire, SSN documents. Health Information Modernization (S 872). National health info network. Protection of Children (S 892). Criminalizes indecent computer data. Intelligence Authorization (S 922). Credit info, FBI "counterintelligence." Interstate Child Support (S 926). Database of W-4 forms and child support. Healthy Mothers, Healthy Children (S 933). Children's immunization database. Information Technology Management (S 946). Chief Information Officer of OMB. Anti-Electronic Racketeering (S 974). Bans encryption software distribution. National Information Infrastructure (S 982) Newly defined computer crimes. Illegal Immigration Control (S 999). Internal passport for all citizens. - --- End of Listing --- ANNOUNCING: The "MIND YOUR 0WN BUSINESS" audiotext program. 1 - 9 0 0 - C A N - M Y 0 B (1-900-226-6902) Notice the zero digit, not the letter "O." The Feds say you can't have privacy, but we say you CAN "Mind Your 0wn Business!" And now we have a 900 number to reveal new methods to defend your privacy from criminals and tyrants. Sponsored by The Agorist Institute. The cost of each call is just 99 cents per minute, average cost $2.97, average length 3 minutes (August 1995 only. Future messages will be longer.) You must be at least 18 to call or have parental permission. This is a much better deal than you'll get from most psychic or sex lines ;^) The line will be updated by the 1st of each month. By September 1, 1995, our message will be recorded by a professional audio producer, but for now, you get to hear me read the first script. Don't be surprised if we update it during August. Kent J. Kent Hastings, Assistant Director of The Agorist Institute zeus at pinsight.com -- http://www.pinsight.com/~zeus/agorist/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMCqAeDTxxI221vktAQEaTAQAitl0r9d6nii64lfdIszWvnePURR0ti9h JsL3pMk+CYwz3CweuVvCXXJKp3TX6P+hkL6kdjt2zJ6axQFAfRcLcl6BqpQcxI7p MnHQbkLFQgI/4t9nM3RxieX5/a4idYtEAZuZh+y3ca160ftxCFLUaP6kordg/KI2 YgvAqrljkOA= =SQWP -----END PGP SIGNATURE----- From hayden at krypton.mankato.msus.edu Thu Aug 10 15:22:46 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 10 Aug 95 15:22:46 PDT Subject: Conspiracies and "Ciphergroupies" In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 10 Aug 1995, Censored Girls Anonymous wrote: > Robert now "Pinesigns" everything. Yup, and it's encouraging a lot of other lay-people to investigate PGP and digital signatures. In the last week, I've gotten 200 or so hits on Pinesign and Tinsign from my homepage. That's my purpose, get the word out, and it's working. :-) > Have a fun summer...fall is coming soon, and light > a candle for Jerry Garica today. uh, a candle is the last thing I'd expect most people are lighting today in rememberance.... > Carol Anne Braddock <--now running linux 1.0.9 for your pleasure Upgrade, unsecure :-) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMCpqrDokqlyVGmCFAQFejAP+MhiolnfInEctzT9ihVSozbZqVbdPXJ4j cIFugNnezRnLI7C/5ekHwLzZcEJH6MhaDgMckgIoYAs+/xyJTQs3407DO7AFx2lU rZERB+p2Kdpp4FMq+7fTQjF36RugEozQXVCAJJ97MwUq1/6YlCBIfJliTRcLH7Jm qsrlSFn9sE8= =6lXM -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.0 GED/J d-- s:++>: a-- C++(++++) ULU++ P+! L++ E---- W+(-) N++++ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G++++>$ e++ h r-- y++** ------END GEEK CODE BLOCK------ From crypto at midex.com Thu Aug 10 16:02:07 1995 From: crypto at midex.com (Matt Miszewski) Date: Thu, 10 Aug 95 16:02:07 PDT Subject: Bank Fees and E-Cash In-Reply-To: <9508100004.AA03734@TeleCheck.com> Message-ID: On Wed, 9 Aug 1995 turner at telecheck.com wrote: > Citibank and MasterCard are developing an "internet" ways for you to use > your credit cards, not e-cash. Microsoft is developing ways to pipe that > information to them. These are not going to solve the problem, especially > at 18.9% A.P.R... Can somebody give us an update as to how this is going. I would like strong, real, digital cash, but until then, some of us could utilize this at the very least. Updates or pointers?... Matt From remailer at bi-node.zerberus.de Thu Aug 10 16:29:33 1995 From: remailer at bi-node.zerberus.de (Ford Prefect) Date: Thu, 10 Aug 95 16:29:33 PDT Subject: No Subject Message-ID: perry, of course, is a dysfunctional human "cipher" himself, who couldn't be civil if he was at a tea party of grandmothers. yes, in 15 minutes he would end up screaming and mooning them all because they hadn't heard of Netscape or Chaum or something. what a prick. so he wants to lobby congress and write some code?? well perry, good for you. you just go off on your little excursion. let us know how you are doing. send some postcards to Blacknet, OK??? as for TCM and his invest-in-stocks-and-evade-taxes shtick, it's starting to bore me too. frankly I think that both TCM and PM should take a long, long vacation from the cypherpunks list and go take a cruise together. yes, help patch up that relationship that is so strained lately. it hurts us all to see two grown men fighting each other. make love, not war!!! hehehehe From nowhere at bsu-cs.bsu.edu Thu Aug 10 16:29:34 1995 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Thu, 10 Aug 95 16:29:34 PDT Subject: No Subject Message-ID: <199508102329.SAA21100@bsu-cs.bsu.edu> will someone just CUT THE @#$%^&* FOSTER CONSPIRACY THEORIES?? I'm getting F---ING SICK AND TIRED of all the BULL**** that is being posted to this F---ING LIST!!!! does anyone give a flying f--- whether Foster was killed or suicided or hit by a bus?!?!?! WHAT DOES THIS HAVE TO DO WITH CYPHERPUNKS? WHAT DOES THIS HAVE TO DO WITH CODE??? PARRY IS RIGHT. everyone else who disagrees can KISS MY ASS. sign up for the PLAN TO ENCRYPT CYBERSPACE. parry is the man to start with. he will get you started on his campaign like any good drill instructer. oh yes, so many of you pansies need to get into a serious digital BOOT camp. learn some real manly things for a change!!! besides gossiping and tittering like grizzled grandmothers who haven't a clue or a life!!! he's right, little TIMMY MAY hasn't done one @#$%^&* productive thing in the last 5 years after he quit Intel. oh yeah, he is raking in cash off all his little darling stocks, but what the hell does he have to say that is even slightly relevant to coding? my god, here is a guy that barely even knows what linux IS, let alone how to install it. I bet he thinks that "bash" is something you do to the NSA!!! oh yeah, he goes to his silly little "mind masturbating and drug fondling" parties every few days with all the Hoi Poilloi Holier-Than-Thou pricks of the world, the "cum of the net" ejaculating all over each other, hehehehehehe what a bunch of effeminate nobodies... PARRY is the premiere cypherpunk. he should be worshipped by everyone. he has written dozens of RFCS which have made cyberspace a far better place as we know it. if you don't contribute to his solution, YOU ARE PART OF THE PROBLEM. PARRY is part of the solution. HINT FOR THE CLUELESS: GET WITH THE PROGRAM. don't you think that you are being the most scurrilous swine for taking up PARRY's time with your filling up this mailing list with GARBAGE? TRASH? EXCREMENT? ODIOUS EFFLUVIA??? don't you know that it cuts into his insanely precious programming time by hours to have to monitor this list closely to see if anyone posted some boneheaded conspiracy theory or insulted him??? that TAKES PRECIOUS TIME THAT HE COULD BE SPENDING TRADING PROGRAMMING TECHNIQUES WITH BRILLIANT PEOPLE WHO KNOW UNIX SOFTWARE AND HOW TO WRITE A CORRECT DNS LOOKUP VIA SOCKET LIBRARIES. are we cypherpunks, or cypherprogrammers? GET A CLUE, PEOPLE. I SWEAR if I see one more FORWARDED ARTICLE TO THIS GROUP, I'M GOING TO MAILBOMB THE WHOLE LIST. that'll teach the @#$^%^&* bastards to mess with MY VALUABLE TIME. From sameer at c2.org Thu Aug 10 16:35:36 1995 From: sameer at c2.org (sameer) Date: Thu, 10 Aug 95 16:35:36 PDT Subject: Crypto = Competitive Advantage? In-Reply-To: Message-ID: <199508102330.QAA01345@infinity.c2.org> > > It seems that anything involving the Internet, the Web, and digital > commerce is really, really hot. The fire that burns twice as hot burns half as long. It may be a cliche but it is quite applicable here I think. -- sameer Voice: 510-601-9777 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From nobody at REPLAY.COM Thu Aug 10 16:37:38 1995 From: nobody at REPLAY.COM (Anonymous) Date: Thu, 10 Aug 95 16:37:38 PDT Subject: PERRY METZGER: YOUR MOMMY IS CALLING YOU HOME Message-ID: <199508102337.BAA14035@utopia.hacktic.nl> I'm tired of Perry. he's always ranting and stirring the shit. he's always setting himself up as the savior of the list signal. what the hell has he really written? oh, the poor bastard has holed himself in his apartment to write crypto code or the world is going to die tomorrow. thank you, mr. Jesus Christ, Nailed to a Cybercross. WHY HATH WE FORSAKEN HIM??? oh, I can see the blood oozing from the gaping flesh wounds. poor Perry, having to bear this horrible cross while everyone else stands around and gawks and remarks about Foster conspiracy theories... yes, we are being utterly inconsiderate of his splendor and selflessness. has anyone seen Mathew, Mark, John, or Luke around??? Perry has something to say to them. oh, and Perry has become Mr. Cyberlobbyist. yes, just what we NEED, is another person to be sucked up and ground up in the oozing washington slime regurgitator. well, if it would swallow him up and never spit him out, perhaps we should encourage him in his newfound political passions. I have seen an awful lot of noise on the list, and I'm pretty f***ing amazed at how much of it is due to PM and his BLACKBOARD FINGERNAIL SCREECHING. he's worse than detweiler. actually, I think he may be a detweiler tentacle. he's certainly doing a fantastic impression of it. mr. holier than thou Protector of the Cypherpunks. perry, just go stay in your dark apartment and write your code. we'll be happy to hear from you in a year when you have all your little tinkertoy prototypes put together with threads and bubblegum. TCM is not the first person you have violated by posting private mail. you are the lowest cypherscum for violating privacy, perry. you know that if anything is sacred to cypherpunks, it is Tim May and privacy, and frankly I think you have been doing just a little to much pissing on both of them lately. oh, violate Tim May's privacy? well, stab two sacred cows with one bazooka, why don't you, you little bastard... do we have any need for you? maybe tim may is a weenie, but I'd rather have a weenie around then YOU, and I think virtually EVERYONE HERE concurs on that point... why don't you take a vacation from the list? TCM has the guts to do this, and has done so in the past. but you are just a bloated buffoon who cannot tell when he is not wanted somewhere even as people spit in your face. hee, hee, reminds me of someone else I know. but frankly, perry, I don't think you have the balls to go away. if you are a real programmer, and all the real programmers have left, what does that make you? stupid, I'd say. we would not miss you one whit if you left, Perry. in fact I think it's safe to say that we'd be quite delighted if you would take your constant shit-stirring somewhere else and get a life. TCM may have a pathetic excuse for a hobby, but you have a pathetic excuse for a LIFE. I know you personally Perry, and you couldn't conduct yourself in a meeting of civilized people if you had your tongue chopped off, and I think there's plenty of meetings you've been to when your peers were wishing exactly that.... xxxxxxooooo <- hugs and kisses, darling perry puppy From crypto at midex.com Thu Aug 10 16:42:29 1995 From: crypto at midex.com (Matt Miszewski) Date: Thu, 10 Aug 95 16:42:29 PDT Subject: IPSEC goes to RFC In-Reply-To: Message-ID: I would like to be involved with any final stages of the Linux port. I run a now, fairly defunct business off of my Linux Box and can afford some troubles in alpha testing. Let me know when things are near a testing stage guys. Oh, and by the way, thanks for doing this everyone. It is VERY important! Matt On Thu, 10 Aug 1995, David Neal wrote: > I'd like to also volunteer to do the linux port, whether it be > coordination patches, hacking code, finding people, whatever. > > > David Neal - GNU Planet Aerospace 1-800-PLN-8-GNU > Unix, Sybase and Networking consultant. "...you have a personal responsibility > to be pro-active in the defense of your own civil liberties." - S. McCandlish > From tcmay at got.net Thu Aug 10 16:42:56 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 10 Aug 95 16:42:56 PDT Subject: Crypto = Competitive Advantage? Message-ID: At 11:30 PM 8/10/95, sameer wrote: >> >> It seems that anything involving the Internet, the Web, and digital >> commerce is really, really hot. > > The fire that burns twice as hot burns half as long. It may be >a cliche but it is quite applicable here I think. Indeed. Who now recalls Jaron Lanier's virtual reality company? (In retrospect, Jaron's error was in not finding a way to take VPL public. VPL was the Netscape of 1990. But will Netscape be the VPL of 1992?) Let the record show that I was not one of the tens of thousands of people calling their brokers trying to get in on the Netscape IPO. (Though getting in at the IPO price and selling out the same day was obviously lucrative for a lot of folks.) --Tim May Special note: My ISP has changed its domain name from "sensemedia.net" to "got.net" (as in "got milk?"), so I have to again ask you all to bear with me and use my new e-mail address, "tcmay at got.net". ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From anon-remailer at utopia.hacktic.nl Thu Aug 10 16:45:13 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Thu, 10 Aug 95 16:45:13 PDT Subject: F*** FOSTER Message-ID: <199508102345.BAA14099@utopia.hacktic.nl> this vince foster thing is BS. total bs. Perry is right. there's not a single smidgeon of honest reporting going on. its just slime being stirred up by internet thugs and rapscallions. let foster rest in peace. multiple people have ruled it was a suicide. perry can attest that it was a suicide. perry can attest that the NSA was not involved. he has seen everything, and if he has an opinion on something, you can take his word that it was based on the FACTS. the FACTS of the case are that FOSTER was fed up with his nothing life, and pulled the trigger and blew his brains out in a park. so what if they couldn't find the brains anywhere? or they are missing a few here and there??? they were splattered on the grass. when there is that much splatter all over the place, you can be sure that the people showing up with the spatula are not going to be that meticulous. they probably did about 5 minutes of scrape, scrape, scaping and then vomited and passed the spatula to the next guy. I mean, cut these guys some slack. the NSA stuff is total, utter poppycock. the NSA has absolutely nothing to do with vince foster. Clinton has nothing to do with foster. Hillary has nothing to do with foster. why, the way people are ranting you'd think there is a major political scandal going on. NOTHING IS GOING ON HERE. please step aside, and move along. PLEASE MOVE ALONG FOLKS, THERE'S NOTHING MORE TO SEE HERE. the fact that foster may have had access to intelligence secrets such as cryptography is IRRELEVANT to the cypherpunks. the fact that a scandal may have taken place is IMMATERIAL to our goals. our goals are to WRITE CODE. FOR GOD'S SAKE, WRITE THAT CODE. I don't care if you have to create code generators. CODE, CODE, CODE. post the code to the cypherpunks list. talk about the code. critique the code. study the code. salvation for all humanity lies in finding the magic formula. and we can't find it, UNLESS WE CODE, DAMMIT. perry understands this. some people think that there is a magic government program that will solve poverty, give freedom to everyone in the US, and solve P=NP. they're WRONG. the government cannot do any of this. BUT PROGRAMMERS CAN!!!! put your programming hats on. if you haven't banged a keyboard a half million times, fired up VI to edit a C file for the ten zillionth time, NO PROGRESS IS BEING MADE. ITS AS SIMPLE AS THAT. if you haven't compiled something recently, RECOMPILE IT JUST TO BE SAFE. we just aren't making any progress without CODE, CODE, CODE. we have an utter shortage of code. the problem is not politics, but LACK OF CODE. anyone can look at the net today and see there is a HORRENDOUS SHORTAGE OF CODE IN CYBERSPACE. we have to train everyone to program NOW or the future is lost to the incompetent. we will be back to Vic 64's if people don't keep up the constant programming. software is the key to salvation. every second devoted to the vince foster thing is a precious second taken away from code. NOTHING POSITIVE CAN COME OF PREOCCUPATION WITH CONSPIRACY THEORIES. PERRY CAN ATTEST TO THAT. remember when PRZ was getting indicted? perry was right on then too. some people were scared shitless and raving out of their minds, saying the world would end tomorrow, but NOT PERRY. perry has NO FEAR. he said that we should CODE, CODE, CODE. and you know what??? HE'S RIGHT. if people followed PERRY, we would not be in this @#$%^&* predicament we are in. if we could just get it so that every person who signed up to the internet could CODE, we would be home free. salvation. utopia!!! then we could rest a little. but only a little, otherwise the NSA will beat us again at the code race. once again: forget Foster. nothing, absolutely nothing about this scandal could possibly help our cause of trying to expose corruption in government to the mainstream populace, to keep them better informed, to put limits on the NSA, to show that they have been involved in horrendous abuses, that there is something utterly smelly in our government. FORGET IT. NOTHING LIKE THIS WILL EVER BE PROVEN OR ESTABLISHED. IT'S IMPOSSIBLE, JUST LIKE PERRY SAYS SO. when anything new comes of this foster stuff, just remember that perry predicted way ahead of time that it would amount to NOTHING, NOTHING, NOTHING. and the more you preoccupy your brains with this TOTAL MINUTIA, the less you are coding. STOP IT RIGHT NOW. just remember, if you don't, you will be SORRY, and when you come crying back to Perry that nothing of value came of all your conspiracy mongering, he will have NO SYMPATHY, in fact if he had a gun around he'd probably be tempted to blow your brains out. and you can just FORGET about the spatula. From carolab at censored.org Thu Aug 10 17:00:13 1995 From: carolab at censored.org (Censored Girls Anonymous) Date: Thu, 10 Aug 95 17:00:13 PDT Subject: Is there a 12 step group in the house? Message-ID: Sounds like someone needs a meeting. There are groups for obsessive/compulsive activity. Member Internet Society - Certified BETSI Programmer - WWW Page Creation ------------------------------------------------------------------------- Carol Anne Braddock <--now running linux 1.0.9 for your pleasure carolann at censored.org __ __ ____ ___ ___ ____ carolab at primenet.com /__)/__) / / / / /_ /\ / /_ / carolb at spring.com / / \ / / / / /__ / \/ /___ / ------------------------------------------------------------------------- A great place to start My Cyber Doc... From bshantz at nwlink.com Thu Aug 10 17:02:36 1995 From: bshantz at nwlink.com (Brad Shantz) Date: Thu, 10 Aug 95 17:02:36 PDT Subject: PERRY METZGER: YOUR MOMMY IS CALLING YOU HOME Message-ID: <199508110003.RAA02472@washington.nwlink.com> >I'm tired of Perry. I think that any Perry bashing can be taken offline. I don't think that 700 people subscribed to the "I Hate Perry Metzger" list; they subscribed to cypherpunks. If you have anything to say to Perry, tell him in private e-mail. Don't post a milion lines of shit to the list. Get a clue folks... Brad From jcaldwel at iquest.net Thu Aug 10 17:10:32 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Thu, 10 Aug 95 17:10:32 PDT Subject: "S1" encryption system (was: this looked like it might be interesting) In-Reply-To: <9508102205.AA23622@earth.troy.eng.eds.com> Message-ID: George A. Corondan (corondan at eng.eds.com) wrote: > > >It strikes me as rather foolish to mail off anonymous copies to several > > >individual recipients (Matt, Perry, Tim, ...) in addition to the list, if > > >S1 is a real leak. Why aid the traffic analysts by firing off multiple > > >messages through the remailers ? > > > > A third possibility comes to mind, that person or persons associated with > > the list are using the post to focus on cryptographic efforts in lieu of > > political or apocalyptic diatribes. > how about a fourth possibility: the government ___ agency did it. Can't play that game too much or you'll be in a padded room somewhere, probably a Federal mental hospital with no name..... ;-) > this was done to achieve two goals: > 1) make cypherpunks easy to villify (look at all of the nasty crypto > stuff being passed to foreign nationals) > 2) a quick estimate of cypherpunks' ability to analyze an algorithm I'd say it was trashed in under 5 messages. > am i being too paranoid? probably, but you tell me :-). If the algorythim is compiled, supplied with a key and decrypts skipjack /clipper/bubbaheres then you know it's real. -- So you may wonder -- "But what does that have to do with me?" Answer: I have locked horns with "The Devil", buddy boy, and compared to him, you ain't sh**. Brian Francis Redman to Chip Berlet From rah at shipwright.com Thu Aug 10 17:23:37 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 10 Aug 95 17:23:37 PDT Subject: It may be time to electrify the floor... Message-ID: ... because we seem to be in the throes of a listwide piss-fight. Unless we're the victim of duelling rant generators -- but I don't think this is the case, as they all happened too fast. It's a nice night. Maybe I'll go sit on the back porch and smoke the base-ball-bat Macanudo (cigar) I bought at Erlich's today... See you all in the morning. Don't forget to insulate yourselves, everyone... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From tcmay at got.net Thu Aug 10 17:27:49 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 10 Aug 95 17:27:49 PDT Subject: "Protect the children" as passphrase to Constitution Message-ID: I was reminded the other night by someone of the "'National security' is the root passphrase of the Constitution." The idea being that the normal Constitutional protections are bypassed by invocation of "national security." But it occurs to me that we are seeing a new variant of this: "Protect the children." Some recent examples: - Clinton's Executive Order today which limits advertising of cigarettes, limits the display of tobacco-related symbols and words on t-shirts, baseball caps, billboards, and publically-visible signs at sports events. (There were all kinds of details, most of them blatantly in violation of the First Amendment. I half-watched the Clinton announcement, but didn't take notes...consult your newspaper or the Web.) The critical phrase: "We have to protect the children." (Oh, and one amazing detail: the possible issuance of I.D. cards to all of those under the age of 18. Besides being useful for things like curfews, video tape rental prohibitions, and the cigarette ban, it would lead to I.D. cards for those over 18. naturally (if those over 18 don't have to carry them, then all a child less than 18 has to do is to claim not to have to carry one because he's 18!) - The whole Exon and V-chip debates, now likely to be passed by Congress, are about "protecting children." - and the Oklahoma City bombing, not that I supported it in any way, was seen as especially horrific because of the children that were killed. This means that restrictive legislation, such as bans on explosives information, guns, etc., can be justified as measures to "protect children." And so on. Now clearly this strategy will be welcomed by many. It's hard to argue against children and against the "protection of children." Arguing the Constitutional side is tough when "the children" are at issue. More speculatively, I think Clinton has hit on this strategy as a way to line up support from the Republican majority in Congress on many key issues. There may even be repercussions for welfare and health care issues (which Clinton can also cast as "protect the children" issues). The potential crypto relevance? Look for arguments about limiting access to strong crypto to be more heavily focussed on "pedophiles" and "pornographers." Look for calls to have a national I.D. card--which serves many State-needed purposes (and I don't mean in terms of Revelations). A national I.D. card could then be tied in to GAK/escrow systems. "We have to protect the children." --Tim May Special note: My ISP has changed its domain name from "sensemedia.net" to "got.net" (as in "got milk?"), so I have to again ask you all to bear with me and use my new e-mail address, "tcmay at got.net". ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sandfort at crl.com Thu Aug 10 17:29:48 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 10 Aug 95 17:29:48 PDT Subject: your mail In-Reply-To: <199508102329.SAA21100@bsu-cs.bsu.edu> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Thu, 10 Aug 1995, Anonymous wrote: > will someone just CUT THE @#$%^&* FOSTER CONSPIRACY THEORIES?? > I'm getting F---ING SICK AND TIRED of all the BULL**** [etc.] > PARRY IS RIGHT. everyone else who disagrees can KISS MY ASS. I, for one, am anxious to kiss Anonymous' ass. Unfortunately, he forgot to take credit for his clever bon mot, so I am unable to comply. What a pity. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From lmccarth at cs.umass.edu Thu Aug 10 18:00:52 1995 From: lmccarth at cs.umass.edu (L. McCarthy) Date: Thu, 10 Aug 95 18:00:52 PDT Subject: PERRY METZGER: YOUR MOMMY IS CALLING YOU HOME In-Reply-To: <199508102337.BAA14035@utopia.hacktic.nl> Message-ID: <9508110100.AA10650@cs.umass.edu> Well, for the record, _I_ certainly appreciate .pm's efforts on many fronts related to cypherpunks. Anonymous rants: > I know you personally Perry, I doubt it. Prove it to me in *private* email. -L. "Futplex" McCarthy [PGP key available via finger or server] From anon-remailer at utopia.hacktic.nl Thu Aug 10 18:15:12 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Thu, 10 Aug 95 18:15:12 PDT Subject: PERRY METZGER: YOUR MOMMY IS CALLING YOU HOME Message-ID: <199508110115.DAA17165@utopia.hacktic.nl> Brad Shantz writes: > >I'm tired of Perry. > > > > I think that any Perry bashing can be taken offline. I don't think that 700 > people subscribed to the "I Hate Perry Metzger" list; Nah, that list is way bigger than cypherpunks. From adwestro at ouray.cudenver.edu Thu Aug 10 18:45:16 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Thu, 10 Aug 95 18:45:16 PDT Subject: DETWEILLER In-Reply-To: Message-ID: On Wed, 2 Aug 1995, Sandy Sandfort wrote: > > > ObCypherpunk: Anybody heard from Detweiller? > > Actually, he was at the last Bay Area Cypherpunks physical > meeting under another name. And the Cypherpunk Merry Prankster who surreptitiously replaced his Thorazine with Tic-Tacs now owes the list an apology! :-Q Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 From liberty at gate.net Thu Aug 10 18:52:57 1995 From: liberty at gate.net (Jim Ray) Date: Thu, 10 Aug 95 18:52:57 PDT Subject: "Protect the children" as passphrase to Constitution Message-ID: <199508110150.VAA26775@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Every time I hear some porker say, "Protect the children," the BS translator that resides in my brain replaces the word "Protect" with the words, "Treat adults like." Probably a mental defect. JMR PS RIP Jerry G. Let's cease the flamewar for 24 hours, in memory. - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMCq1/m1lp8bpvW01AQGg8gQAiq+kzyQopCLFQtzPhr4WIN42I41ZDPyh 1qH1/DBHAS8BaNqK8f9jObEvG4a5dlpbzp5c0FdJ2cbcZtG/GZIG3clUPNd0cqtf hR1abL8pTgoj7WMclOMF6iclzRn/fcHY9VawZHT10At3I11eyjOq3hBsfIU1c1IG 9pjlPeEW/IE= =Ci1C - -----END PGP SIGNATURE----- Regards, Jim Ray PGPsign all your cleartext messages! [Makes the statists nervous.] - ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 - ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMCq3ESoZzwIn1bdtAQGfFQF9FL9ptx5QVfg6nGL+NePHg6cuq3B2fa/U 9Ir2SmI6NZQPgjvFtCPO9ZmepaLBkEqs =+nDm -----END PGP SIGNATURE----- From ghio at cmu.edu Thu Aug 10 18:56:33 1995 From: ghio at cmu.edu (Matthew Ghio) Date: Thu, 10 Aug 95 18:56:33 PDT Subject: IPSEC goes to RFC In-Reply-To: <199508101452.KAA24637@panix4.panix.com> Message-ID: sdw at lig.net (Stephen D. Williams) wrote: > I really like the idea of using DNS for (public I assume) keys... I don't. Public keys in the DNS is a bad idea because it makes it difficult to update the database, especially in large organizations. When a host's key is issued or changed then they would have to get the nameserver admin to change it for them. This could become a major problem/ inconvenience for many, many people. The host should be able to give its own key in response to a query. That key could, of course, be signed by any number of trusted signators to guarentee authenticity. From anon-remailer at utopia.hacktic.nl Thu Aug 10 19:45:08 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Thu, 10 Aug 95 19:45:08 PDT Subject: UHS encoding Message-ID: <199508110245.EAA17947@utopia.hacktic.nl> has anyone heard of UHS ? ? its universal hint system . . its for game hints . . its data files are encrypted and a decoder decodes only the hints you need . . anyone know what encryption is used ? ? its probably very weak but a good idea . . i wonder if this is export - restricted too ! ! -- From vznuri at netcom.com Thu Aug 10 19:56:20 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 10 Aug 95 19:56:20 PDT Subject: PRZ encrypted voice software release imminent Message-ID: <199508110254.TAA02204@netcom14.netcom.com> as if PRZ is not already enough of a folk hero.... BTW, he has been beat by Nautilus, right? Nautilus is public domain, right? (I'm thinking of that public domain voice encryption released a few mos ago). I wonder if he is going to try to put a "spin" on this one to differentiate it from the other one. on the other hand, just having his name on it is plenty of "spin"... ------- Forwarded Message - ------- Forwarded Message Date: Thu, 10 Aug 1995 06:47:31 -0400 (EDT) From: Brad Dolan Subject: Washington Whisper from U.S. News (fwd) - - ---------- Forwarded message ---------- Date: Wed, 9 Aug 1995 21:26:42 -0700 Subject: Washington Whisper from U.S. News From: Vic Sussman U.S.NEWS & WORLD REPORT, AUGUST 14, 1995 TAPS FOR THE CODE BREAKERS The cryptographer who riled the federal government over his popular encryption software, PGP (``Pretty Good Privacy''), claims he is only a few weeks away from launching yet another dazzling piece of software: PGPfone. Philip Zimmermann's latest product permits virtually untappable telephone conversations through personal computers. But the launch of the software, which uses military-grade encryption to scramble transmissions, is likely to sharpen the debate among those who worry about such technology falling into criminal or enemy hands and those who consider it essential for secure communications, especially on the Internet. In a test of the new software last week, a U.S. NEWS writer, using a microphone-equipped laptop in Washington, found the encrypted conversation with Zimmermann in Boulder, Colo., to be remarkably clear. Zimmermann, who ran afoul of the government over charges--strongly denied--that he illegally ``exported'' the PGP software on the Internet, says he plans to give away his new software for free. Why? ``I can't simply stop doing what I do because I'm afraid of angering the government,'' he says. ``Americans have a right to private conversations.'' Copyright, 1995, U.S. News & World Report All rights reserved. ............................................................................. Vic Sussman : "Lines of light ranged in the nonspace U.S. News & World Report : of the mind, clusters and constellations vic at clark.net : of data. Like city lights, receding..." http://www.clark.net/pub/ journalism/vic.html : _Neuromancer_ William Gibson .............................................................................. - ------- End of Forwarded Message ------- End of Forwarded Message From remailer at bi-node.zerberus.de Thu Aug 10 20:02:12 1995 From: remailer at bi-node.zerberus.de (Ford Prefect) Date: Thu, 10 Aug 95 20:02:12 PDT Subject: No Subject Message-ID: I think we ought to just throw TIM MAY out of the list. let's EXCOMMUNICATE HIM. its becoming increasingly clear that he is the source of all our problems. I mean, isn't it obvious that our progress has stalled? who has written any code within the last 3 days? if we got rid of him, it would be EVOLUTION IN ACTION. this is ERIC HUGHES' mailing list, and eric hughes knows how to write some decent code. I mean, TCM's signature doesn't even have any geek code, and he hasn't changed it in 4 years or so, at least since my last grandparent died (and she was considerably more skillful at programming than TCM by knowing how to make toast). get rid of all the pricks who continually spout and spew conspiracy theories. let TCM go and find himself a new mailing list. that would be a fair comeuppance if he found that he couldn't learn to do squish because he doesn't have the slightest clue. he's a leech, a parasite, sucking on the work of others, pretending that he is at the forefront of our cause when he is only at the forefront of maniacal egomania. what has he contributed to the cause? SQUAT. just a lot of ranting about conspiracy theories and his Stock Pick of the Week crap. "the web is really growing. people should focus on it". well, THANK YOU VERY MUCH, MR. BRILLIANT COMMENTATOR AND VISIONARY, T.C.MAY, I would have never have THOUGHT of that in a zillion years, but now that you point it out, I GUESS YOU'RE RIGHT. From dgarrard at sola.com.au Thu Aug 10 20:16:33 1995 From: dgarrard at sola.com.au (David L. Garrard) Date: Thu, 10 Aug 95 20:16:33 PDT Subject: No Subject Message-ID: <01BA67E7.5D664640@herbiehacker> ---------- From: Ford Prefect[SMTP:remailer at bi-node.zerberus.de] Sent: Friday, 11 August 1995 2:31 To: cypherpunks at toad.com I think we ought to just throw TIM MAY out of the list. let's EXCOMMUNICATE HIM. its becoming increasingly clear that he is the source of all our problems. I mean, isn't it obvious that our progress has stalled? who has written any code within the last 3 days? if we got rid of him, it would be EVOLUTION IN ACTION. More drivel deleted. Personal attacks in this mailing list is highly inappropriate but doing through a Remailer is downright pathetic. Dr David L. Garrard From Richard.Johnson at Colorado.EDU Thu Aug 10 20:34:59 1995 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Thu, 10 Aug 95 20:34:59 PDT Subject: PRZ encrypted voice software release imminent Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >BTW, he has been beat by Nautilus, right? Nautilus >is public domain, right? (I'm thinking of that public >domain voice encryption released a few mos ago). >I wonder if he is going to try to put a "spin" on this >one to differentiate it from the other one. on the >other hand, just having his name on it is plenty of >"spin"... When I originally volunteered to help with coding on the PGP voice stuff, the author (I think) of Nautilus sent me, and the rest of the PGP voice mailing list participants, version 0.2 for review. The initial plan was to take the Nautilus code, rewrite it in a more modular fashion, and add encryption to create voice PGP. However, the incarnation of the PGP voice mailing list we were using for the project just died, and I heard nothing more about Nautilus after I submitted my comments and suggestions -- until the release of Nautilus 0.9. So if Nautilus code was not used in PGPfone, I suspect licensing or other such issues got in the way, and Will Price and crew started from a different base. Then again, perhaps Nautilus and PGPfone have much in common. We'll have to wait for the PGPfone release for the answer. Richard -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMCrPhfobez3wRbTBAQHM8AP6AjrIg3j2FjRW1vXSLJQ201cTbOic9Tms 3e6TtCdKu4m9OfOyJDIa+RuW+gRIpF8uBmhDAT8d50rhWa9RdEqAgxRSS6mLtzho ExxjSaX3JPdbZjW5G6kMamN9czMFd1hfkxfBMTMVLFdnYzUhG/MQZCyJzLHqcy0c idV9OPHTrck= =bGwv -----END PGP SIGNATURE----- From perry at panix.com Thu Aug 10 20:36:15 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 10 Aug 95 20:36:15 PDT Subject: No Subject In-Reply-To: <199508102329.SAA21100@bsu-cs.bsu.edu> Message-ID: <199508110336.XAA12412@panix.com> With friends like, er, our old friend here, who needs enemies? Anonymous writes: > will someone just CUT THE @#$%^&* FOSTER CONSPIRACY THEORIES?? [...] From perry at panix.com Thu Aug 10 20:37:59 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 10 Aug 95 20:37:59 PDT Subject: PERRY METZGER: YOUR MOMMY IS CALLING YOU HOME In-Reply-To: <199508102337.BAA14035@utopia.hacktic.nl> Message-ID: <199508110337.XAA15986@panix2.panix.com> Anonymous writes: > I'm tired of Perry. he's always ranting and stirring the shit. I was under the impression Detweiler was legally obligated not to post to this mailing list. .pm From monty.harder at famend.com Thu Aug 10 20:38:33 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Thu, 10 Aug 95 20:38:33 PDT Subject: If only Vxxxx Fxxxxx had used encryption.... Message-ID: <8AEE4DC.0003000301.uuout@famend.com> C'punks: [Wait! This =is= crypto-related! I promise!] Heard on the news today that Bernard Nussbaum said he had done "nothing irregular" in going through Vince Foster's effects immediately after his demise, in order to secure "sensitive information". Presumably, Nussbaum's contention is that some of the information in Foster's possession was covered by attorney-client privelege, and therefore the Authorities had no right to take it into possession. (IANAL-Comments from those who are?) Anyway, this case got me to thinking: If Vince had kept all his "sensitive" things encrypted, and never written down the passphrase, then the data would effectively have died with him. In this case, lack of key escrow is not a bug, but a feature! Then I thought some more - that the whole Key Escrow thing needs to be rethought: Instead of escrowing the private key, we need to develop better key management techniques for multiple recipients. For example, if Alice is an attorney representing Carol Client, Bob and Ray are partners in Alice's firm, which uses escrow agent E; and A, B, C, R and E are the public keys (and A'... are the private keys) of our dramatis personae: Carol sends her message to Alice as usual, generating the session key S, and encrypting it S'=A(S). Whenever Alice recieves a message, after decrypting the session key [S= A'(S')] she adds to it an additional S"= E( B(S) ) and S"'= E( R(S) ) or some other construct which involving Shamir Sharing or whatever. The details of the protocol(s) can be worked out after the basic premise: There is no reason for anyone to give up the "master key" to all of their business, when the minimal overhead in storage space for adding an escrowed =session= key will suffice. PGP needs a mechanism to handle "detatched session keys", so that our escrow agent can, upon notification by Bob and Ray that Alice has [died | left the firm], process the whole package of S" and S"' back into B(S) and R(S), so that Bob and Ray can carry on their work. Just as with a detatched signature certificate going to a notary, the detatched session key does not give the escrow agent any knowledge of the content of the message itself. Another option is to put the whole creation of S" and S"' on to Carol, which requires a public key that specifies E and {B, R}, as well as the particular escrow protocol involved. This could be tricky to implement. Also, Carol needs to be able to specify to Alice that she is retaining a copy of the communication, encrypted to self, and therefore Alice need not escrow the session key for this particular message. Comments? * "All authority belongs to the people" -Thomas Jefferson --- * Monster at FAmend.Com * From perry at panix.com Thu Aug 10 20:49:29 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 10 Aug 95 20:49:29 PDT Subject: IPSEC goes to RFC In-Reply-To: Message-ID: <199508110349.XAA08572@panix4.panix.com> Matthew Ghio writes: > sdw at lig.net (Stephen D. Williams) wrote: > > > I really like the idea of using DNS for (public I assume) keys... > > I don't. > > Public keys in the DNS is a bad idea because it makes it difficult to > update the database, especially in large organizations. Thats one of a number of reasons why the DNS dynamic update facility has been created. > The host should be able to give > its own key in response to a query. What makes you assume we are using hosts as the keyed endpoints in the usual case? Users are also getting keys, and querying them will be difficult until humans all come equipped with implanted radio transmitters. See "The Presidents Analyst" for a possible solution to that problem, but I prefer DNS :-) Perry From hayden at krypton.mankato.msus.edu Thu Aug 10 20:50:49 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 10 Aug 95 20:50:49 PDT Subject: PERRY METZGER: YOUR MOMMY IS CALLING YOU HOME In-Reply-To: <199508110337.XAA15986@panix2.panix.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 10 Aug 1995, Perry E. Metzger wrote: > I was under the impression Detweiler was legally obligated not to post > to this mailing list. Myabe it's just me, but I guess I fidn the occasional rants and such to be a light-hearted relief from the more serious name-calling and ranting :-) Of course, anything I see posted anonymous (or emailed to me anonymously, except by such services as penet.fi or PGP signed) isn't taken with any seriousness at all. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMCq3pDokqlyVGmCFAQHg4wQAiXFo/rAgKFebLI92H/ILMTH3Og1LAzmD uIQo2Dda+oXadFVva6s8OC1dkV+sJQjXFYOWrSZ4G91N0fwtsMRfKeTkv7XigxIA sQhjC1zWtgqgGQTohhhEanMz64I/g0r/3BQyiKG+Pq18dmG07yxgQouP3wSTmgXZ oBDVGyumt6A= =OGNs -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.0 GED/J d-- s:++>: a-- C++(++++) ULU++ P+! L++ E---- W+(-) N++++ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G++++>$ e++ h r-- y++** ------END GEEK CODE BLOCK------ From blancw at accessone.com Thu Aug 10 20:53:41 1995 From: blancw at accessone.com (blancw at accessone.com) Date: Thu, 10 Aug 95 20:53:41 PDT Subject: PERRY METZGER: YOUR MOMMY IS CALLING YOU HOME Message-ID: <9508110355.AA08727@accessone.com> Hell hath no fury like a martyr scorned. . . From perry at panix.com Thu Aug 10 20:54:24 1995 From: perry at panix.com (Perry E. Metzger) Date: Thu, 10 Aug 95 20:54:24 PDT Subject: IPSEC goes to RFC In-Reply-To: Message-ID: <199508110354.XAA09825@panix4.panix.com> There seem to be a bunch of people interested in helping with a Linux version of IPSEC. If you guys could spontaneously self-organize it might help -- I unfortunately am not in a good position to do it for you :-) Having a Linux version would be extremely key -- I'm very glad to see the enthusiasm for it. .pm From mfroomki at umiami.ir.miami.edu Thu Aug 10 20:58:52 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Thu, 10 Aug 95 20:58:52 PDT Subject: More "S-1" foolishness (fwd) Message-ID: How about this? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm ---------- Forwarded message ---------- Date: Thu, 10 Aug 1995 23:34:42 -0400 (EDT) From: Dorothy Denning To: mfroomki at umiami.ir.miami.edu Cc: denning at cs.cosc.georgetown.edu Subject: Re: More "S-1" foolishness (fwd) Thanks for sending all this stuff. The algorithm is definitely not Skipjack. Feel free to pass this along if you'd like. Cheers, Dorothy From admin at dcwill.com Thu Aug 10 21:18:18 1995 From: admin at dcwill.com (SysAdmin) Date: Thu, 10 Aug 95 21:18:18 PDT Subject: Crypto-relevant flame interruption Message-ID: <199508110418.VAA07616@python.ee.unr.edu> Would someone be so kind as to provide a status report on the planned SSL attack? Last word was that codework was still underway, but I might have missed something relevant to this project amidst all of the noise about excessive list noise. Fred From nesta at wwa.com Thu Aug 10 22:14:00 1995 From: nesta at wwa.com (Nesta Stubbs) Date: Thu, 10 Aug 95 22:14:00 PDT Subject: IPSEC goes to RFC In-Reply-To: Message-ID: On Thu, 10 Aug 1995, Matthew Ghio wrote: > sdw at lig.net (Stephen D. Williams) wrote: > > > I really like the idea of using DNS for (public I assume) keys... > > I don't. > > Public keys in the DNS is a bad idea because it makes it difficult to > update the database, especially in large organizations. When a host's > key is issued or changed then they would have to get the nameserver > admin to change it for them. This could become a major problem/ > inconvenience for many, many people. The host should be able to give > its own key in response to a query. That key could, of course, be > signed by any number of trusted signators to guarentee authenticity. > There are some other problems too I believe. I have worked for a decent sized network who did all user authentication at the terminal servers for dial-in accounts thru DNS. This wasn't too bad for just passws and stuff, but wouldn't this cause some bloat in the nameservers database? As well as cause problems security wise when it comes to updates. Would these automatically not be cached in any form by the site making the request? This also causes a problem for smaller time people who perhaps have a PPP/SLIP connection 24/7 but have nameserve done by their prvider, and I for sure don't want my provider to be in control of those keys. Nesta Stubbs "under the streamlined chrome shell, you'd Cynico Network Consulting find the same victorian mechanism." WG nesta at wwa.com From bdolan at use.usit.net Thu Aug 10 22:31:05 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Thu, 10 Aug 95 22:31:05 PDT Subject: Clinton to resign? Message-ID: Associated Press reported on August 10, 1995: President Won't Resign But... (WASHINGTON) President Clinton wasn't about to give a serious answer when he was asked Thursday if he might resign. The question came from veteran columnist Sarah McClendon, who asserted that some legislators from the left and right were trying to push him out of office. [...] "Well, if you promise to run off with me I might," Clinton responded, ... "But otherwise, I can't think of any reason." - - - - - - - - - - Repeat after me: There's nothing to those crazy conspiracy theories. There's nothing to those crazy conspiracy theories..... From futplex at pseudonym.com Thu Aug 10 23:18:41 1995 From: futplex at pseudonym.com (Futplex) Date: Thu, 10 Aug 95 23:18:41 PDT Subject: Key escrow granularity (Was: If only Vxxxx Fxxxxx had used encryption) In-Reply-To: <8AEE4DC.0003000301.uuout@famend.com> Message-ID: <9508110618.AA16373@cs.umass.edu> Monty Harder writes: > The details of the protocol(s) can be worked out after the basic premise: > > There is no reason for anyone to give up the "master key" to all > of their business, when the minimal overhead in storage space for > adding an escrowed =session= key will suffice. More generally, the granularity of the chunk of data protected by each escrowed key can be varied -- the tradeoff is between the cost of a key loss and the cost of data storage. A few escrowed master keys are very cheap to store and very expensive to lose. Each session key is comparatively worthless on its own, but you could end up having to store an avalanche of them. I suspect that something close to session granularity makes sense in the real world; multi-GB HDs tend to be much cheaper than asking the NSA to guess your keys for you, etc. Of course, you could also get into escrowing project keys, dept. keys, etc., ad nauseum. Choosing session granularity is highly recommended when permitting GAK a la SB 974 :| -Futplex From shamrock at netcom.com Thu Aug 10 23:21:36 1995 From: shamrock at netcom.com (Lucky Green) Date: Thu, 10 Aug 95 23:21:36 PDT Subject: This summer's special delivery? Message-ID: <199508110619.CAA29700@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article , tcmay at got.net (Timothy C. May) wrote: >I have nothing further to add on this. But recall that it was just about >this time last year--just before Crypto--that the "alleged RC4 code" was >posted anonymously to the list. Do I recall correctly that that RC4 proved to interoperate with the "real" RC4? - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMCr2PCoZzwIn1bdtAQEUPAF/S1arfdr01B+/o5MlEX6F60NHUL6vgEPQ sv3264ZCsJAl7TBqqyi1a6baBF7uuTh+ =jhLU -----END PGP SIGNATURE----- From lmccarth at cs.umass.edu Thu Aug 10 23:40:20 1995 From: lmccarth at cs.umass.edu (L. McCarthy) Date: Thu, 10 Aug 95 23:40:20 PDT Subject: This summer's special delivery? In-Reply-To: <199508110619.CAA29700@bb.hks.net> Message-ID: <9508110640.AA16646@cs.umass.edu> Lucky Green writes: > Do I recall correctly that that RC4 proved to interoperate with the > "real" RC4? Yes. From shamrock at netcom.com Thu Aug 10 23:47:42 1995 From: shamrock at netcom.com (Lucky Green) Date: Thu, 10 Aug 95 23:47:42 PDT Subject: PRZ encrypted voice software release imminent Message-ID: <199508110645.CAA29891@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199508110254.TAA02204 at netcom14.netcom.com>, vznuri at netcom.com ("Vladimir Z. Nuri") wrote: >as if PRZ is not already enough of a folk hero.... >BTW, he has been beat by Nautilus, right? Nautilus >is public domain, right? (I'm thinking of that public >domain voice encryption released a few mos ago). >I wonder if he is going to try to put a "spin" on this >one to differentiate it from the other one. on the >other hand, just having his name on it is plenty of >"spin"... I can't violate my NDA, but PGPFone will be a *major* revolution for communication security. I would not be surprised to see several hundred thousands of users. PGP will plale in comparison. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMCr8YioZzwIn1bdtAQH+qQF/bA4povjtixKhIxak+M7aCYmbdMjj9U3r azryqeapO4A2vYc4qEnP1zLmp83ceMUV =W9y9 -----END PGP SIGNATURE----- From unicorn at access.digex.net Fri Aug 11 00:16:38 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 11 Aug 95 00:16:38 PDT Subject: PERRY METZGER: YOUR MOMMY IS CALLING YOU HOME In-Reply-To: <9508110100.AA10650@cs.umass.edu> Message-ID: On Thu, 10 Aug 1995, L. McCarthy wrote: > Date: Thu, 10 Aug 1995 21:00:39 -0400 (EDT) > From: L. McCarthy > To: Cypherpunks Mailing List > Subject: Re: PERRY METZGER: YOUR MOMMY IS CALLING YOU HOME > > Well, for the record, _I_ certainly appreciate .pm's efforts on many fronts > related to cypherpunks. As do I. Certainly he bridges the suit/anarchist gap better than anyone else on the list I can think of for the moment. > > Anonymous rants: > > I know you personally Perry, > > I doubt it. Prove it to me in *private* email. > > -L. "Futplex" McCarthy [PGP key available via finger or server] > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From unicorn at access.digex.net Fri Aug 11 00:19:25 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 11 Aug 95 00:19:25 PDT Subject: PERRY METZGER: YOUR MOMMY IS CALLING YOU HOME In-Reply-To: <199508110337.XAA15986@panix2.panix.com> Message-ID: On Thu, 10 Aug 1995, Perry E. Metzger wrote: > Date: Thu, 10 Aug 1995 23:37:48 -0400 > From: Perry E. Metzger > To: cypherpunks at toad.com > Subject: Re: PERRY METZGER: YOUR MOMMY IS CALLING YOU HOME > > > Anonymous writes: > > I'm tired of Perry. he's always ranting and stirring the shit. > > I was under the impression Detweiler was legally obligated not to post > to this mailing list. Of course it's hard to substantiate who he is when he becomes a tenticle himself. Ah the lovely justice irony serves up like a cold platter of salmon. > > .pm > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From aba at dcs.exeter.ac.uk Fri Aug 11 01:09:25 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Fri, 11 Aug 95 01:09:25 PDT Subject: SSL bruting progress (was: Crypto-relevant flame interruption) Message-ID: <8377.9508110806@exe.dcs.exeter.ac.uk> Fred wrote on cpunks: > Would someone be so kind as to provide a status report on the > planned SSL attack? Last word was that codework was still underway, > but I might have missed something relevant to this project amidst > all of the noise about excessive list noise. There has been no public announce. This is due to a desire to make real sure it's going to work before announcing. So, we're working on it. Software is basically all there, but we're experiencing difficulties, like during a trial run no key for Hal's challenge seems to be being found, even though the same software finds test keys. We've not managed to isolate the cause of it, as (two people) have nearly swept the entire keyspace (heh they had a bit of spare compute) and no key has been forthcoming so far. Give it a few more days - until monday - and if no key is found we've got problems, 3 possible outcomes looming: a) we find the key to Hal's challenge and go whoopee! Request a 2nd challenge from Hal? and announce a public sweep to see how fast it can be done. b) something is wrong with the interpretation or the gathering of the SSL session data Hal based his challenge on (difficult to see as there are numerous fixed fields which tally with the SSL spec.) c) software problems (also difficult to see, the software in all cases (3 separate versions) finds the keys of examples provided by Andrew Roos (ie he generated a key manually, so we know where to start for testing purposes)). The likelihood of a) happening is receding, as the last key space gets ticked off. More news next week. Adam From stewarts at ix.netcom.com Fri Aug 11 01:16:57 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 11 Aug 95 01:16:57 PDT Subject: "Protect the children" as passphrase to Constitution Message-ID: <199508110813.BAA25692@ix9.ix.netcom.com> At 05:35 PM 8/10/95 -0700, Tim wrote: >- Clinton's Executive Order today which limits advertising of cigarettes, .... >(Oh, and one amazing detail: the possible issuance of I.D. cards to all of >those under the age of 18. Besides being useful for things like curfews, What!?!?!?! I guess I'm not totally surprised - registration of all children has been high on Clinton's agenda ever since he's been in the White House. One of the more blatant examples was the child vaccination proposals - which first started out as "take over the vaccination system and register all kids so we can remind their parents to get their shots", and gradually included less and less control and funding of vaccination while retaining the registration. Sigh. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- Storyteller makes no choice - soon you will not hear his voice. His job was to shed light, and not to master. RIP, Jerry From stewarts at ix.netcom.com Fri Aug 11 01:17:08 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 11 Aug 95 01:17:08 PDT Subject: "S1" encryption system (was: this looked like it might Message-ID: <199508110814.BAA25707@ix9.ix.netcom.com> At 09:13 AM 8/10/95 -6, you wrote: As with Peter and Nathan, I'm also a former tool of the military-industrial complex (:-), and Peter's right that the probably source of this assertion is that there's seldom any "vanilla" TOP SECRET data - anything that's sensitive enough to get TOP SECRET handling rules is usually part of some compartmented project (compartmentalization is a formalized version of Need to Know, where you need to be read into PROJECT X to get PROJECT X data.) Sensitive Compartmented Information is one well-known class of stuff. Codeword projects are identified by words picked off a list of content-free names; some codewords that have been outed in the past are ULTRA and UMBER. In addition to project-specific classifications, some of the kinds of labels on material include variants on INTEL, CNWDI (Critical Nuclear Weapons Design Information), RESTRICTED DATA (less critical nuclear weapons data), FORMERLY RESTRICTED DATA ( a weird classification for material that isn't RESTRICTED DATA any more but they still don't want to let folks see.) And then there's the sort of data that's SECRET by the time the people doing the grunt-work see it, but it's various extracts of REALLY SPOOKY DATA, that only a few people back in some agency know the whole picture, and it's parcelled out so one group of people gets asked to build a laser-scanner like this, and another gets asked to build a computer system like that, or a mirror adjuster like that, and none of the grunts know whether the whole deal is personal teleportation system (the cover project) or a space-based assassination system, much less how they decided on the targets.... #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- Storyteller makes no choice - soon you will not hear his voice. His job was to shed light, and not to master. RIP, Jerry From aba at dcs.exeter.ac.uk Fri Aug 11 01:45:05 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Fri, 11 Aug 95 01:45:05 PDT Subject: Australia, EU crypto ill news, crypto wars Message-ID: <8500.9508110844@exe.dcs.exeter.ac.uk> Just read this on comp.risks, by Ross Anderson (via a couple of people). A crypto relevant forward if any is relavent IMO, especially this bit: Ross Anderson writes: > ... While at the conference, I found out that a classified meeting > took place this March in Germany between the signals intelligence > agencies of the developed countries, plus Australia and South Africa, > at which the assembled spooks agreed to press their governments to > bring in escrow and/or weak crypto. You realise, of course, that this means war, Tatical replies? a) Lobbying - hopeless IMO, they aren't interested in listening, the politicos are just too easy to manipulate and the "masses" aren't clueful enough of what crypto means to understand the implications, or even notice. b) pretty good stego - possible technical solution c) independant states of cyberspace :-) declaration of independence c) enforced or "enabled" by b) looks good to me. Perhaps some literary skilled cpunk would care to compose a suitable reply for PGN to add to risks. Adam ---------------------------------------------------------------------- Date: Tue, 1 Aug 1995 20:36:29 -0400 (EDT) From: "Lance J. Hoffman" Subject: Australia next to ban PGP Date: Tue, 01 Aug 1995 15:29:05 -0400 From: Dave Farber Subject: Australia next to ban PGP [unverified info ...] From: rja14 at cl.cam.ac.uk (Ross Anderson) Australia's proposed crypto policy: (1) Banks will get key escrow (2) Other Australian residents will be forced to use weak crypto Source: talk by Steve Orlowski, Assistant Director, Australian attorney general's department, given at the Cryptography Policy and Algorithms Conference, Queensland University of Technology, last month. p 34: `the needs of the majority of users of the infrastructure for privacy and smaller financial transactions can be met by lower level encryption which could withstand a normal but not sophisticated attack against it. Law enforcement agencies could develop the capability to mount such sophisticated attacks. Criminals who purchased the higher level encryption products would immediately attract attention to themselves.' He mentioned that his department considered itself a suitable repository for the government central decrypting unit, which would decrypt traffic for local police forces. He also wants to escrowed keys for banks and other organisations allowed to use strong crypto. Centralising the wiretap capability with the AG is represented as a useful safeguard against abuse of power by local police forces. It would be presented as a `data recovery' facility in order to reassure the voters. Centralisation will enable the AG to acquire the capability to use ``more sophisticated techniques in circumstances where the key cannot, for whatever reason, be recovered from escrow''. So the technical parameters would appear to be: 40 bit keys for the masses, 56-bit escrowed keys for the banks, and a Wiener machine sitting in Orlowski's office. Belt, braces and string. Curiously enough, he quotes a `Review of long Term Cost Effectiveness of Telecommunications Interception' as saying that ``Encryption by targets of their communications (both voice and data) is not considered as a problem for TI at present in Australia'' and goes on to say that ``there has been comparatively little market for voice encryption products, although they have been readily available''. He even produces some good arguments for the EFF, such as that much of the intelligence comes from the call log data and from calls to third parties such as airlines and hotels which are not encrypted. He also says that the OECD countries will hold a meeting on National Cryptography Policies later this year. While at the conference, I found out that a classified meeting took place this March in Germany between the signals intelligence agencies of the developed countries, plus Australia and South Africa, at which the assembled spooks agreed to press their governments to bring in escrow and/or weak crypto. Australia seems rather eager to lick Uncle Sam's boots on this issue. I wonder what the payoff was? From hfinney at shell.portal.com Fri Aug 11 01:55:14 1995 From: hfinney at shell.portal.com (Hal) Date: Fri, 11 Aug 95 01:55:14 PDT Subject: More "S-1" foolishness Message-ID: <199508110353.UAA04743@jobe.shell.portal.com> The other thing I noticed that really makes me question this is that G1 only uses 4 of its 8 input bits. As I wrote, it is equivalent to parity(i&0x17). A bit is a terrible thing to waste, and it is hard to imagine why it would do this intentionally. G1 may not be that important an element of the cipher but why throw away four bits? It is possible I suppose that the F and G boxes are not the ones used in the "real" version of whatever cipher this is, so this apparent weakness and the ones which Matt has pointed out may not be that significant. Hal From jim at acm.org Fri Aug 11 02:14:55 1995 From: jim at acm.org (Jim Gillogly) Date: Fri, 11 Aug 95 02:14:55 PDT Subject: More "S-1" foolishness In-Reply-To: <199508110353.UAA04743@jobe.shell.portal.com> Message-ID: <199508110914.CAA11614@mycroft.rand.org> > Hal writes: > It is possible I suppose that the F and G boxes are not the ones used > in the "real" version of whatever cipher this is, so this apparent > weakness and the ones which Matt has pointed out may not be that > significant. To the extent that one can believe the comments, it's more than "possible": they say that the F and G boxes differ in the S-2 version. One reason for doing it this way might be to isolate the sensitive actual values from people doing analysis or development at a grosser level. That doesn't explain the [r] bug you spotted, of course. Jim Gillogly Sterday, 19 Wedmath S.R. 1995, 09:12 From futplex at pseudonym.com Fri Aug 11 02:38:42 1995 From: futplex at pseudonym.com (Futplex) Date: Fri, 11 Aug 95 02:38:42 PDT Subject: Australia, EU crypto ill news, crypto wars In-Reply-To: <8500.9508110844@exe.dcs.exeter.ac.uk> Message-ID: <199508110938.FAA07114@thor.cs.umass.edu> Ross Anderson wrote somewhere: > While at the conference, I found out that a classified meeting > took place this March in Germany between the signals intelligence > agencies of the developed countries, plus Australia and South Africa, Does this imply that neither Australia nor SA has a sigint agency, or that neither Australia nor SA is a developed country ? -Futplex From futplex at pseudonym.com Fri Aug 11 03:07:13 1995 From: futplex at pseudonym.com (Futplex) Date: Fri, 11 Aug 95 03:07:13 PDT Subject: "Protect the children" as passphrase to Constitution In-Reply-To: <199508110813.BAA25692@ix9.ix.netcom.com> Message-ID: <199508111006.GAA12092@thor.cs.umass.edu> Tim May writes: > Clinton's Executive Order today which limits advertising of cigarettes, [...] > (Oh, and one amazing detail: the possible issuance of I.D. cards to all of > those under the age of 18. Besides being useful for things like curfews, Can someone offer a citation for this ? I've tried to find the text of the Executive Order on the net, to no avail. http://docs.whitehouse.gov/white-house-publications/1995/08/ has a couple of short fact sheets on the proposal, and transcripts of a briefing by Sec. Shalala (DoHHS) and Dir. Kessler (FDA), Clinton's press conference, and his opening remarks at some discussion with teens about smoking. I couldn't find anything relevant at http://www.fda.gov/ There's an article in the LA Times (Richter/Cimons) which says: The landmark proposal, which could open the door to further curbs on tobacco, is expected to include prohibiting cigarettes sales to those 18 or younger, enforced by requiring proof of age with photo identification. This sounds to me like a similar approach to the alcohol access protocol. -Futplex "Why should I solidify ?" -Sheryl Crow From asgaard at sos.sll.se Fri Aug 11 03:56:17 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Fri, 11 Aug 95 03:56:17 PDT Subject: Australia, EU crypto ill news, crypto wars In-Reply-To: <8500.9508110844@exe.dcs.exeter.ac.uk> Message-ID: Adam wrote: > Ross Anderson writes: > > ... While at the conference, I found out that a classified meeting > > took place this March in Germany between the signals intelligence > > agencies of the developed countries, plus Australia and South Africa, > > at which the assembled spooks agreed to press their governments to > > bring in escrow and/or weak crypto. ............ > a) Lobbying - hopeless IMO, they aren't interested in listening, the > politicos are just too easy to manipulate and the "masses" aren't > clueful enough of what crypto means to understand the implications, > or even notice. The "masses" are not that clueless (remember the 80% against Clipper in a US poll a year ago). The problem 'here' in the EU is the smartly construed distance between commons and rulers. We vote for members of a debate club (who are very generously paid out of tax money) lacking any power whatsoever. The EU decision on crypto-policy will emerge from closed chambers of the Commission, and in every member country the local politicians will announce that 'it has been decided by EU and there is nothing we can do about it, even if we would like to'. But this doesn't mean that national freedom-of-(crypto)speech campaigns will be useless. Civil disobedience, still very common amongst European citizens faced with ridiculous EU regulations, will be more likely to thrive if the legitimacy of crypto regulations is publically questioned in a continuous mode. A significant difference between (for example) Sweden and USA is the punishment scales. Suppose Sweden had an ITAR (which it hasn't). Almost everyone would laughingly export PGP and Wei's library anyway, because the remote possibility of prosecution (assuming similarities with the current situation in the US) would hardly feel like a threat. A conviction would result in a few 100$ fine, maximum. In the US, where the even so remote possibility of conviction just possibly might bring about 5 years as Buba's girlfriend, well, that's a very different story. An *enforced* ban on crypto in Scandinavia is remote enough that I'm confident 'SuperStego for Windows' will be out in ver 7.3b by then. Mats Gynecologist & Crypto-Groupie From danisch at ira.uka.de Fri Aug 11 03:57:29 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Fri, 11 Aug 95 03:57:29 PDT Subject: IPSEC goes to RFC Message-ID: <9508111056.AA09426@elysion.iaks.ira.uka.de> > sdw at lig.net (Stephen D. Williams) wrote: > > > I really like the idea of using DNS for (public I assume) keys... ghio at cmu.edu (Matthew Ghio) wrote: > I don't. > > Public keys in the DNS is a bad idea because it makes it difficult to > update the database, especially in large organizations. When a host's > key is issued or changed then they would have to get the nameserver > admin to change it for them. This could become a major problem/ > inconvenience for many, many people. The host should be able to give > its own key in response to a query. That key could, of course, be > signed by any number of trusted signators to guarentee authenticity. I also like the idea of DNS-based public key distribution, but what Matthew said is true. What about this: Let the DNS-Server export the address of a machine which runs the public-key-database for this domain, similar to the MX record for the mailserver. If you need the public key for a person identified by the email address or for a host identified by hostname or IP address, you could ask the DNS server where to get the public key. The database host could run any program suitable to local requirements and export public keys with a certain protocol... Hadmut From mab at crypto.com Fri Aug 11 04:35:03 1995 From: mab at crypto.com (Matt Blaze) Date: Fri, 11 Aug 95 04:35:03 PDT Subject: More "S-1" foolishness In-Reply-To: <199508110353.UAA04743@jobe.shell.portal.com> Message-ID: <199508111143.HAA23820@crypto.com> >The other thing I noticed that really makes me question this is that G1 >only uses 4 of its 8 input bits. As I wrote, it is equivalent to >parity(i&0x17). A bit is a terrible thing to waste, and it is hard to >imagine why it would do this intentionally. G1 may not be that important >an element of the cipher but why throw away four bits? > >It is possible I suppose that the F and G boxes are not the ones used >in the "real" version of whatever cipher this is, so this apparent >weakness and the ones which Matt has pointed out may not be that >significant. While I'm loath to make any statement that could be interpreted as defending this cipher, these are, as you say, only "apparent" weaknesses. Other than the "r vs. i" bug, which a very forgiving observer might attribute to some kind of error (maybe the code was typed in from a printout; maybe the program was taken from a "working copy" in the middle of being modified), so far, no one has demonstrated conclusively that these unorthodox and seemingly unsound design characteristics actually help the cryptanalyst in this particular cipher. I'm talking out of my hat here, but for all we know carefully selected non-uniformly distributed s-boxes and key schedules that throw out the odd bit here and there in just the right way might thwart some killer cryptanalytic technique that isn't yet known in the civilian world. Hardly likely, but still remotely possible. We can't completely rule this out unless we've seen that the cipher falls to the various known meta-attacks, like differential and linear cryptanalysis. I don't really think this is worth the trouble, however, given that these techniques can require considerable effort and skill to apply to an arbitrary cipher and that everything else about this thing points to a hoax designed to provoke just such a waste of time. (Someone will no doubt make me eat my words by doing a rump session talk at CRYPTO on how interesting the linear and differential analysis of this cipher turned out to be.) -matt PS to whoever posted this thing, if you're reading this: If this cipher isn't what its comments assert, and you've just added spooky labels to get people interested in evaluating some design technique that you've invented because you think no one will take you seriously if you just come clean, you're wrong. An intellegently-written description of your ideas, coupled with an easily-evaluated example, can get a lot of attention from the crypto community no matter what the source. I've personally looked at several such schemes, and had at one of my own (MacGuffin, which you're obviously familar with) widely examined by doing just that. You could have produced such a description with about as much effort as you've obviously already gone to in creating the "S-1" code, with far greater potential rewards. And if this is just a random hoax, well, I guess it looks like you've suceeded. From kinney at bogart.Colorado.EDU Fri Aug 11 05:57:13 1995 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Fri, 11 Aug 95 05:57:13 PDT Subject: SSL bruting progress In-Reply-To: <8377.9508110806@exe.dcs.exeter.ac.uk> Message-ID: <199508111257.GAA01780@bogart.Colorado.EDU> > We've not managed to isolate the cause of it, as (two people) have > nearly swept the entire keyspace (heh they had a bit of spare compute) > and no key has been forthcoming so far. Um, if you're going to sweep the whole space yourself before you release the code, what's the point in a public sweep? -- Will From perry at panix.com Fri Aug 11 06:21:44 1995 From: perry at panix.com (Perry E. Metzger) Date: Fri, 11 Aug 95 06:21:44 PDT Subject: Clinton to resign? In-Reply-To: Message-ID: <199508111321.JAA28584@panix4.panix.com> I don't even see the word "cipher" or "code" in this message, let alone "NSA" or anything else. Perhaps you misdirected this here when you intended to mail it to "conspirapunks"? (More seriously, I really resent having wasted another precious minute of my life reading this. Please don't do that again. I can't even find the most tenuous relevance to the list.) Brad Dolan writes: > > Associated Press reported on August 10, 1995: > > President Won't Resign But... > > (WASHINGTON) > > President Clinton wasn't about to give a serious > answer when he was asked Thursday if he might resign. > > The question came from veteran columnist Sarah McClendon, who asserted > that some legislators from the left and right were trying to push him > out of office. > > [...] > > "Well, if you promise to run off with me I might," Clinton responded, > ... "But otherwise, I can't think of any reason." > > - - - - - - - - - - > > Repeat after me: > > There's nothing to those crazy conspiracy theories. > There's nothing to those crazy conspiracy theories..... > > > From perry at panix.com Fri Aug 11 06:28:04 1995 From: perry at panix.com (Perry E. Metzger) Date: Fri, 11 Aug 95 06:28:04 PDT Subject: IPSEC goes to RFC In-Reply-To: Message-ID: <199508111327.JAA01106@panix4.panix.com> Nesta Stubbs writes: > There are some other problems too I believe. I have worked for a decent > sized network who did all user authentication at the terminal servers for > dial-in accounts thru DNS. This wasn't too bad for just passws and > stuff, but wouldn't this cause some bloat in the nameservers database? HESIOD is an excellent demonstration that it works just fine. > As well as cause problems security wise when it comes to updates. Would > these automatically not be cached in any form by the site making the > request? This also causes a problem for smaller time people who perhaps > have a PPP/SLIP connection 24/7 but have nameserve done by their prvider, > and I for sure don't want my provider to be in control of those keys. Why not? After all, they are signed. You can have them held by your worst enemy and it should be just fine. Thats the idea of public key signatures. .pm From jeffb at sware.com Fri Aug 11 06:33:20 1995 From: jeffb at sware.com (Jeff Barber) Date: Fri, 11 Aug 95 06:33:20 PDT Subject: More "S-1" foolishness In-Reply-To: <199508102043.QAA17280@crypto.com> Message-ID: <9508111333.AA05740@wombat.sware.com> Matt Blaze writes: > > Yesterday I mentioned that I'd noticed that "S-1" has a non-uniform > distribution of F (Sbox?) outputs - some values appear far more often > than others. This means that some values are more likely to be XORed > against the cleartext than others. Needless to say, this is a very > unusual (and presumably very bad) property - in DES, for example, the > Sbox outputs are completely flat. If it is Skipjack, that would sure explain why they didn't want to release the source code, eh? Maybe there was more than one "back door". -- Jeff From rjc at clark.net Fri Aug 11 06:36:46 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 11 Aug 95 06:36:46 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: <199508110645.CAA29891@bb.hks.net> Message-ID: <199508111336.JAA05910@clark.net> > > -----BEGIN PGP SIGNED MESSAGE----- > > In article <199508110254.TAA02204 at netcom14.netcom.com>, vznuri at netcom.com > ("Vladimir Z. Nuri") wrote: > > >as if PRZ is not already enough of a folk hero.... > >BTW, he has been beat by Nautilus, right? Nautilus > >is public domain, right? (I'm thinking of that public > >domain voice encryption released a few mos ago). > >I wonder if he is going to try to put a "spin" on this > >one to differentiate it from the other one. on the > >other hand, just having his name on it is plenty of > >"spin"... > > I can't violate my NDA, but PGPFone will be a *major* revolution for > communication security. I would not be surprised to see several hundred > thousands of users. PGP will plale in comparison. My question is, how portable is it, and does it work over TCP/IP rather than just modem connections (I suggested this about a year ago)? My ideal implementation would function on the following architectures: Unix: can be used through either /dev/tty?? or Socket (probably want to use UDP). Works on Solaris, IRIX, AIX, NetBSD/FreeBSD/BSDI and Linux. (audio devices are all proprietary) Windows: uses Window's sound card device drivers, works via either comport or WinSock Mac: uses Mac sound drivers, uses Mac modem port or MacTCP I'm looking for someting that has the look and feel of Internet Phone (but ported to multiple platforms) with encryption. -Ray From trei Fri Aug 11 06:51:35 1995 From: trei (Peter Trei) Date: Fri, 11 Aug 95 06:51:35 PDT Subject: IPSEC goes to RFC Message-ID: <9508111351.AA04381@toad.com> Don Eastlake has actually done a draft RFC on using the DNS for key distribution. It may be found at ftp://ietf.cnri.reston.va.us/internet-drafts/draft-ietf-dnssec-secext-04.txt He briefed the W3C security working group about this recently, and a number of people raised objections, notably * database bloat * zone transfer bloat * increased hits on root servers due to a new class of inquiry. There was some discussion as to whether these were valid objections, and the people running prototype code said they had had no problems. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From jya at pipeline.com Fri Aug 11 07:01:59 1995 From: jya at pipeline.com (John Young) Date: Fri, 11 Aug 95 07:01:59 PDT Subject: \"S1\" encryption system Message-ID: <199508111401.KAA07834@pipe5.nyc.pipeline.com> Is it possible that there are multiple levels of encryption included in the "S1" algorithm? This question is prompted by reviewing the DoD's Multilevel Security (MLS) Program at: http://www.disa.mil/MLS/mls_home.html One of the features of this program is to design means to simultaneously transmit data with different levels of security, so that communicants send and/or read the data according to their levels of security clearance. This is amplified in Section 3 of the program description at: http://www.disa.mil/MLS/info/basics/sec3.html#2 Excerpts: Multilevel security allows information systems to provide capabilities that augment its existing single-level data processing and data communications services. Data of multiple security levels are processed and transferred by the system, which also separates the different security levels and controls access to the data. ... When a system operates in the multilevel mode, it allows data of two or more security levels to be processed simultaneously when not all users have the clearance, formal authorization, or need to know for all data handled by the system. The system is able to separate and protect the data according to these restrictions. To amplify the definition, an MLS system might process both Secret and Top Secret collateral data and have some users whose maximum clearance is Secret and others whose maximum clearance is Top Secret. Another MLS system might have all its users cleared at the Top Secret level, but have the ability to release information classified as Secret to a network consisting of only Secret users and systems. Still another system might process both Secret and Unclassified information and have some users with no clearance. In each of these instances, the system must implement mechanisms to provide assurance that the system's security policy is strictly enforced. In these examples, the policy allows access to the data by only those users who are appropriately cleared and authorized (e.g., having formal access approval) and who have an official need to know for the data. A related mode of operation is the partitioned mode, also known as compartmented mode. Although similar concepts and solutions are involved for compartmented mode operations as are for the multilevel mode, there is also a key difference. In the compartmented mode, all users have clearances for all the data processed but may not have authorizations for all the data; whereas for multilevel mode, some users may not even be cleared for the highest level. Because the compartmented mode is often envisioned for the intelligence community, all such users would have Top Secret security clearances and often authorizations for one or more, but possibly not all, compartments in the system. End excerpts. There are also descriptions of the soft and hardware implementations of MLS. Would anyone care to comment on how this differentiation of levels of security is done, by a single encryption program or multiples, and if multiples, their arrangement? Is feature then embedded in the hardware, such as the Fortezza card system cited in the program? From martin at mrrl.lut.ac.uk Fri Aug 11 07:07:41 1995 From: martin at mrrl.lut.ac.uk (Martin Hamilton) Date: Fri, 11 Aug 95 07:07:41 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: <199508111336.JAA05910@clark.net> Message-ID: <199508111406.PAA10668@gizmo.lut.ac.uk> Ray Cromwell writes: | Unix: can be used through either /dev/tty?? or Socket (probably want | to use UDP). Works on Solaris, IRIX, AIX, NetBSD/FreeBSD/BSDI and Linux. | (audio devices are all proprietary) AudioFile could be one way around the proprietary audio device problem - have a look for "AF" on archie Martin From aba at dcs.exeter.ac.uk Fri Aug 11 07:14:33 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Fri, 11 Aug 95 07:14:33 PDT Subject: SSL bruting progress Message-ID: <10188.9508111413@exe.dcs.exeter.ac.uk> Will Kinney writes on cpunks: > > We've not managed to isolate the cause of it, as (two people) have > > nearly swept the entire keyspace (heh they had a bit of spare compute) > > and no key has been forthcoming so far. > > Um, if you're going to sweep the whole space yourself before you release > the code, what's the point in a public sweep? Surety. Nothing as disappointing as throwing all your spare compute joyfully into such a fun cpunk project, and then finding no key comes from it. Witness the RC4 bruting, which lots of folks thought fun, but unfortunately (well it should have been expected, and it was in part, as there were no specs, all we knew was microsoft said it was RC4 in some way, nothing more) no key. Also the private sweeping wasn't planned, just Eric Young said, hey I've started at 8000 I'll sweep up from there till you're ready. (Eric already had his own SSL bruting code). Then David Byers asked for a copy of Andrew Roos brute ssl to port to the maspar he has access to, and next thing he said, hey I got it working at 1.5M keys/sec and left it running, it'll reach Eric's start in a couple of days. As it turned out that they haven't found anything yet, their keysweeping is going to be very useful to figure out what's wrong. It's much harder to track down problems, accidentally unswept keyspace etc, when there are 100s of sweepers. Anyway, when we're as sure as we can be that it will work, we'll probably try to persuade Hal for another sample session. So that it will be a challenge, that we don't know the answer for. Perhaps it would be fun to have a regular key crunching ring set up once it's all verified, and proven to work. Part of the problem with this is the legal implications, you probably can't expect to get away with breaking SSL sessions no questions asked - give us a SSL session key startup and we'll brute it - at least not openly. A central key distribution point kind of blows this, as it gives legal beagles somebody to go after. The other key distribution architecture, is an unknown machine out there somewhere in cyberspace :-) Ie a blacknet style address and 2048 bit public key: brute at cyberspace.nil with a charge levied in anon digital cash. A sweepstake perhaps, he who hits the key first gets the anon digital cash remailed to him (tax free of course). An architecture resilient to interference on both legal and ill-meaning key-sweepers sides (the possibility exists for someone to reserve keyspace and not sweep it) is to just search randomly. Very simple architecture, but somewhat wasteful of resources, least likely to be detected, as there is less communication. One drop off of 'the session' to cpunks, and another of the result by the euphoric lucky person who happened to start in the right place. Adam -- HAVE *YOU* EXPORTED RSA TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ --rsa--------------------------8<------------------------------- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 > > a) Lobbying - hopeless IMO, they aren't interested in listening, the > > politicos are just too easy to manipulate and the "masses" aren't > > clueful enough of what crypto means to understand the implications, > > or even notice. > > The "masses" are not that clueless (remember the 80% against Clipper > in a US poll a year ago). It depends how it is packaged to the voter, if it is even presented at all (as you note below so much gets quitely swept through, and presented fait-a-compli once they've already signed some euro deal). The US at least makes a token of having public debate, I wouldn't be suprised to see little to no coverage of this in the UK for instance. If it was worded as 'government wants to force taps on all your phones' as presumably the clipper vote was, then you might get a reaction, but if it's worded as a way to keep tabs on all those evil child pornagraphs who teem in the countless millions on the internet, well it's not so eady to convince people. Some folks still have a mistaken belief that because that nice police man says that we need to do this to protect our children then it is so. Also note that Clipper wasn't completely quashed, Clinton elected to use it for government contractors, and government official business where crypto would be used, by presidential decree. Not a very democratic move, and still a ploy to get the thing accepted by misspent government money in creating a market for the things, and mandating it's use in defense contracting work for the government. > The problem 'here' in the EU is the smartly construed distance > between commons and rulers. We vote for members of a debate club > (who are very generously paid out of tax money) lacking any power > whatsoever. The EU decision on crypto-policy will emerge from closed > chambers of the Commission, and in every member country the local > politicians will announce that 'it has been decided by EU and there > is nothing we can do about it, even if we would like to'. Sure that's exactly the approach taken to ram these things down our throats with out public debate. > But this doesn't mean that national freedom-of-(crypto)speech > campaigns will be useless. Civil disobedience, still very common > amongst European citizens faced with ridiculous EU regulations, will > be more likely to thrive if the legitimacy of crypto regulations is > publically questioned in a continuous mode. Civil disobedience is a nice way to protest obvious nonsense, of course, but doesn't help financial institutions who will be by law required to use escrowed encryption with the AU govt holding the keys (in the case of the AU example government current line). Where's your privacy then? You must fight for it, whilst your very efforts are illegal, and these ludicrous laws can then be selectively enforced depending on the whims of some arbitrary power. > A significant difference between (for example) Sweden and USA is the > punishment scales. Suppose Sweden had an ITAR (which it > hasn't). Almost everyone would laughingly export PGP and Wei's > library anyway, because the remote possibility of prosecution > (assuming similarities with the current situation in the US) would > hardly feel like a threat. A conviction would result in a few 100$ > fine, maximum. Liveable, as you could view it as a 'freedom tax', but unjust. > An *enforced* ban on crypto in Scandinavia is remote enough that I'm > confident 'SuperStego for Windows' will be out in ver 7.3b by then. Well there's several issues: should they be allowed to do this (no way), and will they get away with it in the current level of crypto awareness (probably IMO), and will it be an effective deterrant (depends, the US one seems to keep US companies out of crypto, even though it has probably aided rather than hindered PGPs popularity), and is it enforceable (well ultimately no, due to good stego - your 'SuperStego for Windows' v 7.3b). If you're confidence in Swedens resistance to big brotheresque crypto regs is justified, well perhaps a bevy of political thought criminals will come live in Sweden to escape their own repressive regimes. Hows the job market for unix hackers? Adam -- HAVE *YOU* EXPORTED RSA TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ --rsa--------------------------8<------------------------------- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 At 1:36 PM 8/11/95, Ray Cromwell wrote: > My question is, how portable is it, and does it work over TCP/IP rather >than just modem connections (I suggested this about a year ago)? My ideal >implementation would function on the following architectures: > >Unix: can be used through either /dev/tty?? or Socket (probably want >to use UDP). Works on Solaris, IRIX, AIX, NetBSD/FreeBSD/BSDI and Linux. >(audio devices are all proprietary) > > >Windows: uses Window's sound card device drivers, works via either >comport or WinSock > >Mac: uses Mac sound drivers, uses Mac modem port or MacTCP >From the "MacWeek" article, it initially runs on the Macintosh, using the sound capabilities built into (nearly) all Macs. Direct modem connections, with Internet versions to follow. (Windows to follow, too.) Sound quality with 9600 baud modems said to be pretty good, quality with 14.4 modems said to be very good, and quality with 28.8 modems said to be better than standard phone quality. The Mac may be a strange platform to develop on, to many of you, but it has some advantages. The sound tools are relatively standardized and are even built into the OS. Developers can thus count on what users will have. But why the developers actually picked the Mac to do first is something they can talk about. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From shamrock at netcom.com Fri Aug 11 09:37:28 1995 From: shamrock at netcom.com (Lucky Green) Date: Fri, 11 Aug 95 09:37:28 PDT Subject: PRZ encrypted voice software release imminent Message-ID: At 9:36 8/11/95, Ray Cromwell wrote: > My question is, how portable is it, and does it work over TCP/IP rather >than just modem connections (I suggested this about a year ago)? My ideal >implementation would function on the following architectures: I can't comment on the features of PGPFone. However, know that Internet telephony (as all "real time" services) work overe UDP only, not TCP. -- Lucky Green PGP encrypted mail preferred. From jburrell at crl.com Fri Aug 11 10:00:16 1995 From: jburrell at crl.com (Jason Burrell) Date: Fri, 11 Aug 95 10:00:16 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: <199508110645.CAA29891@bb.hks.net> Message-ID: <199508111655.LAA03909@crl.com> > In article <199508110254.TAA02204 at netcom14.netcom.com>, vznuri at netcom.com > ("Vladimir Z. Nuri") wrote: > > >as if PRZ is not already enough of a folk hero.... > >BTW, he has been beat by Nautilus, right? Nautilus > >is public domain, right? (I'm thinking of that public > >domain voice encryption released a few mos ago). > >I wonder if he is going to try to put a "spin" on this > >one to differentiate it from the other one. on the > >other hand, just having his name on it is plenty of > >"spin"... > > I can't violate my NDA, but PGPFone will be a *major* revolution for > communication security. I would not be surprised to see several hundred > thousands of users. PGP will plale in comparison. > > -- > -- Lucky Green > PGP encrypted mail preferred. > --- > [This message has been signed by an auto-signing service. A valid signature > means only that it has been received at the address corresponding to the > signature and forwarded.] This doesn't fall into line with the "mainstream" of personal computing, of course, but does anyone know if there is a planned release for a Linux version, preferably with SoundBlaster support? I mention Soundblaster support because, even though it's old, it seems to be the standard, at least indirectly. The GUS has a Soundblaster emulation mode, for instance, if I'm not mistaken. Of course I suppose the real reason I'm asking is because I run Linux and have a Soundblaster. :) From rjc at clark.net Fri Aug 11 10:50:51 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 11 Aug 95 10:50:51 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: Message-ID: <199508111750.NAA25622@clark.net> > > At 9:36 8/11/95, Ray Cromwell wrote: > > > My question is, how portable is it, and does it work over TCP/IP rather > >than just modem connections (I suggested this about a year ago)? My ideal > >implementation would function on the following architectures: > > I can't comment on the features of PGPFone. However, know that Internet > telephony (as all "real time" services) work overe UDP only, not TCP. If you reread my message, you'll see I mentioned UDP. I just refer to IP protocols in general as "TCP/IP", implicit is that UDP and ICMP are atleast included. The mention of "Winsock" should give you the context. -Ray From sdw at lig.net Fri Aug 11 10:55:30 1995 From: sdw at lig.net (Stephen D. Williams) Date: Fri, 11 Aug 95 10:55:30 PDT Subject: IPSEC goes to RFC In-Reply-To: <199508111327.JAA01106@panix4.panix.com> Message-ID: > > > Nesta Stubbs writes: > > There are some other problems too I believe. I have worked for a decent > > sized network who did all user authentication at the terminal servers for > > dial-in accounts thru DNS. This wasn't too bad for just passws and > > stuff, but wouldn't this cause some bloat in the nameservers database? > > HESIOD is an excellent demonstration that it works just fine. > > > As well as cause problems security wise when it comes to updates. Would > > these automatically not be cached in any form by the site making the > > request? This also causes a problem for smaller time people who perhaps > > have a PPP/SLIP connection 24/7 but have nameserve done by their prvider, > > and I for sure don't want my provider to be in control of those keys. > > Why not? After all, they are signed. You can have them held by your > worst enemy and it should be just fine. Thats the idea of public key > signatures. Not only that but it's common now for DNS servers to give short TTL for the answers (multiple A recs for load balancing), no big deal to have pseudo-subdomains that are pointed at a different server (Even over slip/ppp) than normal name service. I believe the root servers answers for intermediate nodes are cached normally, so key.george.bub.com doesn't cause a root hit after bub.com has been resolved. Quite a few domains do run their own name servers, and it's not too tough to create auto-update scripts, etc. There's no reason that DNS has to be the only mechanism. Default to one method then fallback to others, like direct IP port connection for query. > .pm > sdw -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From vznuri at netcom.com Fri Aug 11 11:01:51 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Fri, 11 Aug 95 11:01:51 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: <199508110645.CAA29891@bb.hks.net> Message-ID: <199508111759.KAA05515@netcom8.netcom.com> >I can't violate my NDA, but PGPFone will be a *major* revolution for >communication security. I would not be surprised to see several hundred >thousands of users. PGP will plale in comparison. I sincerely doubt this. if someone could find a way of doing voice encryption through simple idiotproof hardware adapters (I am thinking of cups that you could attach to any standard phone) the voice encryption will not be widely used, I think. there are very many PGP users right now, say at least in the tens of thousands if not hundreds of thousands. the requirements for live voice encryption are pretty significant: a fast computer and fast modem. this alone is only a subset of those people using PGP right now. also, I doubt there are going to be few people who use PGP phone but not PGP software. the real holy grail for voice communication encryption is when this stuff starts to get integrated into the real phone system, or people start making hardware that is cheap and self contained and idiot proof. "but it's difficult to make anything foolproof, because fools are so ingenious" the actual phone networks, because of political pressure, certainly are probably going to be the last entities on earth to use hardware that makes encryption built in. (well, assuming they don't get all that cash from the government to built in key escrow). what I think would be cool, and I'm sure everyone here would agree, is a "back door" way to encryption. one example: it used to be that slip providers were charging a lot of money. then the authors of TIA (Internet Adaptor) discovered they could simulate SLIP over a unix shell account without a significant performance penalty (i.e. it was possible). voila!! slip for everyone, *regardless* of what the provider wants or tries to manage. then, someone did this for *free* in public domain SLiRP software. this is an extremely useful model: "big fish provider" gives a capability that people want, namely processing time and disk space. they think they can regulate the uses of their system, but if there is enough degrees of freedom, they cannot, and people can actually simulate the services they want on the system regardless of what the system operators wish to control or not control. with the phone system, the analogy is that the communication networks are providing bandwidth, and while they would like to control things like voice vs. data vs. encryption, they *cannot* if their capabilities are suitably diverse (and it is virtually impossible for them *not* to be). when someone invents cheap hardware that you can just plug on top of any existing phone, i.e. "the phone adaptor", TPA?, *that's* when the world is going to go crazy with crypto. all this stuff that requires lots of hardware can be used, but the thing that will cause *everyone* to use it is when someone invents a TPA. I'm very, very surprised that no one has tried to do this yet. ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^ \ / ~/ |\| | | |> | : : : : : : Vladimir Z. Nuri : : : : \/ ./_.| | \_/ |\ | : : : : : : ftp://ftp.netcom.com/pub/vz/vznuri/home.html From rjc at clark.net Fri Aug 11 11:17:28 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 11 Aug 95 11:17:28 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: Message-ID: <199508111816.OAA05222@clark.net> > > At 1:36 PM 8/11/95, Ray Cromwell wrote: > > > My question is, how portable is it, and does it work over TCP/IP rather > >than just modem connections (I suggested this about a year ago)? My ideal > >implementation would function on the following architectures: > > > >Unix: can be used through either /dev/tty?? or Socket (probably want > >to use UDP). Works on Solaris, IRIX, AIX, NetBSD/FreeBSD/BSDI and Linux. > >(audio devices are all proprietary) > > > > > >Windows: uses Window's sound card device drivers, works via either > >comport or WinSock > > > >Mac: uses Mac sound drivers, uses Mac modem port or MacTCP > > From the "MacWeek" article, it initially runs on the Macintosh, using the > sound capabilities built into (nearly) all Macs. Direct modem connections, > with Internet versions to follow. (Windows to follow, too.) I just hope they isolated the operating system dependent code into seperate modules so that "PlaySoundChunk(Chunk)" is used rather than "MacDeviceDriverCall(MacSpecificDeviceStruct, MacSpecificFormat)" The application layer should be abstracted above the transmission layer above the link-layer. At the application layer, communications should be sent through the transmisson layer, e.g. "GetNextPGPFonePacket(Protocol, Packet)". The Protocol here would be TCPIPDriver or ModemDriver. Therefore, all one would need to do to port it to different platforms is code up a TCPIPDriver (for Unix == Berkeley Sockets, for Windows = Winsock, for Mac = MacTCP), code up a modem driver (Unix = tty's + ioctl, Mac = Communications Manager, Windows = TAPI), and finally port the SoundPlay and SoundRecord functions to the platform dependent way of playing sounds and recording them. If you are forced to abstract above "modems", your algorithms will be designed to work over more general transmission schemes. I fear that coding for modems first will lead to an overall application tuned for modems, but poorly designed for asynchronous networks. The tunning should be done in the driver, not the application/algorithm level. (for example, modems don't experience much "packet churn and loss", and they usually have a dependable bandwidth. Even if they retrain randomly from 28.8 to 14.4, they can still be counted on to atleast have 9600 bps throughput more consistently deliverable than say a slip/ppp line would) Far too often on Macs and PC's I see code "welded" to specific hardware dependencies. I only hope that PGPFone is more like PGP2.0 and less like PGP1.0 (and less like HotJava, which is also a bitch to port), because for general acceptable, I don't think it will succeed until it atleast runs and interoperates on Mac, Windows, and Linux. > The Mac may be a strange platform to develop on, to many of you, but it has > some advantages. The sound tools are relatively standardized and are even > built into the OS. Developers can thus count on what users will have. I don't think there is a problem with developing on the Mac. Atleast the Mac has a real O/S. If it had been done for DOS first, it might have been poking SoundBlaster registers with arcade magic constants in the program. However, the application should be isolated away from its I/O mechanisms so that all I/O is done through a module which "maps" I/O requests to the local operating system mechanism, rather than depending on them directly. Sorry about the rant. (I haven't seen PGP phone's code, but I am just remembering RealAudio/InternetPhone/VidPhone and a whole host of other internet utilities that are either available only for windows, only for Mac, or only for unix. Netscape seems to have done things right.) -Ray From cman at communities.com Fri Aug 11 11:25:39 1995 From: cman at communities.com (Douglas Barnes) Date: Fri, 11 Aug 95 11:25:39 PDT Subject: PRZ encrypted voice software release imminent Message-ID: Of course, if it was a substantial improvement over the other "Internet Phone" stuff that's out there, and had a good way of dealing with switching, etc., then people would use it to make "free" l.d. phone calls on the net, and the cryptography would get a free ride. Generally, you are right in suggesting that anything that requires people to crawl behind their computers, attach new cables, purchase and debug a sound card under Windows, and generally engage in techno-weenie hardware manipulations will have less appeal than something plug and play. Even given the extremely user-hostile elements of PGP the software, I would be surprised if PGPFone became as popular. From kelli at zeus.towson.edu Fri Aug 11 11:29:30 1995 From: kelli at zeus.towson.edu (K. M. Ellis) Date: Fri, 11 Aug 95 11:29:30 PDT Subject: your mail In-Reply-To: Message-ID: SHUT UP. From rjc at clark.net Fri Aug 11 11:42:41 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 11 Aug 95 11:42:41 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: <199508111759.KAA05515@netcom8.netcom.com> Message-ID: <199508111842.OAA12222@clark.net> > > > >I can't violate my NDA, but PGPFone will be a *major* revolution for > >communication security. I would not be surprised to see several hundred > >thousands of users. PGP will plale in comparison. > > I sincerely doubt this. if someone could find a way of doing > voice encryption through simple idiotproof hardware adapters > (I am thinking of cups that you could attach to any standard phone) > the voice encryption will not be widely used, I think. > there are very many PGP users right now, say at least in the > tens of thousands if not hundreds of thousands. the > requirements for live voice encryption are pretty significant: > a fast computer and fast modem. this alone is only a subset > of those people using PGP right now. also, I doubt there are > going to be few people who use PGP phone but not PGP software. I don't think CPUs and modems are an issue. When I bought my 486/DX2 more than a year ago, it was a near top of the line machine (a P66 was the only thing better and it was a lot more expensive). Now, I can look in computer shopper and see that not only is my machine not near the top of the line, it's not even "Entry Level". Pentium 75/90 systems are going for 1/3 the price I bought my computer for, and those systems have PCI buses (vs my VESA local bus), larger HDs, EDO RAM, faster video cards, etc. Assuming a baseline of a 486DX/33 or faster (like a DX4) is not unreasonable. Secondly, 14.4K modems are a dime a dozen. You can get them as low as $50 (with RPI) or $70-80 for full functionality. 28.8K modems can be bought for $150. The problem with PGPFone as I see it, is that it's an application and not a application to a protocol. To get voice encryption in large scale use will require several things IMHO 1) performance is reasonable 2) user interface is very easy to use, as easy as using a walkie talkie with a key 3) software is very easy to setup up (no knowledge of hayes commands required, no editing of slip configuration, etc) Finally, even that is not going to drive the system into a defacto ubiquitous standard unless 4) a complete, easy to read specification of the protocol used is published (perhaps as an RFC) 5) third party applications that use the protocol evolve. #5 is needed because competition between applications writers will improve the human interface of the software beyond what the PGP authors can design. (who are more likely algorithm specialists, not human interface people) 6) network independent this will be a benefit to people who want to make long distance calls over data networks. it could also be used by companies for secure teleconferencing. I would like to see a secure voice communication protocol that is divorced from the particular details of the algorithms used (although a base level of some voice compression technique + DES + RSA will have to be used) That way, new and better algorithms can be dropped in depending on the network used (modem, ipx, tcp/udp, etc) and the bandwidth required (CELP vocoder, MPEG-audio, lossless encoding, progressive PCM, etc) -Ray From jthomas at access.digex.net Fri Aug 11 11:46:40 1995 From: jthomas at access.digex.net (Joe Thomas) Date: Fri, 11 Aug 95 11:46:40 PDT Subject: Bay Area Meeting This Weekend? Message-ID: I'm just about to fly out to San Francisco, and I realized that coming up is the second Saturday of the month, the traditional meeting time for the Bay Area Cypherpunks. I haven't seen any meeting announcements, so please e-mail me if there 's one scheduled (and if you can give a ride from S.F. if so!). I've just temporarily unsubscribed (I'll catch up on the archives when I return), so please cc me if you announce the meeting to the list. Thanks, Joe Thomas From tatjana at polaris.mindport.net Fri Aug 11 11:52:34 1995 From: tatjana at polaris.mindport.net (Tatjana vonBernhardi) Date: Fri, 11 Aug 95 11:52:34 PDT Subject: Bank Fees and E-Cash In-Reply-To: Message-ID: On Wed, 9 Aug 1995, Black Unicorn wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > - - - Bank Fees and the E-cash Niche. > > Banks have gorged themselves on rocketing fees for the last five > years. The result is that typical bank customer currently pays > 150% of the amount of interest collected on accounts in a given > year in the form of fees. My prediction, and my hope, is that e- > cash will cut through the pretense upon which the rationalization > of many of these fees is based, and even market itself on this > point- Lower Fees. > you have surpassed yourself in assumption here A, your hope that e-cash will some how reduce bank fees is a long stretch. banks like their fees and the massive profits they pull too much to cut this part out. they will likely charge more for the great gift of e-cash as if it were some special feature. > > I cannot believe that e-cash won't be able to solve some of these > problems, and I hope it will limit its own fees to usage. To me > this is a classic argument for small house e-cash shops. Citibank > and Mastercard are going to fight for their fees. how will small shops hope to run with consumer titians like citibank and such? all they need to is announce something nifty like the "electric purse" and call it e-cash and the market is closed. > > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est > E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! > *New Key Information* - Finger for key revocation and latest key update. > XXX's & OOO's anyhow =) +tat -- www.mindport.net/~tatjana "Life... is a state of mind." From paul at poboy.b17c.ingr.com Fri Aug 11 12:10:57 1995 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Fri, 11 Aug 95 12:10:57 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: Message-ID: <199508111857.AA02958@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > But why the developers actually picked the Mac to do first is something > they can talk about. I worked on the Mac version of Nautilus for a very short while. Nautilus was to provide a core of interoperable code for doing voice-as-modem-stream on SunOS, DOS/Win, and Mac platforms. The developer agreement that all developers had to execute specifically said "I promise not to add any crypto." That might sound odd-- but the crypto was to be added later, under the direct or indirect supervision of PRZ. I ran out of time before the code reached that point. I don't know what percentage, if any, of the Nautilus code is incorporated in PGPfone. Based on Will Price's CryptDisk work, I look forward to learning from the PGPfone source code. - -Paul - -- Paul Robichaux, KD4JZG | Do you support free speech? Even when perobich at ingr.com | you don't like what's being said? Be a cryptography user. Ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMCuUFafb4pLe9tolAQF/vAQArDUGcD7SDpV1Zo6+neIl21SYQE34cqIx Kpqs0NV67NUTg/U/EXxalFUs1lioCvGyEbwPRxTaEi3Idfbm5A8BOVDyFJIThtLx 3Nzf7OBpYqbztzht0+E8PGOZnx0dcN2+O1jeqm86GuNp5mJ6JmQZY2ey7aqTIDfr gAZgUcIFM4k= =JPdu -----END PGP SIGNATURE----- From dbell at maths.tcd.ie Fri Aug 11 12:13:57 1995 From: dbell at maths.tcd.ie (Derek Bell) Date: Fri, 11 Aug 95 12:13:57 PDT Subject: EU Data Protection In-Reply-To: <199508041840.OAA01729@clark.net> Message-ID: <9508112013.aa23273@salmon.maths.tcd.ie> In message <199508041840.OAA01729 at clark.net>, Ray Cromwell writes: > Just more evidence for why even "well meaning" policywonks are dangerous. >Take for instance the rule that "data must be kept up to date and accurate" >How up to date and what is accuracy? So if I have a commercial web page >which records transactions on my server, and I stop logging and keep >year old records, do some statistic processing on them, I am in >violation for having stale data. If I remember the Irish data protection laws accurately, the idea is to keep innaccurate data on individials (and, possibly, companies). I doubt if data which cannot be used to identify individuals would qualify. (There is a small exemption for clubs, I can't remember the details exactly.) Assuming the same model is being proposed where you are, I doubt if it would mean you could be prosecuted for holding old transaction records, just ones that either (i) are out of date because someone may be listed as not having paid when they have or (ii) record transactions that didn't take place. > And what the hell is "accurate" data? All information about other people is >subjective. I should be entitled to record any statistics about you for my >use that I want. Just by interacting with me you transmit information. If >I interact with you and get the "wrong impression" about what type of >person you are, am I in violation for storing inaccurate data? (e.g. if >I write in my computerized diary "I think John Smith is a jerk.") I think you miss an important point; your opinion is subjective, but data can relate to objective facts (e.g. credit records). Would you take the same stance if a credit bureau claimed that you couldn't pay back half the loans you took out? What worries me about the *lack* of some form of data protection legislation is that is allows someone to build up a database of information which is a mishmash of truth, misunderstandings and lies. How would you feel if "Concerned Citizens against Cryptography" compiled a list of all members of this list, branding them as `dangerous, possibily criminal subversives'? What if that opinion was spread to other databases? How about the police investigating you because of this kind of database? > How will this law affect reputation servers? If my reputation server >has what you consider a bad review of you, am I in violation? Personally, I wouldn't take a reputation server seriously; after all if you labelled me a jerk, I could do the same to me on my own server! :-) Seriously, I don't think something as frivilous as a reputation server should be illegal, but anything that records information about individuals that could result in harm to said individuals (e.g. by falsely branding them a bad credit risk, falsely claiming them to have a criminal record, etc.) > Privacy should be implemented via cryptography, not obscure politcal >machines which are doomed to fail and produce a black market for >personal data anyway. I'm sorry, but I don't think this marked metaphor holds here. Derek Bell From tcmay at got.net Fri Aug 11 12:56:49 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 11 Aug 95 12:56:49 PDT Subject: EU Data Protection Message-ID: At 7:13 PM 8/11/95, Derek Bell wrote: > I think you miss an important point; your opinion is subjective, but >data can relate to objective facts (e.g. credit records). Would you take the >same stance if a credit bureau claimed that you couldn't pay back half the >loans you took out? Any entity which purports to hold or provide "true" information but which hold flaky or incorrect information will suffer. This is true of credit agencies, advice columns, restaurant reviews, movie ratings, book reviewers, doctor rating agencies, and so on. I won't get into all of the aspects of reputations, but this is what we're talking about. And I'll concede that not all of these examples are equally important, or use the same objective quality of data. A credit rating agency is no doubt more important than a movie review agency--though arguably the damaging effects of Siskel and Ebert trashing "Waterworld" can be many orders of magnitude more than TRW Credit having an incorrect bad debt recorded. The point is that we do not have government to maintain the accuracy of movie reviews, of lawyer ratings, and so forth. Even if one accepts the "Fair Credit Reporting Act" (a U.S. law which I think is unconstitutional, as it tells me I cannot report certain kinds of facts), the European-style data privacy laws are a further step in a wrong direction. Think about it: the name "data privacy" sounds good, at first blush, but what it really means is that my records are not private, that my records are inspectable by government agents to see if I have stored any illegal facts or correlations. > What worries me about the *lack* of some form of data protection >legislation is that is allows someone to build up a database of information >which is a mishmash of truth, misunderstandings and lies. How would you feel if >"Concerned Citizens against Cryptography" compiled a list of all members >of this list, branding them as `dangerous, possibily criminal subversives'? Things like this happen all the time. This is just an opinion they happen to have. Would you make it a crime for "Concerned Citizens against Cryptography" to do a "who cypherpunks" of this list and to think we are "dangerous, possibly criminal subversives"? In the U.S. such judgements are made all the time. Doesn't make the judgements right, but rightness is not the basis of the freedom to hold and express these beliefs. >What if that opinion was spread to other databases? How about the police >investigating you because of this kind of database? "Spreading" the opinion to other databases is no big deal. The police investigating is a separate issue. Many of us think the police should be very careful about investigating for beliefs and opinions, but, in fact, it happens all the time. (It's happened to me, for example.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From anonymous-remailer at shell.portal.com Fri Aug 11 13:12:54 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Fri, 11 Aug 95 13:12:54 PDT Subject: TIM MAY IS A CYPHERWEENIE Message-ID: <199508102357.QAA02488@jobe.shell.portal.com> I think we ought to just throw TIM MAY out of the list. let's EXCOMMUNICATE HIM. its becoming increasingly clear that he is the source of all our problems. I mean, isn't it obvious that our progress has stalled? who has written any code within the last 3 days? if we got rid of him, it would be EVOLUTION IN ACTION. this is ERIC HUGHES' mailing list, and eric hughes knows how to write some decent code. I mean, TCM's signature doesn't even have any geek code, and he hasn't changed it in 4 years or so, at least since my last grandparent died (and she was considerably more skillful at programming than TCM by knowing how to make toast). get rid of all the pricks who continually spout and spew conspiracy theories. let TCM go and find himself a new mailing list. that would be a fair comeuppance if he found that he couldn't learn to do squish because he doesn't have the slightest clue. he's a leech, a parasite, sucking on the work of others, pretending that he is at the forefront of our cause when he is only at the forefront of maniacal egomania. what has he contributed to the cause? SQUAT. just a lot of ranting about conspiracy theories and his Stock Pick of the Week crap. "the web is really growing. people should focus on it". well, THANK YOU VERY MUCH, MR. BRILLIANT COMMENTATOR AND VISIONARY, T.C.MAY, I would have never have THOUGHT of that in a zillion years, but now that you point it out, I GUESS YOU'RE RIGHT. From nesta at wwa.com Fri Aug 11 13:17:57 1995 From: nesta at wwa.com (Nesta Stubbs) Date: Fri, 11 Aug 95 13:17:57 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: <199508111759.KAA05515@netcom8.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 11 Aug 1995, Vladimir Z. Nuri wrote: > the real holy grail for voice communication encryption is > when this stuff starts to get integrated into the real > phone system, or people start making hardware that is > cheap and self contained and idiot proof. "but it's difficult > to make anything foolproof, because fools are so ingenious" > This can be done with hacked telephones probably. A switch in the telphones that then takes the line over turning it into a data connection and negotiating keys etc.. with the remote side which would have a similiarly equipped telephone. It may already be done, but rather prohibitevly expensive for common use. > this is an extremely useful model: "big fish provider" gives > a capability that people want, namely processing time and > disk space. they think they can regulate the uses of their > system, but if there is enough degrees of freedom, they > cannot, and people can actually simulate the services they > want on the system regardless of what the system operators > wish to control or not control. > not true really, most providers shut off accounts that run SLIRP if they also offer SLip/PPP service to customers. I know MCSnet did. but SLIP/PPP was only five dollars more a month and offered much better performance. "I regret that I have but six orifices to give you" -Nesta Stubbs /-/ a s t e http://www.mcs.net/~nesta/home.html Angeli Caduti Assasin -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMCueoDMPw/Yr5YDZAQEfRgQAjmBFu4Oqg4XhIh+pG2/smvP7Eg8/cHP/ bgrtErzQudyjre5Bxind0AK54fGdsJf21kZK0BESxgspA9+K5w/970UfyVFTwIaL LTQgSdqezyMx3S0HMJYoWvH5xJ3sOmHMGnq7n3hQVFoBMaVCfvUnUiUJodPr5Wd0 /TXBL5TSUSM= =6qJf -----END PGP SIGNATURE----- From yusuf921 at uidaho.edu Fri Aug 11 13:30:04 1995 From: yusuf921 at uidaho.edu (Syed Yusuf) Date: Fri, 11 Aug 95 13:30:04 PDT Subject: your mail In-Reply-To: Message-ID: On Fri, 11 Aug 1995, K. M. Ellis wrote: > SHUT UP. > KEEP THIS CRAP IN *PRIVATE* MAIL From rich_helton at msmgate.mrg.uswest.com Fri Aug 11 13:38:56 1995 From: rich_helton at msmgate.mrg.uswest.com (Rich Helton) Date: Fri, 11 Aug 95 13:38:56 PDT Subject: No Subject Message-ID: help From vznuri at netcom.com Fri Aug 11 13:47:31 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Fri, 11 Aug 95 13:47:31 PDT Subject: Purple Boxes In-Reply-To: Message-ID: <199508112044.NAA12959@netcom19.netcom.com> D.B.: >Generally, you are right in suggesting that anything that >requires people to crawl behind their computers, attach >new cables, purchase and debug a sound card under Windows, >and generally engage in techno-weenie hardware manipulations >will have less appeal than something plug and play. hey, how about this: remember all the plans for "blue boxes" etc. that got circulated all over the place during the 70's? I propose creating the schematics for a "Purple box". the box would have, dangling, those little rubber cups that can fit over phone receivers, like on the modems. it would be called the "purple box" because I have not heard of any other devices called "purple boxes" (i.e. this string in the "colorful" hacker namespace does not seem to be used up yet) and also the famous WWII compromised japanese diplomatic codes were called Purple. the way it would work is that both the caller and callee would have to agree to use the purple box. they would say "purple" over the phone after they called up and then both hook up their little gizmos. the neat thing about this is that if it catches on, people would end up buying and selling them and improving them. actually, as I recall a long time ago someone proposed on this list doing something very similar except using the devices as a kind of "kids toy" that would introduce children to encryption. it would allow them to talk through the device like a bullhorn, and the receiver would hear gobbledygook unless they had a decoder next to their ear. now I am serious, this could be a *really* fun toy for kids. you know how they love to keep secrets and play around with the idea of communicating among their friends amidst their enemies. someone who has an entrepreneurial nose, I bet you could create a *hot*fad* out of this, and sell perhaps a fraction as fast as Pogs!!! (you'd be a zillionaire at even 1% the penetration!!!) one of the problems is that serious crypto chips are pretty expensive. but an analog scrambler would actually be a decent start on all this, and I bet it could be built pretty cheaply. I volunteer to find a place to *archive* (webify) any of the plans that people write up and successfully test, including GIFs or whatever. ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^ \ / ~/ |\| | | |> | : : : : : : Vladimir Z. Nuri : : : : \/ ./_.| | \_/ |\ | : : : : : : ftp://ftp.netcom.com/pub/vz/vznuri/home.html From sbryan at maroon.tc.umn.edu Fri Aug 11 14:01:11 1995 From: sbryan at maroon.tc.umn.edu (Steve Bryan) Date: Fri, 11 Aug 95 14:01:11 PDT Subject: PRZ encrypted voice software release imminent Message-ID: At 10:59 am 8/11/95, Vladimir Z. Nuri wrote: [snip] >>I can't violate my NDA, but PGPFone will be a *major* revolution for >>communication security. I would not be surprised to see several hundred >>thousands of users. PGP will plale in comparison. > >I sincerely doubt this. if someone could find a way of doing >voice encryption through simple idiotproof hardware adapters >(I am thinking of cups that you could attach to any standard phone) [snip] Am I the one of the few who thinks that PGPFone is the biggest CypherPunk event for years? I think it will be even more significant if we get strong encryption built into the low level infrastructure of Internet as Perry and others are pursuing but that isn't an event that will be big news next week. A lot of people who don't usually think or talk about fundamental issues of privacy and technology will be doing so next week. I hope that some of the people here who have contacts in the press are ready to say useful and clarifying things to reporters who would be just as happy to concentrate on usual suspects (drug dealers, et al). On the speculation of attaching cups to a standard phone I think this has an air of unreality. To apply strong encryption you need a digital signal. That doesn't necessarily imply a computer but sufficiently powerful computers are going into people's homes at an astonishing rate already. I use MegaPhone on my Quadra 660av at home and I can't wait to try out PGPFone. Even without PGPFone I have thought for a while that computer based telephony is getting ready to take off. Combining CallerID, customized call handling, high quality speakerphone capability and a truly useful personal directory (TouchBase Pro is too sluggish, but getting there) there were already the ingredients of substantive usefulness. If you can add in street maps fetched with an AppleEvent or even a QTVR enhanced map then you get something that might make even an AT&T ad envious. Adding complete privacy (relative to previous levels available) and possibly authentication makes this a very big event. +---------------------------------------------------------------------- |Steve Bryan Internet: sbryan at maroon.tc.umn.edu |Sexton Software CompuServe: 76545,527 |Minneapolis, MN Fax: (612) 929-1799 |PGP key fingerprint: B4 C6 E2 A6 5F 87 57 7D E1 8C A6 9B A9 BE 96 CB +---------------------------------------------------------------------- From cme at TIS.COM Fri Aug 11 14:24:45 1995 From: cme at TIS.COM (Carl Ellison) Date: Fri, 11 Aug 95 14:24:45 PDT Subject: More "S-1" foolishness In-Reply-To: <199508111809.LAA02095@comsec.com> Message-ID: <9508112119.AA13790@tis.com> >Date: Thu, 10 Aug 1995 20:53:58 -0700 >From: Hal > >The other thing I noticed that really makes me question this is that G1 >only uses 4 of its 8 input bits. As I wrote, it is equivalent to >parity(i&0x17). A bit is a terrible thing to waste, and it is hard to >imagine why it would do this intentionally. G1 may not be that important >an element of the cipher but why throw away four bits? Not that I say this is real, but... I can maybe understand throwing out 4 of the bits if G0 picks them up. G1 is never used alone. However, has anyone already noted that fullkey[INTEGRITY][i][j] = 0x08 ; for all i and j? For that matter, fullkey will be a constant for any key with all the bytes the same. This might constitute a class of weak keys. - Carl From mab at crypto.com Fri Aug 11 14:58:24 1995 From: mab at crypto.com (Matt Blaze) Date: Fri, 11 Aug 95 14:58:24 PDT Subject: Still more "S-1" foolishness Message-ID: <199508112206.SAA27354@crypto.com> Here's a table of where the expanded key schedule bits come from (I think - this could be wrong, I had to tweek some of the output by hand). Note that some key bytes are used much more often, and in more positions, than others, but every key byte does at least end up being used as input to each F eventually (but not always to each "target" byte). Sorry for the opaque notation; this reads best when used in conjunction with Colin's cool graph that he posted to sci.crypt last night. -matt | | G0 G1 F+0 F+1 F+2 F+3 (function input) bytes| 4 5 2 3 0 1 (mixed with byte #) rou|enc-| all all R+6L R+6H R+7L R+7H (output affects) nd |rypt| 0 1 2 3 4 5 (key schedule byte #) # |ed |LLHH LLHH LLHH LLHH LLHH LLHH (posn of orig key byte in sched byte) ====================================== 0 76 5954 9538 5495 4851 8515 5151 1 54 1510 5194 1051 0415 4171 1717 2 32 7176 1750 7617 5071 0737 7373 3 10 3732 7316 3273 1637 6393 3939 4 67 9398 3972 9739 7293 2959 9595 5 54 5954 9538 5495 4851 8515 5151 6 32 1510 5194 1051 0415 4171 1717 7 10 7176 1750 7617 5071 0737 7373 8 76 3732 7316 3273 1637 6393 3939 9 54 9398 3972 9739 7293 2959 9595 10 32 5954 9538 5495 4851 8515 5151 (original key bytes used) 11 10 1510 5194 1051 0415 4171 1717 12 76 7176 1750 7617 5071 0737 7373 13 54 3732 7316 3273 1637 6393 3939 14 32 9398 3972 9739 7293 2959 9595 15 10 5954 9538 5495 4851 8515 5151 16 76 1510 5194 1051 0415 4171 1717 17 54 7176 1750 7617 5071 0737 7373 18 32 3732 7316 3273 1637 6393 3939 19 10 9398 3972 9739 7293 2959 9595 20 76 5954 9538 5495 4851 8515 5151 21 54 1510 5194 1051 0415 4171 1717 22 32 7176 1750 7617 5071 0737 7373 23 10 3732 7316 3273 1637 6393 3939 24 76 9398 3972 9739 7293 2959 9595 25 54 5954 9538 5495 4851 8515 5151 26 32 1510 5194 1051 0415 4171 1717 27 10 7176 1750 7617 5071 0737 7373 28 76 3732 7316 3273 1637 6393 3939 29 54 9398 3972 9739 7293 2959 9595 30 32 5954 9538 5495 4851 8515 5151 31 10 1510 5194 1051 0415 4171 1717 From dneal at usis.com Fri Aug 11 15:09:17 1995 From: dneal at usis.com (David Neal) Date: Fri, 11 Aug 95 15:09:17 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: <199508111759.KAA05515@netcom8.netcom.com> Message-ID: On Fri, 11 Aug 1995, Vladimir Z. Nuri wrote: > > when someone invents cheap hardware that you can just plug > on top of any existing phone, i.e. "the phone adaptor", TPA?, > *that's* when the world is going to go crazy with crypto. It's closer than you think. I've been messing with TI's Digital Signal Processing DSK. For $99 you get a DSP with audio in, audio out and 10k of memory. Reference implementations of : DTMF encoders/decoders; 300, 1200, 2400 baud modem programs; and voice processing software already exist. The TI Linear Products Transmission, Switching, Subscriber, and Transient Suppressors Data Book is sitting on my desk along with the Data Transmission and Control Circuits (etc) Data Book. Combined with the pinouts and software that came with DSP DSK I've been painfully trying to piece together how one might glue up a telephone interface. Unfortunately, I'm a software guy and am still learning. In any case, assuming Joe STUD Hardware Guy was willing to make a daughterboard with a 64k memory module (10k is just not enough) with an FCC approved telephone interface (available from parts suppliers). You could have a 25 MIPS based personal STU. I'm envisioning a 'black box' with two RJ-11 jacks which daisy chained in with your phone like a modern modem. Triggering key exchange could be a simple DTMF sequence. Ultimately, the device could be combined into a single board eliminating parts, reducing space, and lowering power supply requirments. The DSP DSK currently needs ~14 Volts AC. I'd like to see that black box portable and able to use some nine volt or AA batteries. > all this stuff that requires lots of hardware can be used, > but the thing that will cause *everyone* to use it is when > someone invents a TPA. I'm very, very surprised that no > one has tried to do this yet. > In any case, I'm trying to do it, but my efforts will never realise a commericial result. I just don't have the money to buy parts in bulk, and without doing that units would be $200-$500 each. From mab at crypto.com Fri Aug 11 15:13:20 1995 From: mab at crypto.com (Matt Blaze) Date: Fri, 11 Aug 95 15:13:20 PDT Subject: More "S-1" foolishness In-Reply-To: <9508112119.AA13790@tis.com> Message-ID: <199508112221.SAA27518@crypto.com> >For that matter, fullkey will be a constant for any key with all the bytes >the same. This might constitute a class of weak keys. Interestingly, though, such keys are not weak in the sense that the all-zero/all-one key is weak in DES. There doesn't seem to be any obvious way to key it such that encryption == decryption. -matt From eb at comsec.com Fri Aug 11 15:17:44 1995 From: eb at comsec.com (Eric Blossom) Date: Fri, 11 Aug 95 15:17:44 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: <199508111816.OAA05222@clark.net> Message-ID: <199508112143.OAA02837@comsec.com> > If you are forced to abstract above "modems", your algorithms will > be designed to work over more general transmission schemes. I fear > that coding for modems first will lead to an overall application tuned for > modems, but poorly designed for asynchronous networks. The tunning should > be done in the driver, not the application/algorithm level. > (for example, modems don't experience much "packet churn and loss", > and they usually have a dependable bandwidth. Even if they retrain > randomly from 28.8 to 14.4, they can still be counted on to atleast have > 9600 bps throughput more consistently deliverable than say a slip/ppp line > would) asynchronous networks are a completely different beast than your basic point-to-point phone call. Over. If you expect people to use a secure voice communication device, they've got to like it. Over. I don't know anybody who prefers more latency. Over. I think that it makes great sense to optimize for a point-to-point connection. I also believe that it should be an un-error corrected channel (no V.42 or V.42bis) since many speech coders can tolerate the errors. Knowing the channel characteristics also allows you to tailor your crypto usage. If you know you've got a raw synchronous channel, and Pr(bit insert or bit delete) << Pr(bit error) than you can avoid a lot of overhead. This does matter where bandwidth is tight. Say, sticking a 13,000 bit/s coder down a 14,400 bit/s pipe. With GSM's 260 bit frame every 20ms, it leaves 28 bits per frame for all overhead. This includes any forward error correction, sync maintenance, crypto IV's etc. You can't tune this in the driver. None of this says that you shouldn't also optimize for the packetized case too. I think that you can negotiate the right behavior at start up time based on detected channel characteristics. I think that the biggest impact is in the framing overhead, or lack of it. You are always trading off bandwidth, speech quality and MIPs. Eric From wmono at Direct.CA Fri Aug 11 15:32:04 1995 From: wmono at Direct.CA (William Ono) Date: Fri, 11 Aug 95 15:32:04 PDT Subject: your mail Message-ID: <199508112229.PAA17698@mail.direct.ca> At 02:28 PM 08/11/95 -0400, K. M. Ellis wrote: >SHUT UP. > That was entirely useless. 1) You directed your mail to a dummy address representing an anonymous remailer. 2) You wasted even more bandwidth, time, and disk space by posting yet another useless post to cypherpunks. Please note the To: and Cc: fields carefully next time you address a mail! -- William Ono PGP 2902B621 fingerprint = 51 6B BC 81 57 D8 FF 6A 5A A1 A4 6B 9A E3 E5 EE = fingerprint PGP-encrypted mail welcome! Witty Quote Goes Here From nobody at REPLAY.COM Fri Aug 11 16:35:37 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 11 Aug 95 16:35:37 PDT Subject: PRZ encrypted voice software release imminent Message-ID: <199508112335.BAA00874@utopia.hacktic.nl> Responding to msg by sbryan at maroon.tc.umn.edu (Steve Bryan) on Fri, 11 Aug 3:59 PM >A lot of people who >don't usually think or talk about fundamental issues >of privacy and technology will be doing so next week. PRZ is due to receive a prestigious design award for PGP this month, which may give a boost to public awareness of crypto's value for privacy. From penny at tyrell.net Fri Aug 11 18:41:48 1995 From: penny at tyrell.net (Vicki Penny) Date: Fri, 11 Aug 95 18:41:48 PDT Subject: Access Message-ID: <199508120137.AA29946@tyrell.net> > Date: Fri, 11 Aug 1995 09:54:57 -0400 >From: FrFunston at aol.com >Message-Id: <950811095455_52556775 at aol.com> >To: penny at tyrell.net >Subject: Re: A quick prayer >Status: RO > >In Anglican Forum, you wrote: > >>My son and I also like to sit on the back deck in the evening when it is >>cool enough to watch and listen to the wonders of creation. > >Vicky -- when recently in Kansas City has this been possible? Actually, it's been rather hot, lately! I do manage to get out some evenings. We have two great big elm trees that provide great shade. I also like to get out early in the morning and do my prayers! Thanks, too, for your invitation to visit on Sunday - this is difficult because I am the organist at St. Peter's! But, if I ever have the chance, I would really like to do that. Maybe there is a weekday service some time? > >By the way, what internet access do you use? I'm on AOL but for some of my >uses, a less costly Web surfer would be really great. I've had some >difficulty finding what's available locally. My husband has subscribed to a service called Tyrell that is based here in town that connects to the Internet. Call (816) 454-6788 with your modem and log in as "info" for rates and features. They offer thirty hours of connect time a month for $10.00 and $.75 for every hour used after that. It's not as user friendly as AOL and we have an older computer set. You can get something in windows that Tyrell supports that will make it very user friendly. There is a one time activation charge of $9.00. You can also pay a lump sum of $90.00 per year for the same 30 hours a month. God Bless! Vicki From penny at tyrell.net Fri Aug 11 18:41:52 1995 From: penny at tyrell.net (Vicki Penny) Date: Fri, 11 Aug 95 18:41:52 PDT Subject: hard hymns Message-ID: <199508120137.AA29980@tyrell.net> >Ok, I guess I'll jump in here, too. Since I am an organist, I will list a few hymns I've noticed the congregation having difficulty singing: #56 O Come, O Come, Immanuel - in the new hymnal, it has been changed to be more authentic, but since people are used to the 1940 timing, they stumble every time. #688 A Mighty Fortress - Same reason as above. #208 The Strife is O'er - they do great on the verse, but really, I have never figured out what they do on the Antiphon!!! They certainly aren't with me! In our congregation - any hymn not previously in the 1940 hymn book! They always groan afterwards - "we don't know that one." Also, "we can't do a new hymn at the beginning, the choir would stumble coming in", "we can't do a new hymn at the Gospel - too important a place", we can't do a new hymn post communion - it would interfere with devotion and thanksgiving after Eucharist and we don't want to irritate people" and "we can't do a new hymn at the end because the choir would stumble and we need to end on a familiar uplifting note." If anyone else has experienced this sort of thing, I would welcome suggestions. I am hoping that our new rector, when he arrives in October, will also be able to help! Vicki Penny St. Peter's - Kansas City From penny at tyrell.net Fri Aug 11 18:48:21 1995 From: penny at tyrell.net (Alan Penny) Date: Fri, 11 Aug 95 18:48:21 PDT Subject: Oops, Sorry Message-ID: <199508120143.AA00904@tyrell.net> Sorry about the noise. The letter from Vicki Penny was from a snarled up script that ran astray. Cordially, [-------------------------------------------------------------------------] [ Public pgp-key: email penny at tyrell.net with subject as 'send pgp-key' ] [ My opinions are mine. I have scored 90% on the the Turing Test. ] [ Alan Penny, penny at tyrell.net ] From feanor at anduin.gondolin.org Fri Aug 11 19:06:39 1995 From: feanor at anduin.gondolin.org (Bryan Strawser) Date: Fri, 11 Aug 95 19:06:39 PDT Subject: Nym Server Development.... Message-ID: <199508120204.VAA13172@anduin.gondolin.org> John Fleming, along with a bit of support help from myself, is developing a nym server that he is intending to release to the public once we are satisfied with the performance and the state of the code. At this point and time, John has pushed the code to the point where we have am experimental nym server operating that is being constantly refined and features added. Along the same lines, I am presently working on solid documentation for when the nymserver is ready for public use, and for the later public release of the code. John created a mailing list for those interesting in contributing to the development of his nymserver and as a forum for discussion of nymserver related issues. So far, there have been few folks subscribed, and no answer from those that are presently subscribed to the list. I find this rather disappointing. This is your chance to get involved in developing this server. There has been alot of interest expressed in nymservers on this list previously, as well from other folks that presnetly use the type I and II remailers that are running today. Just like the other types of anonymity out there, a nymserver has many viable reasons for existance. The lack of publically available code for such a server, as there is for remailers, should motivate us to get behind John and his efforts. To subscribe to the nymserver development & discussion forum, send a message to majordomo at sephiroth.org with the line "subscribe nyms " in the body of the message. Questions about the nymserver should be directed to that list so that all can be involved in the development. Thanks for your input, Bryan -- Bryan Strawser, Gondolin Technologies, Bloomington, IN USA Remember Waco feanor at gondolin.org Live free or die From tcmay at got.net Fri Aug 11 19:27:28 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 11 Aug 95 19:27:28 PDT Subject: Nym Server Development.... Message-ID: (I've removed these from this folllow-up: remailer-operators at c2.org, nyms at sephiroth.org, alt.privacy.anon-server at canaima.ME.berkeley.edu) At 2:04 AM 8/12/95, Bryan Strawser wrote: >John Fleming, along with a bit of support help from myself, is developing >a nym server that he is intending to release to the public once we are >satisfied with the performance and the state of the code. What is your working definition of "nym server"? >At this point and time, John has pushed the code to the point where we >have am experimental nym server operating that is being constantly >refined and features added. Along the same lines, I am presently >working on solid documentation for when the nymserver is ready for >public use, and for the later public release of the code. > >John created a mailing list for those interesting in contributing to the >development of his nymserver and as a forum for discussion of nymserver >related issues. So far, there have been few folks subscribed, and no >answer from those that are presently subscribed to the list. I find >this rather disappointing. Maye there's little interest because I can't find any threads that discuss just what a "nym server" is. I can make some guesses as to what _I_ might call a nym server, but there are some important issues (of who keeps the records, and why a nym server is better than just using unforgeable sigs, etc.) that need discussing. >that are running today. Just like the other types of anonymity out >there, a nymserver has many viable reasons for existance. The lack of >publically available code for such a server, as there is for remailers, >should motivate us to get behind John and his efforts. Why should we get behind an effort that has not been spelled out or discussed here? Maybe I'm missing the debate in the groups I deleted (see above), but I really don't know what it's about. >To subscribe to the nymserver development & discussion forum, send >a message to majordomo at sephiroth.org with the line "subscribe nyms >" in the body of the message. Questions about the >nymserver should be directed to that list so that all can be involved >in the development. Sorry, Bryan, but I don't typically join mailing lists so I can find out what the subject of a mailing list is! :-} Describe for us what you have in mind for "nym servers" and why they are important, then maybe more folks will get involved. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From nobody at valhalla.phoenix.net Fri Aug 11 19:45:22 1995 From: nobody at valhalla.phoenix.net (Anonymous) Date: Fri, 11 Aug 95 19:45:22 PDT Subject: Euro Comm Adopts Privacy Directive (NewsClip) Message-ID: <199508120245.VAA05377@ valhalla.phoenix.net> European Commission Adopts Privacy Directive Brussels, Aug. 11, -- The European Commission is now well on its way towards affording a high level of protection to personal data held on computer systems, following the formal adoption of a Directive on the protection of personal data, Newsbytes has learned. "I am pleased that this important measure, which will ensure a high level of protection for the privacy of individuals in all Member States, has been adopted with a very wide measure of agreement within the Council and European Parliament," said EC Single Market Commissioner Mario Monti, announcing the measure. According to Monti, the Directive will also help to ensure the free flow of information society services in the "Single Market" by "fostering consumer confidence and minimizing differences between member states' rules." "Moreover, the text agreed includes special provisions for journalists, which reconcile the right to privacy with freedom of expression," he said, adding that the member states must transpose the Directive within three years (i.e., write it into their own legislation), "but I sincerely hope that they will take the necessary measures without waiting for the deadline to expire so as to encourage the investment required for the information society to become a reality." Monti claims that the Directive will establish a "clear and stable" regulatory framework necessary to guarantee free movement of personal data, while leaving individual EU countries room for maneuver in the way the Directive is implemented. According to the Directive, free movement of data is particularly important for all services with a large customer base and depending on processing personal data, such as distance selling and financial services. In practice, however, banks and insurance companies process large quantities of personal data on such highly sensitive issues as credit ratings and credit-worthiness. If each member state had its own set of rules on data protection, for example, on how data subjects could verify the information held on them, cross-border provision of services, notably over the information superhighways, would be virtually impossible and this extremely valuable new market opportunity would be lost, the EC claims. According to the EC, the Directive aims to narrow divergences between national data protection laws to the extent necessary to remove obstacles to the free movement of personal data within the EU. As a result, any person whose data is processed in the EC will be afforded an equivalent level of protection of his rights, in particular his right to privacy, irrespective of the member state where the processing is carried out. The EC claims that, until now, differences between national data protection laws have resulted in obstacles to transfers of personal data between EC member states, even when these countries have ratified the 1981 Council of Europe Convention on personal data protection. This has been a particular problem, the EC notes, for multinational companies wishing to transfer data concerning their employees between their operations in different member states. According to the Commission, such obstacles to data transfers could seriously impede the future growth of information society services. The Directive establishes the principle of "fairness," so that a collection of data should be as transparent as possible, giving individuals the option of whether they provide the information or not. The Directive requires all data processing to have a proper legal basis. The legal grounds defined in the Directive are: consent, contract, legal obligation, vital interest of the data subject, and the balance between the legitimate interests of the people controlling the data and the people on whom data is held (i.e., data subjects). This balance gives member states room for maneuver in their implementation and application of the Directive, the Commission claims. Press & Reader Contact: European Commission, +32-299-1111 -- From feanor at anduin.gondolin.org Fri Aug 11 19:50:46 1995 From: feanor at anduin.gondolin.org (Bryan Strawser) Date: Fri, 11 Aug 95 19:50:46 PDT Subject: No Subject Message-ID: <199508120242.VAA00212@anduin.gondolin.org> In a previous message, Timothy C. May said... > > What is your working definition of "nym server"? There have been discussions concernign this before both on here and other mailing lists, such as remailer-operators. A nym server is an operation similar to anon.penet.fi, but more secure. Sameer has two of these operating now that uses PGP encrypted reply blocks and such. [omega.c2.org and alpha.c2.org, both of which use different operating methods] What John is attempting to do is have a nymserver like anon.penet.fi, where folks can create an alias and send/recieve mail/postings to it. However, unlike Julf's system, a secure nymserver would prevent the owner from being able to divulge who the real-life person is behind the alias because of the PGP encrypted reply block and other options involved. Bryan -- Bryan Strawser, Gondolin Technologies, Bloomington, IN USA Remember Waco feanor at gondolin.org Live free or die From rsnyder at janet.advsys.com Fri Aug 11 20:15:06 1995 From: rsnyder at janet.advsys.com (Bob Snyder) Date: Fri, 11 Aug 95 20:15:06 PDT Subject: IPSEC goes to RFC In-Reply-To: Message-ID: <199508120315.XAA14852@janet.advsys.com> dneal at usis.com said: > I'd like to also volunteer to do the linux port, whether it be > coordination patches, hacking code, finding people, whatever. > Also, if other cypherpunk subscribers feel that this topic is > inappropriate for the list (not likely) or that it would generate too > much traffic for the list (?) I can create a new majordomo list > dedicated to the effort in 10 minutes. The detailed discussions of planning such a port probably are inappropriate for cypherpunks. Lord knows we need to conserve space for Foster conspiracy theories..... I think a seperate list might not be a bad idea. Either on your server or on something like vger.rutgers.edu, which is pretty much the linux mailing center of the universe right now. :-) We should probably also check on comp.os.linux.networking and linux-net at vger.rutgers.edu to make sure someone isn't already working on this. The ideal author would be outside the US, since the patches would need to be mailed to Linus for inclusion in the kernel, and that brings up some interesting ITAR issues. Bob From shamrock at netcom.com Fri Aug 11 21:36:27 1995 From: shamrock at netcom.com (Lucky Green) Date: Fri, 11 Aug 95 21:36:27 PDT Subject: PRZ encrypted voice software release imminent Message-ID: At 10:59 8/11/95, Vladimir Z. Nuri wrote: >the real holy grail for voice communication encryption is >when this stuff starts to get integrated into the real >phone system, or people start making hardware that is >cheap and self contained and idiot proof. "but it's difficult >to make anything foolproof, because fools are so ingenious" [...] >when someone invents cheap hardware that you can just plug >on top of any existing phone, i.e. "the phone adaptor", TPA?, >*that's* when the world is going to go crazy with crypto. >all this stuff that requires lots of hardware can be used, >but the thing that will cause *everyone* to use it is when >someone invents a TPA. I'm very, very surprised that no >one has tried to do this yet. As some of you know, I work for a LAN-Telephony company. One of our products is a hardware based computer telephony product that we will be able to provide at less than $100 per node. The product contains a CPU as well as a DSP and is ideally suited for voice transmission with encryption over networks. We inted to make this product fully interoperate with software based PGPFone implementations and also lending our computer telephony experience to the PGPFone development team. This cooperation will provide hundreds of thousands of corporate users with PGPFone compatible, rock solid, call security at a fraction of the cost of today's "secure" phones. Our expertise will also help improve the performance of the software based freeware PGPFone implementations. Sorry, I am unable to provide more details at this point. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Fri Aug 11 22:09:28 1995 From: shamrock at netcom.com (Lucky Green) Date: Fri, 11 Aug 95 22:09:28 PDT Subject: PRZ encrypted voice software release imminent Message-ID: At 14:42 8/11/95, Ray Cromwell wrote: >I would like to see a secure voice communication protocol that is divorced >from the particular details of the algorithms used (although a >base level of some voice compression technique + DES + RSA will have to >be used) That way, new and better algorithms can be dropped in depending >on the network used (modem, ipx, tcp/udp, etc) and the bandwidth required >(CELP vocoder, MPEG-audio, lossless encoding, progressive PCM, etc) The codec used is at the very core of any computer telephony system. A standard that doesn't specify the codec(s) can be little more than a standard on message formats, which will be of little value if the other side doesn't implement the same codec. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Fri Aug 11 22:09:29 1995 From: shamrock at netcom.com (Lucky Green) Date: Fri, 11 Aug 95 22:09:29 PDT Subject: PRZ encrypted voice software release imminent Message-ID: At 15:59 8/11/95, Steve Bryan wrote: >Even without PGPFone I have thought for a while that computer based >telephony is getting ready to take off. Combining CallerID, customized >call handling, high quality speakerphone capability and a truly useful >personal directory (TouchBase Pro is too sluggish, but getting there) >there were already the ingredients of substantive usefulness. If you can >add in street maps fetched with an AppleEvent or even a QTVR enhanced map >then you get something that might make even an AT&T ad envious. Adding >complete privacy (relative to previous levels available) and possibly >authentication makes this a very big event. You will, and the company that will bring it to you...won't be AT&T. -- Lucky Green PGP encrypted mail preferred. From jcaldwel at iquest.net Fri Aug 11 22:36:55 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Fri, 11 Aug 95 22:36:55 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: Message-ID: >Of course, if it was a substantial improvement over the >other "Internet Phone" stuff that's out there, and had >a good way of dealing with switching, etc., then people >would use it to make "free" l.d. phone calls on the net, >and the cryptography would get a free ride. >Generally, you are right in suggesting that anything that >requires people to crawl behind their computers, attach >new cables, purchase and debug a sound card under Windows, >and generally engage in techno-weenie hardware manipulations >will have less appeal than something plug and play. Even >given the extremely user-hostile elements of PGP the software, >I would be surprised if PGPFone became as popular. Hmm, oportunities for 'consulting fees' abound in setting up PGP, PGPFone is another one. ;-) From rogaski at phobos.lib.iup.edu Fri Aug 11 23:53:29 1995 From: rogaski at phobos.lib.iup.edu (Mark Rogaski) Date: Fri, 11 Aug 95 23:53:29 PDT Subject: your mail In-Reply-To: <199508120242.VAA00212@anduin.gondolin.org> Message-ID: <199508120653.CAA03702@phobos.lib.iup.edu> -----BEGIN PGP SIGNED MESSAGE----- - From the node of Bryan Strawser: : : : What John is attempting to do is have a nymserver like anon.penet.fi, : where folks can create an alias and send/recieve mail/postings to it. : However, unlike Julf's system, a secure nymserver would prevent the owner : from being able to divulge who the real-life person is behind the : alias because of the PGP encrypted reply block and other options : involved. : But how does one ensure that no logs are kept on the server, and how does the encrypted reply block work (I can't see how this will shield identity from both of the communicating parties)? - ----- #include Mark Rogaski 100,000 lemmings rogaski at phobos.lib.iup.edu aka Doc, wendigo can't be wrong! http://www.lib.iup.edu/~rogaski/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMCxP1x0c4/pqJauBAQFvhAP+OibktWOj8RPdOhDF88Zse84S+AuUnCMv jLbvJ7q6cJELtZ6cXkv24iVLRPD+EyTkZ6V4BWEPhXDpeKtYhcZf0fdRyM2QCdpR kNvygkCgrMiynaDQZqkeWzucj54wmZ5U1s9+wH6hcdp5E17+AnZDPrtit6OENwFw 87dLMAHPmf4= =EQGr -----END PGP SIGNATURE----- From sameer at c2.org Sat Aug 12 00:07:13 1995 From: sameer at c2.org (sameer) Date: Sat, 12 Aug 95 00:07:13 PDT Subject: Nym Server Development.... In-Reply-To: Message-ID: <199508120702.AAA25233@infinity.c2.org> > > Describe for us what you have in mind for "nym servers" and why they are > important, then maybe more folks will get involved. > I beleive that Bryan is referring to nym servers along the lines of alpha and omega (.c2.org) The omega source isn't publically available because frankly I'm pretty ashamed of how ugly and nasty the program is (I wrote it more than a year ago, and my "improvement" in my perl programming skill shows if you compare that code with code I've written lately in perl). I'm not sure why the alpha source isn't available, as it isn't my server. (It runs on my ISP because Matt Ghio, who runs it, has an account here) The alpha and omega servers share the fact that someone can register a nym anonymously and give the server an encrypted-reply-block rather than a real email address. This is secure to the court-order form of attack against the anonymous identity, as opposed to the penet server, which is not secure against court-order attack. (There is still very much work that needs to be done towards defeating replay & traffic analysis attacks on anonymous forwarders on the server) -- sameer Voice: 510-601-9777 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From erc at khijol.intele.net Sat Aug 12 00:51:24 1995 From: erc at khijol.intele.net (Ed Carp [khijol SysAdmin]) Date: Sat, 12 Aug 95 00:51:24 PDT Subject: your mail In-Reply-To: Message-ID: On Fri, 11 Aug 1995, Ford Prefect wrote: > perry, of course, is a dysfunctional human "cipher" himself, I always thought he was an AI program that someone put in a lot of abusive crap to be funny - then someone accidentally let it loose on the net ;) -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. From erc at khijol.intele.net Sat Aug 12 00:56:15 1995 From: erc at khijol.intele.net (Ed Carp [khijol SysAdmin]) Date: Sat, 12 Aug 95 00:56:15 PDT Subject: F*** FOSTER In-Reply-To: <199508102345.BAA14099@utopia.hacktic.nl> Message-ID: Oh, who gives a rat's ass? Just hit 'd' and be done with it... -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. From gjeffers at socketis.net Sat Aug 12 01:24:15 1995 From: gjeffers at socketis.net (Gary Jeffers) Date: Sat, 12 Aug 95 01:24:15 PDT Subject: PERRY-GRAMS (Does Perry speak for Cypherpunks?) Message-ID: <199508121046.FAA06728@mail.socketis.net> PERRY-GRAMS (Does Perry speak for Cypherpunks?) I have a solution to the Perry off-topic problem: PERRY-GRAMS. I got this idea from the following text of Tim May's:. ----------------- start Tim May text --------------------------------- Perry is Perry. He has certainly written his share of rants and "off-topic" posts, as have we all. Literally thousands of his posts over the past 3 years reside on my disk drives, and certainly until recently most of them were not about writing code. --------------------end Tim May text --------------------------------- Firstly, what is a Perry-Gram? 1. Find a long Cypherpunk post by Perry that is in your opinion, "off-topic". Keep the header. 2. Add the full post of Perry's "Ciphergroupies" post which I have thoughtfully included at the end of this post. Include header. 3. Add text asking Perry to defend his off-topic post as appropriate to Cypherpunks. For true effectiveness, you really need to post several Perry-Grams per provocation. To be really effective, Cypherpunk "Ciphergroupies" will need to do a little networking. Most don't have much in the way of Cypherpunk archives - but some do. If you want to make some Perry-Grams but lack the archives, then post a call to Cypherpunks to have someone with archives to send you as many long, "off-topic" posts by Perry as they can. With a little cooperation, we can build up a data base of Perry "off-topic" posts. Unfortunately, my Cypherpunk archives were lost, so I won't be much help. - I am at a loss for Perry's words. However, a lot of Cypherpunks keep lots of old posts. I am willing to store at least one 1.44 meg diskette of Perry-Grams in compressed .zip format. Trade them like baseball cards. Of course, with computers, that's sharing :-). If you're having problems getting people with archives to help you, then contact Tim May. I suspect that Tim (Bless his Generosity) will be willing to dig up some potential Perry-Grams material for you. Treasure your Perry-Grams. They are not merely for the current Perry threads. If you save them, then you can whip them out in the future when Perry does more of his nasty, hateful "off-topic" attacks. I recommend Perry-Gram diskettes. I think this is the best way to bell the Perry- cat. Let Perry deny his own words! :-) :-) :-) Crypto relevance: Cypherpunks cannot be well described as just a list for techno freaks who love Crypto. I believe that most of the heavy crypto coders & theorists would be just as happy to be working on AI, linkers, natural language parsers, etc.. - were it not for POLITICAL CONSID- ERATIONS! I think most of the active people on Cypherpunks despise central political control & are active in order to stop it. Cypherpunks is motivationally driven by this political consideration. Perry did not spend $50k & "spend months of [his] life struggling to..." just because he thinks that computer crypto is "RAD KOOL". Then why drive out our polemists & our conspiracy buffs? Conspiracy theory is the theory of the working of states by non-establishment writers. Our political writers are "crying fire" when "danger of fire" is evident to them. They MUST give out the alarm. Most people are ignorant of the degree of danger that we are in from the power- mad illigitmate United States "Federal" State. Thank God for "extremist right-wing kooks" who do conspiracy writing. They may yet save us from establishment "left-wing Liberal kooks" who seem desperate to bankrupt us & turn America into a police state. Not that the Republicans are much better. They seem to be on a mission to cut Democratic spending by 5%. - As the Russians say "Prophylactic politics." - When there is public discontent with the elite's policies, give the people an insincere group of politicians to cater to the public's grievances. -------- start of Perry E. Metzger "Ciphergroupie" post ---------- Received: from toad.com by relay3.UU.NET with SMTP id QQzcct17133; Wed, 9 Aug 1995 21:53:27 -0400 Received: by toad.com id AA08720; Wed, 9 Aug 95 18:35:44 PDT Received: from panix4.panix.com by toad.com id AA08714; Wed, 9 Aug 95 18:35:40 PDT Received: from panix2.panix.com (panix2.panix.com [198.7.0.3]) by panix4.panix.com (8.6.12/8.6.12+PanixU1.1) with SMTP id VAA03975; Wed, 9 Aug 1995 21:34:13 -0400 Message-Id: <199508100134.VAA03975 at panix4.panix.com> To: KALLISTE at delphi.com Cc: cypherpunks at toad.com Subject: Re: Only 1/3 of Government Computers Down So Far In-Reply-To: Your message of "Wed, 09 Aug 1995 12:29:59 EDT." <01HTVAYUCH6W90PB08 at delphi.com> Reply-To: perry at piermont.com X-Reposting-Policy: redistribute only with permission Date: Wed, 09 Aug 1995 21:34:12 -0400 From: "Perry E. Metzger" Sender: owner-cypherpunks at toad.com Precedence: bulk KALLISTE at delphi.com writes: > Many people are interested in cryptology because they don't > want the NSA (among others) invading their privacy. So, the question is this: do people want to follow the standard "ooh, lets shudder at the conspiracy theories" track, and fall flat on their faces, or do they want to see cryptography implemented and widely deployed? The noise levels on this list have driven most of the important crypto types off it. People like Phil Karn and Steve Bellovin, who actually implement stuff, aren't here any more. Instead, we have a vast flood of ciphergroupies who love to post the latest funny bit they found on the net, discuss whether David Koresh was being unfairly persecuted, and how many bits of toe lint they found last week. What we used to have was the cafe where the politically motivated cryptographers hung out and gossiped. Now we have an open sewer in which the occassional pearl still floats, and the cryptographers are mostly gone. Those of us who want to discuss cryptography here have been displaced. If your goal is to impede communication about cryptography, you've admirably succeeded. You've cut off one more place where people were discussing how to deploy real-world solutions. Tim May is wrong. I don't care what you call a "cypherpunk" -- thats your business. However, the useful people *are* the people who write code, spend long hours working to get standards implemented, work lobbying in Congress, etc. Those of you who just rant, like Tim, were very useful two years ago, but its getting rather thin listening to you guys make it impossible to discuss real work while you blather. (Sorry, Tim. However, as long as you are going to call me "abusive" I might as well speak my mind. If you are going to do the time, might as well do the crime.) > The Foster story concerns the chief NSA privacy-invasion of modern > times: spying on domestic banking transactions. So it's relevant. Actually, what you've been posting has been even below the standards of journalistic integrity (i.e. few) that you find on a Pacifica radio station. I don't even care if all the conspiracies are real. Isn't what is out in the open enough? If the invasions of privacy that the government acknowledges and the crap like Clipper that they try to foist on us isn't horrifying enough, what weak-assed conspiracy theory that someone came up with while tripping is going to do it for you. Reality is frightening enough. FINCEN is real. The NSA really spied on people at least until the congressional hearings in the '70s. The government really invades privacy every day. Why do I need crap? > The Grand Inquisitor role is getting a little old. So if > you want to continue to play it, my response is: Fuck Off. > > -Orlin Frankly, Orlin, I think you are, with respect to the goals we are trying to advance here, a useless lump of flesh. I've spent about $50,000 of my own money trying to make the internet safe for root-eaters like yourself. I've spent months of my life struggling to get RFCs out, and I'm spending most of this month locked in my apartment writing code. Right now, we are coordinating an effort to try to get get IPSEC widely implemented in the next several months and deployed by spring. What do you do, exactly, other than generate chaff to make it impossible for any real work to be seen on the radar? When people bring up real work, like cryptographic libraries or Wei's stuff or the work I've been doing in the IETF and that sort of thing people like Matt Blaze notice, and maybe Ray Cromwell and Hal Finney (cypherpunks both, not ciphergroupies) try to discuss things, but the folks like you basically drown everything out by making more noise about random conspiracy garbage. Frankly, if anyone is helping the NSA, its you. They don't want to see universally deployed crypto. You could be out trying to spread cryptography by coding, by handing people crypto when they need it, or any one of dozens of other things. Instead, what you are doing is making it impossible for people to try to get work done. I have no idea what you are like personally. Maybe you're a nice, smart guy. Maybe you are really a useful person in your other life. However, I don't think your posting more conspiracy tracts is improving life as we know it. You have become an impediment -- a lump of rock in the highway. You aren't part of the solution -- you are part of the problem. Perry ----------------end Perry E. Metzger "Ciphergroupie" post -------------- PUSH EM BACK! PUSH EM BACK! WWWAAAYYYY BBBAAACCCK! BBBEEEAAATTTT STATE! Gary Jeffers  From stewarts at ix.netcom.com Sat Aug 12 01:59:17 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 12 Aug 95 01:59:17 PDT Subject: EU Data Protection Message-ID: <199508120857.BAA11353@ix5.ix.netcom.com> >At 7:13 PM 8/11/95, Derek Bell wrote: >> I think you miss an important point; your opinion is subjective, but >>data can relate to objective facts (e.g. credit records). Would you take the >>same stance if a credit bureau claimed that you couldn't pay back half the >>loans you took out? There's a difference between what information you maintain for internal purposes and what information you give to other people. I don't really _care_ what nonsense a credit bureau may have in their internal records, only what they tell other people about me. If they somehow think I'm a bankrupt Communist space alien, but tell their credit-rating customers that my credit looks ok, it's not my business. If they use their own internal records to decide that _they_ don't want to lend me money, well, somebody else will get my business; it's in their interest to be accurate. A more interesting question is whether reporting credit transactions in private communications with their data customers constitutes libel if they inaccurately say bad things about me, and do I have a right to force them to tell me. Tim May thinks this kind of forced speech violates the US Constitution; I'm less bothered by laws telling corporations what to do (since corporations are fictional creations of the state) than by laws telling human-owned businesses or individual humans what to do. Tim May replies: >Think about it: the name "data privacy" sounds good, at first blush, but >what it really means is that my records are not private, that my records >are inspectable by government agents to see if I have stored any illegal >facts or correlations. Yeah. If you register your computer and its data with the Data Police, they have the right to inspect it. If you _don't register, that gives them reasonable suspicion to believe that you might have "illegally unregistered data" on the machine, so they have the power to inspect it. Kind of like proving you're not a witch.... #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- Storyteller makes no choice - soon you will not hear his voice. His job was to shed light, and not to master. RIP, Jerry From stewarts at ix.netcom.com Sat Aug 12 01:59:55 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 12 Aug 95 01:59:55 PDT Subject: PRZ encrypted voice software release imminent Message-ID: <199508120857.BAA11361@ix5.ix.netcom.com> At 10:59 AM 8/11/95 -0700, you wrote: >the requirements for live voice encryption are pretty significant: >a fast computer and fast modem. this alone is only a subset >of those people using PGP right now. The tradeoffs are speech encoding quality, and we basically crossed that line a year or two ago for the high end, and are heading toward mass capability. 9600 baud high-quality speech takes lots of crunching, 13.3 kbps GSM takes a Sparc 2 or maybe a Pentium, 16 kbps ADPCM is dirt trivial and can probably run on an 8086. The coding options with Nautilus run on 386s. And you can get by with less if you're willing to put up with half-duplex. Yes, lots of us aren't using modems faster than 14400 now, but you can get a 14.4/19.2 modem at Fry's for well under $100. (19.2 is unfortunately not quite enough to 16 kbps, given start and stop bits, unless you do synchronous or start playing with V.42 a bit, but it's close. Sound cards are down in the $50 range, and give you the analog/digital conversion as well as some computation. Adding a sound card is a bit of work, given the wonderful operating systems on many PCs :-), but folks put them in along with CDROMs so they can run all the latest multimedia applications, or high-end versions of DOOM. Anybody who needs to avoid government or business-competitor eavesdroppers can probably afford $150 in extra hardware for their PC. This doesn't apply to international communications or folks in the boonies, where it's hard to get full performance out of modems, so you Commie spies and Earth First!ers will need more expensive high-tech equipment :-)... #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- Storyteller makes no choice - soon you will not hear his voice. His job was to shed light, and not to master. RIP, Jerry From hfinney at shell.portal.com Sat Aug 12 02:35:47 1995 From: hfinney at shell.portal.com (Hal) Date: Sat, 12 Aug 95 02:35:47 PDT Subject: "S1" encryption system Message-ID: <199508112127.OAA06516@jobe.shell.portal.com> From: Carl Ellison > Has it already been observed that the key scheduling repeats keys every > 5 rounds? There have been a couple of good messages on sci.crypt, one by Colin Plumb and one by Thomas Jakobsen. The latter mentioned something similar re key scheduling. I hadn't noticed it. Chalk up another apparent weakness. Hal From an264373 at anon.penet.fi Sat Aug 12 03:19:08 1995 From: an264373 at anon.penet.fi (Sauroth) Date: Sat, 12 Aug 95 03:19:08 PDT Subject: Purple Boxes Message-ID: <9508121008.AA10417@anon.penet.fi> > it would be called the "purple box" because I have not heard > of any other devices called "purple boxes" (i.e. this string > in the "colorful" hacker namespace does not seem to be used up yet) > and also the famous WWII compromised japanese diplomatic codes > were called Purple. Actually quite a few hackers/phreaks have been encrypting phone conversations for a while. Not by any complex mathematics but simple modifications to the phone frequencies...Don't have any sites handy but for those interested I'll look up some of my old material. I'll also check a large compendium of boxes to see if Purple has been designated. Anyone interested in box plans of different colors e-mail me. Sauroth ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From frissell at panix.com Sat Aug 12 04:42:56 1995 From: frissell at panix.com (Duncan Frissell) Date: Sat, 12 Aug 95 04:42:56 PDT Subject: EU Data Protection In-Reply-To: Message-ID: On Fri, 11 Aug 1995, Timothy C. May wrote: > Think about it: the name "data privacy" sounds good, at first blush, but > what it really means is that my records are not private, that my records > are inspectable by government agents to see if I have stored any illegal > facts or correlations. > In addition to registering records and making all records "public records" in some sense, data potection acts also require the registration of *computers.* DCF "Register commies not computers." From futplex at pseudonym.com Sat Aug 12 04:58:38 1995 From: futplex at pseudonym.com (Futplex) Date: Sat, 12 Aug 95 04:58:38 PDT Subject: Nym server development.... Message-ID: <9508121158.AA20379@cs.umass.edu> This seems as good a time as any to forward the full text of this to the list. At worst, Alpha is a solid proof-of-concept of a possible "nym server" model. IMHO it's actually much better than that. I strongly recommend reading the below before asking basic questions about the workings of Alpha.... -Futplex Forwarded message: > Date: Sat, 12 Aug 1995 04:41:01 -0700 > X-Last-Updated-Date: Jan 9 1995 > From: help at alpha.c2.org (Automated reply) > Subject: Info on anonymous account service @alpha.c2.org > Reply-To: admin at alpha.c2.org > > This mail message was sent automatically in response to the message you > sent to help at alpha.c2.org > > This system allows you to create a pseudonymous address of the format > username at alpha.c2.org. For security, all messages are encrypted with PGP. > > To create a mail alias, first create an encrypted reply-block for a > cypherpunk-style remailer. An encrypted reply block is a message > encrypted with a remailer's PGP public key, which will be sent to > your address, or to an address where you can receive messages. > > To create a reply block, you would create a message for a remailer that > goes back to you: > > :: > Request-Remailing-To: you at yoursite.org > > Then you would encrypt that with a remailer's public key, and prepend > the necessary Encrypted: PGP header. When this message is received by > a remailer, it would decrypt it and send it to you. It would also send > you any text appended to the end (outside the PGP wrapper). Thus, using > a reply block, it is possible for people to send you mail without knowing > your real address. > > Next, choose a pseudonym and a password. The pseudonym-address may contain > any alphabetical or numeric characters, or hyphens. The password may not > contain any spaces. Then create a message of the following format: > > From: yourname at alpha.c2.org > New-Password: Your_Password > Reply-Block: > :: > Anon-To: remailer at xs4all.nl > > :: > Encrypted: PGP > > -----BEGIN PGP MESSAGE----- > Version: 2.3a > > hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg > /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2 > OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA > AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB > cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp > vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw== > =Bla3 > -----END PGP MESSAGE----- > > Do not actually indent it; that's just for example purposes. > Encrypt this with the following public key and mail it to > alias at alpha.c2.org. Unencrypted mail sent to this address > will be deleted automatically. If everything is correct, your > mail alias will be created, and you will be sent a confirmation. > If not, there will be no way for the software to reply to you, > so the message will be deleted. If you don't receive anything, > something is wrong, so try again. Be sure to test the reply > block first, so that you will know it works! Also, don't forget > to include the address of the remailer, and the Encrypted: PGP > header at the beginning of your reply block. > > Here is the public key: > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6 > > mQCNAi7K8rQAAAEEAMiK09Nd+NfaL4Q14bKT0Ivdj3MdbCjAG6Cs5ULYBS1ZWSLA > KiHsm0+kPNHqBVOufN7FT2iK0Mbuyk+dZgHG6ScicDkImysRkmso7eh5c9mU9V8K > M0+ImKJyOwgVLEgyRK5e4h2XHpwSTtpx3zZpk4CsexLGCQNXF+ikm236U0rNAAUR > tCpQc2V1ZG9ueW1vdXMgUmVtYWlsZXIgPGFsaWFzQGFscGhhLmMyLm9yZz4= > =xmQf > -----END PGP PUBLIC KEY BLOCK----- > > > When mail comes in for your address at alpha.c2.org, it will be > encrypted with Your_Password, using pgp -cta, appended to the reply > block and sent to remailer at alpha.c2.org. Be sure that you have > the Encrypted: PGP header, and the address of the next remailer > it is to be sent to! All messages are held and sent out in random > order once an hour. > > If you later wish to change your password, send an encrypted message to > alias at alpha.c2.org containing a From: line with your nickname, a > Password: line with your current password, and a New-Password: line > containing your new password. If the old password is correct, the > password will be changed to the new one. For example: > > From: Dan_Quayle > Password: Bush > New-Password: Clinton > > You can also include a new Reply-Block. > > A mail alias can be deleted at any time by setting the password to nothing. > (Send a password change request with nothing following the 'New-Password:') > > > Sending messages > > Once you have created a working address, you can send mail from that address. > Simply create a message with standard mail headers, and add your password > in a Password header. > > From: jdoe at alpha.c2.org (John Doe) > Password: foobar > To: alt.anonymous at demon.co.uk > Subject: hello world > > This is my message. > > The message would be delivered as shown, minus the Password: header. > If the password is not correct, the message is discarded. > > > Troubleshooting > > Here are some common problems. If you're having trouble, check the > following list: > > - Be sure to use -t option with PGP > - Test your reply block and be sure it works! > - If you are having trouble creating a certain address, perhaps > you already created it, but used the wrong reply block > or a different password. > - Usenet posts require a Subject: header. > - Messages to alias at alpha.c2.org must be encrypted with PGP > Be sure you use the correct PGP key; remailer at alpha.c2.org > has a different one. > > > Problems may be reported to admin at alpha.c2.org > > For more information about Community ConneXion, > telnet to c2.org and login as guest, or if you have a WWW browser: > http://www.c2.org/ > From perry at panix.com Sat Aug 12 05:35:08 1995 From: perry at panix.com (Perry E. Metzger) Date: Sat, 12 Aug 95 05:35:08 PDT Subject: IPSEC goes to RFC In-Reply-To: <9508111351.AA04381@toad.com> Message-ID: <199508121234.IAA03887@panix4.panix.com> "Peter Trei" writes: > Don Eastlake has actually done a draft RFC on > using the DNS for key distribution. Its more than a draft -- at this point it is very clearly standards track. Note that the document in question only covers security for the DNS itself, but the side effect is that you've built all the mechanisms you need for general key distribution. Don is now working on the certificate formats. > It may be found at > > ftp://ietf.cnri.reston.va.us/internet-drafts/draft-ietf-dnssec-secext-04.txt > > He briefed the W3C security working group about > this recently, and a number of people raised objections, notably > > * database bloat > * zone transfer bloat > * increased hits on root servers due to a new class of inquiry. As I've noted, given the actual in-field experience of Hesiod, I'm not in the least worried. .pm From jya at pipeline.com Sat Aug 12 06:23:03 1995 From: jya at pipeline.com (John Young) Date: Sat, 12 Aug 95 06:23:03 PDT Subject: YOM_ama Message-ID: <199508121322.JAA13154@pipe2.nyc.pipeline.com> 8-13-95. Sunday NYPaper: "Bigger Than the Family, Smaller Than the State: Are voluntary groups what make countries work?" [Book review] Mr. Fukuyama has shifted his attention from the state to society; the result is a fascinating and frustrating book, "Trust: The Social Virtues and the Creation of Prosperity." We have settled on the structure of the state, he writes, but "liberal political and economic institutions depend on a healthy and dynamic civil society for their vitality." In the world of ideas, civil society is hot. It is almost impossible to read an article on foreign or domestic politics without coming across some mention of the concept. And "civil society" has bipartisan appeal; from Hillary Rodham Clinton to Pat Buchanan, politicians of all stripes routinely sing its praises. Behind much of the new interest in civil society, on the part of communitarians as well as social conservatives, is the idea that culture and society shape the nature of government. But the space between the realm of government and that of the family can be filled with all kinds of associations, liberal and illiberal. Historians have amply laid out how the Nazi Party made its first inroads through infiltrating local groups. On a less extreme note, many of the small groups that have formed in America over the last two decades have been thoroughly illiberal in spirit: victims' groups that have discouraged individual responsibility, minority clubs that have Balkanized the campus and the workplace, pseudoreligious cults with violent agendas. Not all of civil society is civic minded. A report on Timothy J. McVeigh's civil life noted that Mr. McVeigh and Terry and James Nichols, would go bowling and plan their future. But perhaps we would all have been better off if Mr. McVeigh had gone bowling alone. YOM_ama (about 14K) From rah at shipwright.com Sat Aug 12 07:05:54 1995 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 12 Aug 95 07:05:54 PDT Subject: e$: Reuters Smells the Coffee Message-ID: --- begin forwarded text Mime-Version: 1.0 Date: Sat, 12 Aug 1995 00:01:58 From: infocker at megaweb.com Sender: infocker at megaweb.com () (from unknown.aol.com 205.188.2.111) To: www-buyinfo at allegra.att.com Subject: Cyber Economy--Govts. Cannot Control Thought Mr. Hettinga might particularly appreciate this perspective. Jim Rapp Alexandria, Virginia "give me more info" As always, do not send the copyright police after me. LONDON - Growing business on the Internet computer network could allow companies and individuals to avoid taxes and build up a black economy increasingly out of range of government intervention and regulation, computer experts say. People will be able to download computer programs from Philadelphia to Paris or buy books from Madrid in Manila, avoiding export or import duties and sales taxes, as well as bypassing government trade statistics. "Electronic purses," loaded from banks down telephone lines, could become the favored means of payment for fast, anonymous and secure payments, with currencies of choice becoming more exotic, depending on what is acceptable to dealmakers. "Cyberdollars," expatriate U.S. currency zapping across telephone lines between computers, could add to problems posed for authorities by existing funds outside national borders. Deals on the Internet are mainly completed by credit card at present. But electronic purses could lead to a buildup of currency beyond the control of governments and central banks, further limiting their influence on economies and markets and making traditional monetary tools like interest rates less effective. "Online business will involve much more economic activity outside the control and ambit of government," Madsen Pirie, director of the Adam Smith Institute, a right-wing British think-tank, told Reuters. "Government will have to limit its ambitions. Just like governments in the modern world find it difficult to have exchange control; they can't control billions of dollars of cash sloshing around foreign exchange markets," he said. Business is fairly modest now but will increase exponentially, Pirie forecasts. The U.S. Commerce Department has said electronic cash will account for 20 percent of U.S. purchases by 2005, up from just over 4 percent last year and compared with just over 16 percent forecast by 2000. Leaders of the information technology industry believe that the embryonic stage is over and are wary of government action, which they feel might inhibit growth. Analysts reckon that any attempt to regulate cybermarkets is likely to be futile. The Adam Smith Institute's Pirie agrees, predicting: "Governments will fail if they try to control this. They always have when they try to hold back the way history is going." - - - - - Copyright, Reuters America Inc. All rights reserved --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From perry at alpha.jpunix.com Sat Aug 12 08:28:01 1995 From: perry at alpha.jpunix.com (John A. Perry) Date: Sat, 12 Aug 95 08:28:01 PDT Subject: Mix-L is now archived.. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hello Everyone, I added archiving to the mix-l mailing list on jpunix.com. All messages entered as of 08/12/95 will be available for archive. Additionally, the various information files for Mixmaster including the public keyring and the list of type 2 remailers are also available through Majordomo on jpunix.com. John Perry - KG5RG - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by mkpgp, a Pine/PGP interface. iQEVAwUBMCzIOaghiWHnUu4JAQG3vwf+OHUWveagC7EXNWSDe8ij93403+dZ2ilL Tdqz8Bnf/FnA146xHZazyI9kIAiq0+w2ZHXubgPQA4tAZ6dssS79LbxTXx7woreh +s/5siqoPwz27piEPWhw/JtfOev4O7tVGAn3LfVbau3ooIBtSSJsp3K2JD/2Si+J xuGt67SRfCgcFYoEsp8bupzolQis6TGXt3yOQqhp6ZipLXkDwSqHdIaaL1Xd3LTi 4q56PqKQT1AkaYybmcX/KniV5F+rlLU9M3nYf10LZRXac7ll8BxYv3ugPsKpDs/H ySDwu6or9aVBcEaqgJ5T41Pe+a3sIPxL9Px/ZJlHZCQno1+0+5Ej8Q== =vN+3 -----END PGP SIGNATURE----- From tcmay at got.net Sat Aug 12 09:42:30 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 12 Aug 95 09:42:30 PDT Subject: Significance of PGPFone? Message-ID: Steve Bryan asks about the potential significance of the new PGPFone: At 8:59 PM 8/11/95, Steve Bryan wrote: >Am I the one of the few who thinks that PGPFone is the biggest CypherPunk >event for years? I think it will be even more significant if we get strong >encryption Hard to say how significant it is. Some points: * Nautilus has been out for a while....after a splash of publicity when it appeared, not much has been heard recently. * E-mail and the Net are fundamentally different from voice communication. Encrypting or signing messages in text form is different from encrypting voice communications between two parties. (The eventual large use of encryption is likely to be driven by digital payment schemes, proof of signed contracts, etc. In other words, non-voice applications.) * Wiretapping of voice communications is fundamentally a different sort of problem than interecepting cleartext of e-mail and Net interactions. This is a point Whit Diffie makes cogently, that it's much easier for packet-sniffers to automate surveillance at the touch of a key than it is to order audio lines to be tapped. (Quibblers may cite increasing automation, causing some convergence, but the point remains that voice conversations must still be recorded, listened to, etc., whereas computer text messages may be more easily analyzed.) * Most of my voice communications are with nearby folks, for various reasons, and I doubt I'll be rushing to encrypt them anytime soon (or expect the other party to). * The versions of PGPFone, Nautilus, etc., that run on the Internet (as opposed to modem-to-modem phone calls) will be extremely interesting because of the pricing structure..."free" phone calls anywhere. (Some people are doing this already, of course, and the telcos are starting to notice.) * I have a Macintosh, so I'm planning to get it and try it out. This may change my views of things. But, to be honest, I'm fearful of the "when you have a hammer, everything looks like a nail" syndrome: that when I find someone else who has PGPFone I'll find reasons to call them just to test the functioning. Needless to say, this is not reason enough to keep on using it. * Anecdotally, most people I know who have "secure phones" use them only occasionally. Several people have said variants of "I only used it to test it to see if it was working." It's not obvious to me that things will be much different with even more casual users such as most of us are. * It is a fact that the people most motivated to use crypto are the ones with the most to fear from an anticipated threat. Thus, Pablo Escobar's "crew" will likely deploy such tools, where Joe Suburban probably won't. (The arguments sometimes made, that Mafiosos and Colombian drug cartels are "too stupid" to use crypto are vitiated by the ease-of-use which these new crypto tools are designed to have....also, corner drug dealers who some might think to be illiterate are typically the earliest adopters of cellular phones, pocket pagers, and whatnot.) (Don't flame me for stating the obvious. I'm not advocating restrictions on crypto, or invoking the Four Horsemen of the Infocalypse.) * Finally, I have a "fax modem" on my Macintosh, as many of you do. Guess what? I went and got a real fax machine. Lots of reasons. First, my fax modem had to be installed just right...if inits or preferences got subtly shifted, it stopped working properly. Second, sending things was a bitch. (Had to have the scanner up and working, which was not often, etc.) Third, robustness. This is relevant to the cryptophone issue because many folks believe only the "bump in the cord" model--where the crypto module is just a bump in the phone cord--will work for most people. Most users will not have their 486 + SoundBlaster + other stuff set up and working for routine phone calls. (Configurations changing, various OSes, etc.) (The Internet versions make it more advantageous to use one's computer, so I have more hope for them than I do for modem-to-modem versions. Incorporating a voice communication module into other programs--telnet?--might be an idea. And Java and HotJava fit in somehow....) So, I hope to get PGPFone when it appears, but I'm not convinced it'll be the biggest revolution imaginable. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Sat Aug 12 09:56:20 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 12 Aug 95 09:56:20 PDT Subject: Purple Boxes Message-ID: At 10:08 AM 8/12/95, Sauroth wrote: >Actually quite a few hackers/phreaks have been encrypting phone >conversations for a while. Not by any complex mathematics but >simple modifications to the phone frequencies...Don't have any >sites handy but for those interested I'll look up some of my old >material. I'll also check a large compendium of boxes to see if >Purple has been designated. Anyone interested in box plans of >different colors e-mail me. And the "simple modifications to the phone frequencies" points to why such things are not "strong crypto." At best, security through obscurity. At worst, self delusion. It gets back to the threat model. If the threat model is interception by the neighborhood kids, then schemes for frequency-hopping, scrambling, "warbling," and PhasorPhone-like diddling are OK. If the threat model is the local police department tapping one's phone, probably not enough, as they likely can gain access to the E-Systems DigiTrac 6700 and trivially unscramble the signal. Long term, only robust, strong crypto works (Michael Handler's "civil liberties through complex mathematics"). --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From shamrock at netcom.com Sat Aug 12 10:16:21 1995 From: shamrock at netcom.com (Lucky Green) Date: Sat, 12 Aug 95 10:16:21 PDT Subject: PRZ encrypted voice software release imminent Message-ID: <199508121713.NAA14198@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199508120857.BAA11361 at ix5.ix.netcom.com>, stewarts at ix.netcom.com (Bill Stewart) wrote: >Yes, lots of us aren't using modems faster than 14400 now, but you can get a >14.4/19.2 modem at Fry's for well under $100. (19.2 is unfortunately >not quite enough to 16 kbps, given start and stop bits, unless you do >synchronous [...] >Anybody who needs to avoid government or business-competitor eavesdroppers >can probably >afford $150 in extra hardware for their PC. > >This doesn't apply to international communications or folks in the boonies, >where it's hard to get full performance out of modems, so you Commie >spies and Earth First!ers will need more expensive high-tech equipment :-)... Here is my usually plea to anyone designing a computer telephony application that uses modems: please always include a low bandwidth codec! I am on a brand new DMS-100 and have new lines running from the CO to my house. I can still not go over 9600bps. My only alternative is ISDN, which isn't just another $150, but $1000. Please give the user a choice of codecs that allows for minimization of the requirenments alony _any_ of the three axis of the perfomance cube. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMCzhMCoZzwIn1bdtAQFKXAGAoS3CU0svmkGps3khnqS+tblUR5te9iV9 p6Ifw9jeQlkL0T7uA8W1DUWKE7M4s+O6 =o9A4 -----END PGP SIGNATURE----- From shamrock at netcom.com Sat Aug 12 10:21:39 1995 From: shamrock at netcom.com (Lucky Green) Date: Sat, 12 Aug 95 10:21:39 PDT Subject: Purple Boxes Message-ID: <199508121719.NAA14221@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <9508121008.AA10417 at anon.penet.fi>, an264373 at anon.penet.fi (Sauroth) wrote: >Actually quite a few hackers/phreaks have been encrypting phone >conversations for a while. Not by any complex mathematics but >simple modifications to the phone frequencies...Don't have any >sites handy but for those interested I'll look up some of my old >material. This is encryption of the type that, as Bruce Schneier would say, prevents your little sister from listening in on your phone call. Trivial to break. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMCziXSoZzwIn1bdtAQFLaQGA2e01U8TnIReKoNnq6UuUJsTvsfYK2tVk f0By3gfne/eGlUJDPyIGXJ+tnuAKAilh =N+fX -----END PGP SIGNATURE----- From mab at crypto.com Sat Aug 12 10:30:21 1995 From: mab at crypto.com (Matt Blaze) Date: Sat, 12 Aug 95 10:30:21 PDT Subject: Still more "S-1" foolishness In-Reply-To: <199508112206.SAA27354@crypto.com> Message-ID: <199508121738.NAA05367@crypto.com> I wrote: >Here's a table of where the expanded key schedule bits come from >(I think - this could be wrong, I had to tweek some of the output >by hand). Note that some key bytes are used much more often, and >in more positions, than others, but every key byte does at least >end up being used as input to each F eventually (but not always to >each "target" byte). > >Sorry for the opaque notation; this reads best when used in conjunction >with Colin's cool graph that he posted to sci.crypt last night. > Whoops - there was a bug in my understanding of what was going on that conspired with a bug in my table generation program to make everything wrong. Here's the correct table, for those interested. Sorry for the noise. -matt R | | G0 G1 F+0 F+1 F+2 F+3 (this key byte is input to this fn) O bytes| R+4 R+5 R+2 R+3 R+0 R+1 (key byte is mixed with this block byte) U |enc-| all all R+6L R+6H R+7L R+7H (output affects this byte) N |rypt| 0 1 2 3 4 5 (key schedule byte #) D |ed |LLHH LLHH LLHH LLHH LLHH LLHH (posn of orig key byte in sched byte) ====================================== 0 76 5831 9425 5362 4738 8492 5038 1 10 1497 5081 1928 0394 4058 1694 2 32 7053 1647 7584 6950 0614 7250 3 54 3619 7203 3140 2516 6270 3816 4 76 9275 3869 9706 8172 2836 9472 5 10 5831 9425 5362 4738 8492 5038 6 32 1497 5081 1928 0394 4058 1694 7 54 7053 1647 7584 6950 0614 7250 8 76 3619 7203 3140 2516 6270 3816 9 10 9275 3869 9706 8172 2836 9472 10 32 5831 9425 5362 4738 8492 5038 (number indicates position in schedule 11 54 1497 5081 1928 0394 4058 1694 of original key bytes; an entry 12 76 7053 1647 7584 6950 0614 7250 "5678" means key bytes 5 and 6 are 13 10 3619 7203 3140 2516 6270 3816 in the low order position of this 14 32 9275 3869 9706 8172 2836 9472 schedule entry and bytes 7 and 8 15 54 5831 9425 5362 4738 8492 5038 are in the high order position. Bytes 16 76 1497 5081 1928 0394 4058 1694 are first run through an F functuon 17 10 7053 1647 7584 6950 0614 7250 and XORd with each other to create 18 32 3619 7203 3140 2516 6270 3816 the schedule nibble.) 19 54 9275 3869 9706 8172 2836 9472 20 76 5831 9425 5362 4738 8492 5038 21 10 1497 5081 1928 0394 4058 1694 22 32 7053 1647 7584 6950 0614 7250 23 54 3619 7203 3140 2516 6270 3816 24 76 9275 3869 9706 8172 2836 9472 25 10 5831 9425 5362 4738 8492 5038 26 32 1497 5081 1928 0394 4058 1694 27 54 7053 1647 7584 6950 0614 7250 28 76 3619 7203 3140 2516 6270 3816 29 10 9275 3869 9706 8172 2836 9472 30 32 5831 9425 5362 4738 8492 5038 31 54 1497 5081 1928 0394 4058 1694 From nobody at c2.org Sat Aug 12 10:34:29 1995 From: nobody at c2.org (Anonymous User) Date: Sat, 12 Aug 95 10:34:29 PDT Subject: Stupid XOR Question Message-ID: <199508121705.KAA23345@infinity.c2.org> ok dumb questions here......... how do i xor a simple string of plaintext? I am running linux 1.2.4 From cme at clark.net Sat Aug 12 11:15:53 1995 From: cme at clark.net (Carl Ellison) Date: Sat, 12 Aug 95 11:15:53 PDT Subject: Stupid XOR Question Message-ID: <199508121815.OAA19928@clark.net> >Date: Sat, 12 Aug 1995 10:05:16 -0700 >From: Anonymous User >Subject: Stupid XOR Question >ok dumb questions here......... > >how do i xor a simple string of plaintext? > In C, you open file f and while (((c = getc(stdin))!=EOF)&&((d = getc(f))!=EOF)) putc(c^d, stdout) ; If I remember correctly, Adam Back has a signature block for the full C program to do this. It's that tiny. In a way, that program is better than RSA in 3 lines of PERL. It's provably unbreakable (provided the ranno source, f, is used only once and is truly random). +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From mark at unicorn.com Sat Aug 12 11:26:10 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Sat, 12 Aug 95 11:26:10 PDT Subject: IPSEC goes to RFC Message-ID: Is this solely a US effort, or is any work being done outside the US ? If there is, I might be able to help out at least for the next couple of months. Mark P.S. Thanks for your work on this, Perry... From jamesd at echeque.com Sat Aug 12 12:01:49 1995 From: jamesd at echeque.com (James A. Donald) Date: Sat, 12 Aug 95 12:01:49 PDT Subject: Bank Fees and E-Cash Message-ID: <199508121900.MAA19501@blob.best.net> At 02:53 PM 8/11/95 -0400, Tatjana vonBernhardi wrote: > you have surpassed yourself in assumption here. > > your hope that e-cash will some how reduce bank fees is a long stretch. Eventually people will bypass the banks, directly transferring funds to each other. This will reduce the banks fees to zero. The banks will gradually lose control of the indecently lucrative funds transfer business, and have to go to the bread and butter business of borrowing short and lending long, and evaluating credit worthiness, and providing guarantees of payment. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jya at pipeline.com Sat Aug 12 14:45:15 1995 From: jya at pipeline.com (John Young) Date: Sat, 12 Aug 95 14:45:15 PDT Subject: Richelson's Latest Message-ID: <199508122145.RAA05323@pipe3.nyc.pipeline.com> Jeffrey T. Richelson has a new book: A Century of Spies: Intelligence in the Twentieth Century. Oxford University Press, New York, 1995, 534 pp., $30.00. ISBN 0-19-507391-6. Jacket copy: "Richelson covers the crucial role of spy technology from the days of Marconi and the Wright Brothers to today's dazzling array of Space Age satellites, aircraft, and ground stations. He provides portraits of spymasters, spies and defectors ... the 'black magic' of U.S. and British codebreakers. A final chapter probes the still-evolving role of intelligence in the new world of disorder and ethnic conflict, from the high-tech wonders of the Gulf War to the surprising involvement of the French government in industrial espionage." Blurb: "This is the missing book -- the primer -- on the craft of intelligence. It is a highly informed briefing, set in historical persepctive, by the best of the spy watchers." -- William E. Burrows, author of "Deep Black." -- Watchers of spy watchers will recall Richelson's excellent, "The U. S. Intelligence Community," and other fine work on spy satellites and Soviet intelligence. From tcmay at got.net Sat Aug 12 15:16:57 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 12 Aug 95 15:16:57 PDT Subject: Richelson Doesn't Know C (was Re: Richelson's Latest) Message-ID: At 9:45 PM 8/12/95, John Young wrote: > Jeffrey T. Richelson has a new book: > > A Century of Spies: Intelligence in the Twentieth Century. > Oxford University Press, New York, 1995, 534 pp., $30.00. > ISBN 0-19-507391-6. This is all well and good, for ciphergroupies, BUT WHAT DOES IT HAVE TO DO WITH CODING IN C? :-} Seriously, I've read (or used as a reference) Richelson's books. His book on U.S. Intelligence Agencies had a lot of good stuff on the more obscure agencies, and is a great supplement to Bamford. At least some cryptographers think this stuff is useful, as Whit D. borrowed my copy for several months. I look forward to getting this new one! --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From ericande at linknet.kitsap.lib.wa.us Sat Aug 12 16:46:44 1995 From: ericande at linknet.kitsap.lib.wa.us (Eric Anderson) Date: Sat, 12 Aug 95 16:46:44 PDT Subject: F*** FOSTER In-Reply-To: <199508102345.BAA14099@utopia.hacktic.nl> Message-ID: This Foster (And other conspiracy) BS is totally boring and old. I joined this list to learn from people how to use PGP and other crypto. I would just LOVE to learn how to setup PGP on WIN NT and WIN `95 for all my buddies so we can work towards MASS DEPLOYMENT. ANYONE who wants to talk about THAT can e-mail me at: ericande at linknet.kitsap.lib.wa.us O.K. I'll admit that conspiracies ARE fun party talk, but jeez! people, it is getting MORE than a little stale. P.S. Why don't we just quit monkeying around W/ this "Export PGP 3 lines at a time" stuff? Just do what I do: Get a fakename acct. @ your local library, UUencode the PGP.ZIP file and send it to ANYONE with a foreign net.tag at random. I've been doing this for about 6 weeks now and I've probably gotten 5 or 6 hundred copies out by now. Love, eric From jya at pipeline.com Sat Aug 12 16:54:00 1995 From: jya at pipeline.com (John Young) Date: Sat, 12 Aug 95 16:54:00 PDT Subject: SOW_gut Message-ID: <199508122353.TAA09469@pipe1.nyc.pipeline.com> 8-13-95. NYPaper: "Not-So-Lethal Weapons: Items from the police catalogue, coming soon to a precinct near you." Cops "have the same basic options when confronting a Rodney King," said David Boyd of the National Institute of Justice. "They can talk him into cooperating, beat him into submission or shoot him. If they had an alternative to a conventional firearm, they would probably buy it, chortle and club him harder." Law engorgement is emerging as a virtually untapped arena for high-tech tomfoolery. Out-of-work federal laboratories are cooking up new Trekkie weapons. N.I.J., the research honeypot of the US DoJ, has become a sort of Home Shopping Network for LEA's, taking their porky arms dreams to the desperado labs dreaming de Guerra Frio. The result: a host of goofy not-at-all-cheap Edsels and wipesnots: Sticky Foam (SNL); Rear-Seat Air Bag (IENL); Millimeter Wave Camera (LLNL); Smart Gun (SNL); Magic Fingerprinting Wand (Alaska State Crime Lab); Snare Net (Foster-Miller); Strobe Goggles (LLNL); Backscatter X- Ray Scanner. SOW_gut From kelly at netcom.com Sat Aug 12 18:43:54 1995 From: kelly at netcom.com (Kelly Goen) Date: Sat, 12 Aug 95 18:43:54 PDT Subject: First Source release SKIP Implementation shows up Message-ID: <199508130141.SAA11710@netcom.netcom.com> ------- Forwarded Message Return-Path: skip-info at tik.ee.ethz.ch Return-Path: Received: from ktik0 by mail4.netcom.com (8.6.12/Netcom) id UAA10299; Fri, 11 Aug 1995 20:12:46 -0700 Errors-To: caronni at tik.ee.ethz.ch Reply-To: skip-info at tik.ee.ethz.ch Originator: skip-info at tik.ee.ethz.ch Sender: skip-info at tik.ee.ethz.ch Precedence: bulk From: Germano Caronni Subject: SKIP (Security on the IP Layer) Sources X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas - -----BEGIN PGP SIGNED MESSAGE----- Hello everybody, the Swiss version of SKIP is now available as a pre-alpha source code release for IRIX, NetBSD, Nextstep and Solaris. You may get it from ftp://ktik0.ethz.ch/~ftp/pub/packages/skip. Have fun, Germano Excerpt from the README: ======================================================================== This is ENskip, pre-alpha 0.10. ENskip is a security module for the TCP/IP stack. It provides encryption, authentication and sequencing of packets on the IP layer between two or more machines. For more information on the SKIP protocol, see the Internet Draft draft-ietf-ipsec-aziz-skip-00.txt and following. You might also want to check http://skip.incog.com for information about the background, the protocol itself and future directions of it. ENskip is pre-alpha. If you are not absolutely sure what this is all about, you might want to read the draft, and perhaps reconsider using this package. No bug-fixes, installation help or any other support is granted. If you have any suggestions, comments or contributions to make ENskip work better, mail to skip at tik.ee.ethz.ch. Enjoy! M. Hauber and Ch. Schneider G. Caronni ======================================================================= - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMCwX8rH8jId7euXhAQEJ4gP9EiwqFbUQI7XsLRDmZidFdzGHsTk2CQYx GnDBM9Z5F117UDd5NLyK99h2QVuffjK9LxMd4KbTrO5gwKM/OeZHoJTdkfQHb3mN FJrg++hWlrTggrrv6mPQuB2j4TzbsHwed2uLN/f9HmImFQtZ5UPqIUgTueJy5DDa 3DKmCVnpsfU= =sjb1 - -----END PGP SIGNATURE----- ------- End of Forwarded Message From jamesd at echeque.com Sat Aug 12 19:26:59 1995 From: jamesd at echeque.com (James A. Donald) Date: Sat, 12 Aug 95 19:26:59 PDT Subject: Euro Comm Adopts Privacy Directive (NewsClip) Message-ID: <199508130226.TAA11553@blob.best.net> At 09:45 PM 8/11/95 -0500, Anonymous wrote: > > > European Commission Adopts Privacy Directive > > Brussels, Aug. 11, -- The European Commission is now well on > its way towards affording a high level of protection to > personal data held on computer systems, following the formal > adoption of a Directive on the protection of personal data, > Newsbytes has learned. This is an even greater threat to privacy and rights than it appears. In addition to the fact that enforcing such a law in a world where everyone has computers would require massive government intrusion, one must also consider the objective, the intent of such a law. The intent of course is to limit what we are permitted to know of each other. In a world where contracts are largely enforced by reputations, (for example your visa card), governments can suppress freedom of contract by suppressing what information is available. For example bankruptcy laws that violate freedom of contract are in part enforced by controlling what information credit bureaus are permitted to keep. Indeed such restrictions are the major goal of existing restraints on credit bureaus. So not only does this law require extensive violation of freedom and privacy, the intent is also violation of peoples rights. Both ends and the necessary means are, as usual, similar. In the long run I do not think such laws can be effective unless governments use the same means to suppress privately computer mediated communication as the Chinese Empire used to suppress private paper mediated communication. (The Chinese not only made paper a state monopoly, but they also castrated anyone with knowledge of paper making so that the knowledge would not be passed from father to son.) This very vigorous enforcement did not hold back the tide for ever, but it held it back for a long time. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jamesd at echeque.com Sat Aug 12 19:26:59 1995 From: jamesd at echeque.com (James A. Donald) Date: Sat, 12 Aug 95 19:26:59 PDT Subject: EU Data Protection Message-ID: <199508130226.TAA11550@blob.best.net> At 08:13 PM 8/11/95 +0100, Derek Bell wrote: >In message <199508041840.OAA01729 at clark.net>, Ray Cromwell writes: > What worries me about the *lack* of some form of data protection >legislation is that is allows someone to build up a database of information >which is a mishmash of truth, misunderstandings and lies. How would you feel if >"Concerned Citizens against Cryptography" compiled a list of all members >of this list, branding them as `dangerous, possibily criminal subversives'? It is called freedom of speech and freedom of association. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jya at pipeline.com Sat Aug 12 19:52:49 1995 From: jya at pipeline.com (John Young) Date: Sat, 12 Aug 95 19:52:49 PDT Subject: MS BuoysTBS to Buy CBS? Message-ID: <199508130252.WAA01288@pipe1.nyc.pipeline.com> Here is an amusing AP headline from 8:30 PM EDT. Anybody know if it's a joke, or care? Microsoft Reportedly Considers Buying $1 Billion To $2 Billion Stake In Turner Broadcasting; Deal Would Help Turner Make Bid For CBS. From vznuri at netcom.com Sat Aug 12 19:54:36 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sat, 12 Aug 95 19:54:36 PDT Subject: some points on weak codes Message-ID: <199508130240.TAA26066@netcom8.netcom.com> various points have been made about the undesirability of weak voice scrambling mechanisms. I'd like to advance the position that the use of trivially-broken codes is better than no codes at all, as long as the owner is aware of the distinction. one of the goals of cypherpunks is not necessarily to get a secure world (that is a *long* term goal), but to get a world in which people are aware of the issues that cypherpunks are interested in. Encryption, privacy, etc. now, along these lines, even a widespread trivially broken code penetration would be better than none at all. this is a similar concept to that advocated by someone else on this list, namely PRZ's manual that talks about how you shouldn't use PGP on a shared system, and how you should only exchange keys in person, as being a little to extreme for the common man, for whom insecure crypto, along with the *understanding* that it is not totally secure. I think everyone here agrees on long term goals of widespread encryption penetration. but one way to bridge that gap is to just have "toy crypto". I see this deroated frequently on the list but it is probably a very, very valuable public relations mechanism. I mean, it's hard to imagine that in politics that distributing little plastic symbols called "buttons" would have any social effect, yet it has persisted since the invention of buttons. things like a cheap "purple" kit, promoted by the cypherpunks, not foolproof but easy to build and cheap to buy, would advance the agenda in the long run in a very valuable way. what we need to do is give people a variety of options to the interested public laypeople, just like Ford and that anecdote demonstrates. are we saying, "you can have any crypto that you want, as long as the NSA can't break it in 1000 years"? that's the equivalent of saying, "you can have any car you want, as long as its black". we must resist the illusion that there are only 2 kinds of crypto: insecure or secure. there is a continuum of crypto, and casual users should not have to worry about the capabilities of the NSA. IMHO we are sabotaging our main goals, launching into a deep discussion of the NSA's supercomputers and the theory of numbers whenever a newbie asks about what is available. again, weak crypto is probably better than no crypto in most cases, just because it helps improve public awareness. people can't even comprehend the idea of what is "weak" or what is "strong" until they even have a mental framework of what they are dealing with. ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^ \ / ~/ |\| | | |> | : : : : : : Vladimir Z. Nuri : : : : \/ ./_.| | \_/ |\ | : : : : : : ftp://ftp.netcom.com/pub/vz/vznuri/home.html From stewarts at ix.netcom.com Sat Aug 12 22:31:15 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 12 Aug 95 22:31:15 PDT Subject: Significance of PGPFone? Message-ID: <199508130528.WAA13866@ix8.ix.netcom.com> At 09:51 AM 8/12/95 -0700, you wrote: >* Finally, I have a "fax modem" on my Macintosh, as many of you do. Guess >what? I went and got a real fax machine. Lots of reasons. First, my fax >modem had to be installed just right...if inits or preferences got subtly >shifted, it stopped working properly. Second, sending things was a bitch. >(Had to have the scanner up and working, which was not often, etc.) Third, >robustness. We've got a box sitting next to the laser printer that receives faxes and prints them on real paper, which is more reliable (and quieter and lower-powered) than leaving the computer on, though it does require leaving the printer on. But for outgoing faxes, much of what I send is from the computer anyway, so it's less of a problem (though, without a scanner, I'm more likely to only fax stuff that I generated on the computer than drive to Kinkos...) Perhaps we also need to build PGPfax? #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- Storyteller makes no choice - soon you will not hear his voice. His job was to shed light, and not to master. RIP, Jerry From rsalz at osf.org Sat Aug 12 22:35:24 1995 From: rsalz at osf.org (Rich Salz) Date: Sat, 12 Aug 95 22:35:24 PDT Subject: IETF working to define a public key infrastructure Message-ID: <9508130535.AA12801@sulphur.osf.org> Help define the internet's web of trust model ... >From: "warwick (w.s.) ford" Message-Id: <"21210 Sat Aug 12 15:15:59 1995"@bnr.ca> To: pem-dev at tis.com, cat-ietf at mit.edu, ipsec at ans.net, e-payment at cc.bellcore.com, www-security at ns2.rutgers.edu, ietf-payments at cc.bellcore.com, pki-twg at nist.gov Subject: Proposal for New IETF WG on PKI Over the past couple of weeks, a group of interested individuals has been putting together a proposal for a new IETF Working Group to develop Internet standards for an X.509-based public-key infrastructure. The result is the draft WG Charter attached below. Since plans were announced last year to form this WG (and to shut down the PEM WG) it is considered reasonable to start up the new WG without the usual preliminary BOF at the next IETF. Steve Kent and I have offered our services to co-chair this group, and Chandra Shrivastava has offered to run a mailing list. The following mailing list has now been established for discussion of this proposal: ietf-pkix at tandem.com. To subscribe to the mailing list, send a messsage to listserv at tandem.com with the following in the body: subscribe ietf-pkix Warwick Ford -------------------------------------------------------------------- Public-Key Infrastructure (X.509) Group IETF Working Group Charter --------------------------------------- Chair(s): Applications Area Director(s) Area Advisor: Mailing lists: General Discussion: To Subscribe: In Body: Archive: Description of Working Group: Many Internet protocols and applications which use the Internet employ public-key technology for security purposes and require a public-key infrastructure (PKI) to securely deliver public keys to widely-distributed users or systems. The X.509 standard constitutes a widely-accepted basis for such an infrastructure, defining data formats and procedures related to distribution of public keys via certificates digitally signed by certification authorities (CAs). RFC 1422 specified the basis of an X.509-based PKI, targeted primarily at satisfying the needs of Internet Privacy Enhanced Mail (PEM). Since RFC 1422 was issued, application requirements for an Internet PKI have broadened tremendously, and the capabilities of X.509 have advanced with the development of standards defining the X.509 version 3 certificate and version 2 certificate revocation list (CRL). The task of the Working Group will be to develop Internet standards needed to support an X.509-based PKI. The goal of this PKI will be to facilitate the use of X.509 certificates in multiple applications which make use of the Internet and to promote interoperability between different implementations choosing to make use of X.509 certificates. The resulting PKI is intended to provide a framework which will support a range of trust/hierarchy environments and a range of usage environments (RFC1422 is an example of one such model). Candidate applications to be served by this PKI include, but are not limited to, PEM, MOSS, GSS-API mechanisms (e.g., SPKM), ipsec protocols, Internet payment protocols, and www protocols. This project will not preclude use of non-infrastructural public-key distribution techniques nor of non-X.509 PKIs by such applications. Efforts will be made to coordinate with the IETF White Pages (X.500/WHOIS++) project. The group will focus on tailoring and profiling the features available in the v3 X.509 certificate to best match the requirements and characteristics of the Internet environment. Other topics to be addressed potentially include: - Alternatives for CA-to-CA certification links and structures, including guidelines for constraints - Revocation alternatives, including profiling of X.509 v2 CRL extensions - Certificate and CRL distribution options (X.500-based, non-X.500-based) - Guidelines for policy definition and registration - Administrative protocols and procedures, including certificate generation, revocation notification, cross-certification, and key-pair updating - Naming and name forms (how entities are identified, e.g., email address, URN, DN, misc.) Goals and Milestones: Sep, 95 Agreement on draft Working Group charter Nov, 95 Completion of initial strawman PKI specification Dec, 95 First Working Group meeting (Dallas IETF) Jul, 96 Submit PKI (X.509) specification for consideration as Proposed standard. From rjc at clark.net Sun Aug 13 01:13:26 1995 From: rjc at clark.net (Ray Cromwell) Date: Sun, 13 Aug 95 01:13:26 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: Message-ID: <199508130813.EAA02621@clark.net> > > At 14:42 8/11/95, Ray Cromwell wrote: > > >I would like to see a secure voice communication protocol that is divorced > >from the particular details of the algorithms used (although a > >base level of some voice compression technique + DES + RSA will have to > >be used) That way, new and better algorithms can be dropped in depending > >on the network used (modem, ipx, tcp/udp, etc) and the bandwidth required > >(CELP vocoder, MPEG-audio, lossless encoding, progressive PCM, etc) > > The codec used is at the very core of any computer telephony system. A > standard that doesn't specify the codec(s) can be little more than a > standard on message formats, which will be of little value if the other > side doesn't implement the same codec. Uh, that's why you define a base level of support like I said. This same arguments applies to all communications technology, such as secure ip, e-mail standards, etc. You always have a base defined to insure something to fall back on. that has absolutely nothing to do with my comments which are directed at developing an open standard for inteoperability that allows other algorithms to be sused rather than locking everyone into a particular codec. The codec is irrevelent, it's cement in the foundation, but the design of the house is more important to the end user. The message protocol and application level is much more important because it controls 1) how easy it is to create applications, and 2) how those competing applications can interoperate with each other. These supports a rich market with lots of interoperating "phones". on the other hand, a poorly designed protocol will lead to a market dominated by one or two proprietary players that is hard to upgrade when better capabilities come out later, or new demands are made. There are other reasons to abstract above codecs, for instance, a lot of codec algorithms are patented or trademarked, so that if a program is "welded" to any particular codec, you create hassles for application developers who can't use non-open algorithms. Finally, abstracting above the codecs allows competition between codec developers ( a sub market) whereas a design that locks in one particular codec pretty much forces price competition only. -Ray From rjc at clark.net Sun Aug 13 01:29:18 1995 From: rjc at clark.net (Ray Cromwell) Date: Sun, 13 Aug 95 01:29:18 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: <199508112143.OAA02837@comsec.com> Message-ID: <199508130829.EAA04681@clark.net> [stuff about tuning algorithm to channel characteristics] > > None of this says that you shouldn't also optimize for the packetized > case too. I think that you can negotiate the right behavior at start > up time based on detected channel characteristics. I think that the > biggest impact is in the framing overhead, or lack of it. > > You are always trading off bandwidth, speech quality and MIPs. I agree with this, but it is still possible to do all this through an abstract interface layer. One can "query the line characteristics" of a transmission layer and then limit the selection of algorithms based on those characteristics. Example: we have a class TransmissionLayer, and two derived classes "syncrhonouslayer" and "asynchronouslayer" (subclass as appropriate). Note, no underlying link type is being refered to. It could be a network or a modem. Now we have a bunch of algorithms (codecs), CodecA is optimized for a synchronouslayer with atleast 16kpbs. CodecB for asynchronous packet networks. At the application layer, the user chooses a way of connecting. The application instantly picks the best codec (supported by both ends) for that transmissionlayer. it alo updates the user interface automatically, e.g. displaying a "half duplex" mode for one type of link, or "conference call' for another. Some types might not support all encryption types because of cpu limits (also detected) There's no reason this could not be programmed. It would also be highly portable, highly maintainable, and more easily adoptable. Direct-to-hardware hardwired algorithm software is good for proof of concept. But I'm thinking ahead, to a time when a multimedia protocol will be just another transport layer ontop of which cool applications are running. (like http+mime runs over TCp) -Ray From jya at pipeline.com Sun Aug 13 06:17:29 1995 From: jya at pipeline.com (John Young) Date: Sun, 13 Aug 95 06:17:29 PDT Subject: EYE_see Message-ID: <199508131317.JAA15824@pipe4.nyc.pipeline.com> 8-13-95. NYPaper: "One Source, Many Ideas In Foster Case: Publisher Bankrolls Cover Up Theories." The theory of a Vincent Foster murder and a cover-up has been promoted by a handful of foundations and publications united by a common denominator: the money of Richard Mellon Scaife. "The death of Vincent Foster: I think that's the Rosetta Stone to the whole Clinton Administration," said Mr. Scaife, a newspaper publisher with half a billion dollars in the bank, during a two-hour interview. EYE_see (about 5K) From Andrew.Spring at ping.be Sun Aug 13 06:37:42 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Sun, 13 Aug 95 06:37:42 PDT Subject: No Subject Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Anonymous says .... >will someone just CUT THE @#$%^&* FOSTER CONSPIRACY THEORIES?? >I'm getting F---ING SICK AND TIRED of all the BULL**** that and says.... >any good drill instructer. oh yes, so many of you pansies >need to get into a serious digital BOOT camp. learn some real and says... >"mind masturbating and drug fondling" parties every few >days with all the Hoi Poilloi Holier-Than-Thou pricks of >the world, the "cum of the net" ejaculating all over each >other, hehehehehehe what a bunch of effeminate nobodies... and says... >the most scurrilous swine for taking up PARRY's time with >your filling up this mailing list with GARBAGE? TRASH? >EXCREMENT? ODIOUS EFFLUVIA??? don't you know that it cuts and says... >UNIX SOFTWARE AND HOW TO WRITE A CORRECT DNS LOOKUP VIA >SOCKET LIBRARIES. are we cypherpunks, or cypherprogrammers? >GET A CLUE, PEOPLE. and says... >I'M GOING TO MAILBOMB THE WHOLE LIST. that'll teach the >@#$^%^&* bastards to mess with MY VALUABLE TIME. I say: Anonymous, you could learn to relax a little. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMC0LjI4k1+54BopBAQGGBwQAgovXJ5zJKFWs8h/hdwOW91MT22BBZwCf jo9WRwzuM2x6C2cDPM5ti5V0CNEG5RY64jXbd6By4At5ALN1Y671Mb2Eh51c9K6R EjG0Ihm1um0Knv50fsta0UqcH5r9YHl1AZAVAe2f7xPPYBA6M/0f5S7KUGhfcOgX yqX8pM5pKOI= =efaH -----END PGP SIGNATURE----- -- Thank you VERY much! You'll be getting a Handsome Simulfax Copy of your OWN words in the mail soon (and My Reply). PGP Print: 0529 C9AF 613E 9E49 378E 54CD E232 DF96 Thank you for question, exit left to Funway. From shamrock at netcom.com Sun Aug 13 12:00:44 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 13 Aug 95 12:00:44 PDT Subject: Why does the feed always get hosed on a weekend? Message-ID: <199508131858.OAA23027@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- It seems that everytime majordomo goes down is on a weekend. Why is that? - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMC5K9yoZzwIn1bdtAQH3igF+OiLvo0hfV8cGyATot6QF82UZVVc8JMTm yfoD6JSv0bUondWXt/4kVk/cUzEWFOz7 =/FnW -----END PGP SIGNATURE----- From caronni at tik.ee.ethz.ch Sun Aug 13 13:03:53 1995 From: caronni at tik.ee.ethz.ch (Germano Caronni) Date: Sun, 13 Aug 95 13:03:53 PDT Subject: SKIP (Security on the IP Layer) Sources Message-ID: <199508132003.WAA02584@ktik6> -----BEGIN PGP SIGNED MESSAGE----- Hello everybody, I am not in the cyberpunks mailing list, but I feel you might perhaps be interested in this: the Swiss version of SKIP is now available as a pre-alpha source code release for IRIX, NetBSD, Nextstep and Solaris. You may get it from ftp://ktik0.ethz.ch/~ftp/pub/packages/skip. Have fun, Germano Excerpt from the README: ======================================================================== This is ENskip, pre-alpha 0.10. ENskip is a security module for the TCP/IP stack. It provides encryption, authentication and sequencing of packets on the IP layer between two or more machines. For more information on the SKIP protocol, see the Internet Draft draft-ietf-ipsec-aziz-skip-00.txt and following. You might also want to check http://skip.incog.com for information about the background, the protocol itself and future directions of it. ENskip is pre-alpha. If you are not absolutely sure what this is all about, you might want to read the draft, and perhaps reconsider using this package. No bug-fixes, installation help or any other support is granted. If you have any suggestions, comments or contributions to make ENskip work better, mail to skip at tik.ee.ethz.ch. Enjoy! M. Hauber and Ch. Schneider G. Caronni ======================================================================= - -- <...cookie space for rent...> Germano Caronni caronni at tik.ee.ethz.ch http://www.tik.ee.ethz.ch/~caronni PGP-Key-ID:7B7AE5E1 997C6DC4AF930A5D2D5D6AEAA196C33B -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMC5akrH8jId7euXhAQE2ugQApLxGxEyzZ3+dj+nC/QSoW97fErMevWcY pJ96Ge2Jk6Ct06qMgIsuQCEY8/SA9iZX4VYe7Pmg/orvc2kStgs3ApeV97ocLoWo 8YzFRH06K/X6Vrrps8vSBy0vtUD2FGQWvbiUviNDnN2O2kf7FqyoNbX3lIzdHQBF NVhs/+bMqHQ= =gozW -----END PGP SIGNATURE----- From hayden at krypton.mankato.msus.edu Sun Aug 13 13:34:14 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sun, 13 Aug 95 13:34:14 PDT Subject: Who Else is Reading your Email? (From Cu Digest, #7.67) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Normally, I don't like reposting things to this list. However, I am going to report this from the most recent version of CuD, because I think it hits a very important nail right on the head. Not just that PGP is going, but it puts all of the terms we on this list have been bantering around for the last couple of years into ones that laymen can understand. I sincerely thing that this is the kind of push we need to make as a whole to bring about social change on the net (and social change is what is needed). Ie, PGP is good because 1) it keeps people from reading your email (like an envelope) and 2) it makes sure nobody forges your messages by allowing you to digitally sign them. Anyways, sorry for the report, please flame lightly :-) - --------------------------------------------------------------------- Date: Wed, 09 Aug 1995 19:25:49 -0400 From: kkc at INTERLOG.COM(K.K. Campbell) Subject: File 1--Who Else is Reading your Email? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ eye WEEKLY June 29 1995 Toronto's arts newspaper .....free every Thursday ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ eye.NET eye.NET WHO ELSE IS READING YOUR EMAIL? Part 1 of a 2-part series on PGP by K.K. CAMPBELL I recently conducted an overseas interview with a "computer security person at a highly sensitive facility." Mr. Security explained that the potential misuse of the computer resources of this site was a serious concern, a danger to thousands. This instilled in him a peppery dash of paranoia about who was using what machine for what purpose. In discussing this, the name of a certain, rather net.famous individual arose. I was surprised to learn this individual was well-known in international security circles. This individual is considered a "risk." I was informed that this person's email is "monitored." To spell it out: people were reading and collecting all the email the "risk" wrote. Without the target's knowledge. Without any form of warrant. Most netters think such intrusion involves someone "hacking a password." Wrong. When you hit the "send" command for email, your missive seems to (poof!) magically appear in the recipient's mailbox. Person to person. The ultimate intimacy. Wrong again. Email is actually passed through a number of computers. The operator of one of those machines can effortlessly read your email. Any one who "breaks into" such a machine can inspect your mail. Once in, they can tamper with files so that all your email is copied to another location, without you being aware of it. But not everyone wants to "break into" a computer. In the above case, email was copied "in transit." When email is transferred from machine to machine, it is made readable. So if you intercept a copy (through "sniffers"), you can read it. Everything this individual had written over the last couple of years has apparently been intercepted and read. His file is huge. With Canada news media in a tizzy about "regulating the net," how long before CSIS requests funds to start collecting posts with buzzwords in the network data flow? POSTCARDS It should be the first lesson every newbie learns: email ain't secure. An email is like a postcard: it travels through the many sets of hands in delivery and any set of hands can read it if so inclined. Most postal employees don't, for two reasons: there is so much mail they haven't the time, and most postcards are so boring, who the hell wants to? The same goes with the system administrators who oversee the shunting around of all your cyberscribbling. Most don't snoop, but some do. Need I remind you that, er, sysadmins are not a monolithically mature-and-well-adjusted breed imbued with highly developed moral principles... What can you, the lowly downtrodden, rights-less end-user, do? You have three strategies: -- no precautions: who cares if anyone reads what you write/receive; -- minimal coding, easy to crack, but enough to stop casual snoops -- kind of like "virtual envelopes"; and -- PGP. PGP stands for Pretty Good Privacy -- a humble title to be sure, considering that the U.S. government/military wants to ban the thing. And why? Because PGP has the power to thwart their zillion-dollar spy efforts by imbuing everyday folk with the cryptographic might of the best "puzzle palaces" around the world. The elegantly powerful encryption device is the offspring of Colorado resident Phil Zimmermann (prz at acm.org). He basically took all the (very public) papers on cryptography, stirred it together and voil=E1: instant "threat to democracy" -- if you buy the government/military propaganda. (More on Zimmermann and the cryptographic spook backlash next issue [below].) What PGP does is solve that decades old spy/cryptography dilemma: How can one send secure messages to absolute strangers over an insecure medium? PGP exploits two historical developments: -- home computers gave commoners the computational power to use the sophisticated cryptography algorithms; and -- the advent of public key encryption in the late '70s bade farewell to Ilya Kuryakin and Napoleon Solo. Computers were originally designed (back in World War II) to be sophisticated code breakers. Today, government/military bureaucracy (especially in the U.S.) still operate with that attitude: computer cryptography is a military weapon. In those Cold War days, the only way to send secure messages over insecure channels (telegraphs, phones, mail, etc.) was to first deliver a "cryptographic key" via secure channels. The key was something like a little code book; the secure delivery channel was usually a dour-faced courier with a black bag handcuffed to his wrist. "Deliver this or die doing so, 007..." BE AN INTERNATIONAL ARMS DEALER! Governments and mega-corps could afford to send satchel-toting couriers overseas, but us proles had little hope of doing that. So citizens were always vulnerable to mail-opening, phone-tapping spooks. PGP uses two keys -- a public key and a secret key. Anyone can use your public key to encrypt a message to you, and only you can then decrypt it with your secret key. As long as your secret key remains secret, no one can read that message -- not even the person who encrypted. The idea is to spread your public key around in Key Exchanges, like phone books. For details on this complex subject, try _PGP: Pretty Good Privacy_ by Simson Garfinkel (O'Reilly & Assoc., http://www.ora.com, $29.95 paper). Or _The Computer Privacy Handbook_ (Peachpit Press, http://www.peachpit.com/peachpit, $31.95 paper). Both go beyond technical details and delve into the sociopolitical issues around privacy. Where can you get PGP? All around the world. PGP is freeware -- you can use it endlessly without cost. But remember: The U.S. State Department export restrictions classify cryptographic materials to be munitions. Exporting it from the U.S. is a serious matter. For those uninterested in becoming international arms smugglers, do an Archie search for "PGP" or try Toronto's Interlog at ftp://ftp.interlog.com/pub/pgp . Read newsgroups alt.security.pgp and sci.crypt for discussions. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMC5FqjokqlyVGmCFAQEIogQAqMhbVQnCI9ElX0rVYQO/7cuY+YWqLQhh 9bZOsis9Tfp2ko9KJ9Dpek8wHo/I3ODCPbY3flxwE/q6ogU1DJvJXYzWtc7fmbOH QI2038hRnnt8bsMei/WQEunuo5iGCAzrTuOG/PkfkB2GsM4/5b6jaHlWCCSIdGoz JzyXt0dMJoE= =kR1W -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.0 GED/J d-- s:++>: a-- C++(++++) ULU++ P+! L++ E---- W+(-) N++++ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G++++>$ e++ h r-- y++** ------END GEEK CODE BLOCK------ From hayden at krypton.mankato.msus.edu Sun Aug 13 14:27:43 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sun, 13 Aug 95 14:27:43 PDT Subject: Who Else is Reading your Email? (From Cu Digest, #7.67) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I'm resending this message because I think it's important and because the list went down again but appears to be back up now. :-) ======================================================================== Normally, I don't like reposting things to this list. However, I am going to report this from the most recent version of CuD, because I think it hits a very important nail right on the head. Not just that PGP is going, but it puts all of the terms we on this list have been bantering around for the last couple of years into ones that laymen can understand. I sincerely thing that this is the kind of push we need to make as a whole to bring about social change on the net (and social change is what is needed). Ie, PGP is good because 1) it keeps people from reading your email (like an envelope) and 2) it makes sure nobody forges your messages by allowing you to digitally sign them. Anyways, sorry for the report, please flame lightly :-) - --------------------------------------------------------------------- Date: Wed, 09 Aug 1995 19:25:49 -0400 From: kkc at INTERLOG.COM(K.K. Campbell) Subject: File 1--Who Else is Reading your Email? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ eye WEEKLY June 29 1995 Toronto's arts newspaper .....free every Thursday ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ eye.NET eye.NET WHO ELSE IS READING YOUR EMAIL? Part 1 of a 2-part series on PGP by K.K. CAMPBELL I recently conducted an overseas interview with a "computer security person at a highly sensitive facility." Mr. Security explained that the potential misuse of the computer resources of this site was a serious concern, a danger to thousands. This instilled in him a peppery dash of paranoia about who was using what machine for what purpose. In discussing this, the name of a certain, rather net.famous individual arose. I was surprised to learn this individual was well-known in international security circles. This individual is considered a "risk." I was informed that this person's email is "monitored." To spell it out: people were reading and collecting all the email the "risk" wrote. Without the target's knowledge. Without any form of warrant. Most netters think such intrusion involves someone "hacking a password." Wrong. When you hit the "send" command for email, your missive seems to (poof!) magically appear in the recipient's mailbox. Person to person. The ultimate intimacy. Wrong again. Email is actually passed through a number of computers. The operator of one of those machines can effortlessly read your email. Any one who "breaks into" such a machine can inspect your mail. Once in, they can tamper with files so that all your email is copied to another location, without you being aware of it. But not everyone wants to "break into" a computer. In the above case, email was copied "in transit." When email is transferred from machine to machine, it is made readable. So if you intercept a copy (through "sniffers"), you can read it. Everything this individual had written over the last couple of years has apparently been intercepted and read. His file is huge. With Canada news media in a tizzy about "regulating the net," how long before CSIS requests funds to start collecting posts with buzzwords in the network data flow? POSTCARDS It should be the first lesson every newbie learns: email ain't secure. An email is like a postcard: it travels through the many sets of hands in delivery and any set of hands can read it if so inclined. Most postal employees don't, for two reasons: there is so much mail they haven't the time, and most postcards are so boring, who the hell wants to? The same goes with the system administrators who oversee the shunting around of all your cyberscribbling. Most don't snoop, but some do. Need I remind you that, er, sysadmins are not a monolithically mature-and-well-adjusted breed imbued with highly developed moral principles... What can you, the lowly downtrodden, rights-less end-user, do? You have three strategies: -- no precautions: who cares if anyone reads what you write/receive; -- minimal coding, easy to crack, but enough to stop casual snoops -- kind of like "virtual envelopes"; and -- PGP. PGP stands for Pretty Good Privacy -- a humble title to be sure, considering that the U.S. government/military wants to ban the thing. And why? Because PGP has the power to thwart their zillion-dollar spy efforts by imbuing everyday folk with the cryptographic might of the best "puzzle palaces" around the world. The elegantly powerful encryption device is the offspring of Colorado resident Phil Zimmermann (prz at acm.org). He basically took all the (very public) papers on cryptography, stirred it together and voil=E1: instant "threat to democracy" -- if you buy the government/military propaganda. (More on Zimmermann and the cryptographic spook backlash next issue [below].) What PGP does is solve that decades old spy/cryptography dilemma: How can one send secure messages to absolute strangers over an insecure medium? PGP exploits two historical developments: -- home computers gave commoners the computational power to use the sophisticated cryptography algorithms; and -- the advent of public key encryption in the late '70s bade farewell to Ilya Kuryakin and Napoleon Solo. Computers were originally designed (back in World War II) to be sophisticated code breakers. Today, government/military bureaucracy (especially in the U.S.) still operate with that attitude: computer cryptography is a military weapon. In those Cold War days, the only way to send secure messages over insecure channels (telegraphs, phones, mail, etc.) was to first deliver a "cryptographic key" via secure channels. The key was something like a little code book; the secure delivery channel was usually a dour-faced courier with a black bag handcuffed to his wrist. "Deliver this or die doing so, 007..." BE AN INTERNATIONAL ARMS DEALER! Governments and mega-corps could afford to send satchel-toting couriers overseas, but us proles had little hope of doing that. So citizens were always vulnerable to mail-opening, phone-tapping spooks. PGP uses two keys -- a public key and a secret key. Anyone can use your public key to encrypt a message to you, and only you can then decrypt it with your secret key. As long as your secret key remains secret, no one can read that message -- not even the person who encrypted. The idea is to spread your public key around in Key Exchanges, like phone books. For details on this complex subject, try _PGP: Pretty Good Privacy_ by Simson Garfinkel (O'Reilly & Assoc., http://www.ora.com, $29.95 paper). Or _The Computer Privacy Handbook_ (Peachpit Press, http://www.peachpit.com/peachpit, $31.95 paper). Both go beyond technical details and delve into the sociopolitical issues around privacy. Where can you get PGP? All around the world. PGP is freeware -- you can use it endlessly without cost. But remember: The U.S. State Department export restrictions classify cryptographic materials to be munitions. Exporting it from the U.S. is a serious matter. For those uninterested in becoming international arms smugglers, do an Archie search for "PGP" or try Toronto's Interlog at ftp://ftp.interlog.com/pub/pgp . Read newsgroups alt.security.pgp and sci.crypt for discussions. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMC5SVDokqlyVGmCFAQFaVQP/ZhMQ76OKza2p8Peo6ywghqcfGtqv9aM4 VQesZ0BHq2hAFPQUCWP2iR3shdnSTdtZgYutYzwrnlpVe+CLtpy7+zIRBWscGWVP W2je/CiWcpmrmtnA0d71Kp7bkPcpRJCo9l8CGyktjUKQMRsz5spRidtBOw+/Dm8g 7HhNw0DTdEU= =8ZlA -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.0 GED/J d-- s:++>: a-- C++(++++) ULU++ P+! L++ E---- W+(-) N++++ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G++++>$ e++ h r-- y++** ------END GEEK CODE BLOCK------ From jya at pipeline.com Sun Aug 13 16:02:25 1995 From: jya at pipeline.com (John Young) Date: Sun, 13 Aug 95 16:02:25 PDT Subject: EYE_see Message-ID: <199508132302.TAA05634@pipe4.nyc.pipeline.com> 8-13-95. NYPaper: "One Source, Many Ideas In Foster Case: Publisher Bankrolls Cover Up Theories." The theory of a Vincent Foster murder and a cover-up has been promoted by a handful of foundations and publications united by a common denominator: the money of Richard Mellon Scaife. "The death of Vincent Foster: I think that's the Rosetta Stone to the whole Clinton Administration," said Mr. Scaife, a newspaper publisher with half a billion dollars in the bank, during a two-hour interview. EYE_see (about 5K) From adept at minerva.cis.yale.edu Sun Aug 13 16:30:32 1995 From: adept at minerva.cis.yale.edu (Ben) Date: Sun, 13 Aug 95 16:30:32 PDT Subject: Q's on Number Theory/Quadriatic Residues Message-ID: <199508132330.AA08361@minerva.cis.yale.edu> I've been trying to get myself up to speed on some of the protocols in _Applied_Cryptography_ and my woeful lack of number theory is showing through crystal clear. While a course on number theory is in the works for the fall, right now, I'm sort of curious and would appreciate any sort of response I can get to the following questions from those of you to whom number theory is not as much of a stranger. 1)In AC on page 293 in the section on the Feige-Fiat-Shamir, there is a chart which lists the residues, their inverses and their square roots, all modulo 35. The chart, which I have reproduced below, baffles me--at least the part for the square roots: -1 -1 v v sqrt(v ) 1 1 1 4 9 3 9 4 2 11 16 4 16 11 ***9 29 29 ***8 ***How are these square roots? 9 is certainly not the square root of 11, nor is 8 the square root of 29, even modulo 35. 2)By the same token, on the previous pages Schneier uses the expression (1/v), which I take to mean "the quantity one divided by the value -1 of v", while the example expresses it as (v ) which I take to mean "the inverse of v." Are these two expressions interchangeable or is this something that I should have found in the errata? 3)Speaking of errata, where can I find a copy? 4)Now, going back to the number theory, I've got a few more questions re: quadriatic residues. a)On page 293, the residues are listed as, "the possible quadriatic residues" Is it possible to predict the possible quadriatic residues, or is an exhaustive search of the values from on the interval [1,n] necessary to find the quadriatic residues of modulo n? 5)From what does Feige-Fiat-Shamir derive its security? Obviously not discrete logs, but I'm not sure I understand the protocol sufficiently to be able to see where it derives its security. To those of you who aren't interested, thanks for reading so far, and with this we return you to your regularly scheduled conspiracy rants, personal attacks, and other random nonsense. To those of you who can respond, any assistance is appreciated. Ben. *********************************************************************** Ben Samman Samman at cs.yale.edu I'm on vacation now, so e-mail will recieve a latency of +/- 24 hours. PGP Key available from keyservers From warlord at ihtfp.org Sun Aug 13 17:48:10 1995 From: warlord at ihtfp.org (Derek Atkins) Date: Sun, 13 Aug 95 17:48:10 PDT Subject: Q's on Number Theory/Quadriatic Residues In-Reply-To: <199508132330.AA08361@minerva.cis.yale.edu> Message-ID: <199508140047.RAA26889@ihtfp.org> > -1 -1 > v v sqrt(v ) > 16 11 ***9 > 29 29 ***8 > > ***How are these square roots? 9 is certainly not the square root of > 11, nor is 8 the square root of 29, even modulo 35. Bzzt! Try Again. If you use bc, you will notice that 9^2 mod 35 == 11 and 8^2 mod 35 == 29... You should go take your number theory class! > 81%35 > 11 > 64%35 > 29 > mean "the inverse of v." Are these two expressions interchangeable > or is this something that I should have found in the errata? Yes. It is the multiplicative inverse. This is very basic math. Go re-read your 7th-grade algebra book: v^(-1) == 1/v Take your number theory class, and if you can't figure out after that, re-ask the questions. -derek From samman at cs.yale.edu Sun Aug 13 18:19:52 1995 From: samman at cs.yale.edu (Ben) Date: Sun, 13 Aug 95 18:19:52 PDT Subject: Q's on Number Theory/Quadriatic Residues Message-ID: <199508140119.AA14883@minerva.cis.yale.edu> At 05:47 PM 8/13/95 PDT, Derek Atkins wrote: >> -1 -1 >> v v sqrt(v ) >> 16 11 ***9 >> 29 29 ***8 >> >> ***How are these square roots? 9 is certainly not the square root of >> 11, nor is 8 the square root of 29, even modulo 35. > >Bzzt! Try Again. If you use bc, you will notice that 9^2 mod 35 == 11 >and 8^2 mod 35 == 29... You should go take your number theory class! Definitely. Is there an easy way to get from the 29 to the 8? I can see how it goes the other way, but what I didnt' see was how, if given 29, I could get the 8? (Euclid's?) > >> mean "the inverse of v." Are these two expressions interchangeable >> or is this something that I should have found in the errata? > >Yes. It is the multiplicative inverse. This is very basic math. Go >re-read your 7th-grade algebra book: > v^(-1) == 1/v Ok. I wasn't thinking of multiplicative inverse when doing this--I guess I wasn't in the right frame of mind. >Take your number theory class, and if you can't figure out after that, >re-ask the questions. I'll take the course, but you still needn't be so swarmy about it. Ben. *********************************************************************** Ben Samman Samman at cs.yale.edu I'm on vacation now, so e-mail will recieve a latency of +/- 24 hours. PGP Key available from keyservers From shamrock at netcom.com Sun Aug 13 18:23:16 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 13 Aug 95 18:23:16 PDT Subject: Bet e$ on how long it will take for PGPFone to make it overseas! Message-ID: <199508140120.VAA24979@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- To loosen up the often so serious discussions on the list, I propose a little game. PGPFone's release is about a week away. PRZ is trying his hardest to keep it from being exported. Still, I have the feeling that some irresponsible cyphercriminal will break US law and export PGPFone anyway. Let us bet cyberbucks on how long it will take for this crime to happen. Here is my initial offer: I bet e$50 that PGPFone will have been exported 24 hours after its final release has been announced to this list. Who is willing to take the bet? Perhaps someone is willing to bet at less time? Have fun, - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMC6k0CoZzwIn1bdtAQExpwF+JN52E31iW2XIepF1eINcDLJIrxsyY+4Y Dkc8HTBQdKZch6RAah+MT8/Q2ALSIwgO =TpOg -----END PGP SIGNATURE----- From hayden at krypton.mankato.msus.edu Sun Aug 13 19:48:48 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sun, 13 Aug 95 19:48:48 PDT Subject: My pseudo-anonymous dream list Message-ID: -----BEGIN PGP SIGNED MESSAGE----- There was some talk on Friday about "nym" servers similar in operation to anon.penet.fi. I was meaning to provide some commentary on Friday, but it kinda got pushed back by a lazy weekend. Anyways, I wanted to toss some non-technical things into the fray about what I'd like to see in a good "nym" server. If you grow weary from my wish-rants, press 'd' now :-) ============== Anon.penet.fi is arguably one of the most used anonymous servers on the Internet. One of the chief reasons it is used so much by so many so often is because it is also the easiest to use. Posting to a newsgroup or mailing to another person is handled without having to think about anything. This is quite unlike most anonymous remailers which require quite a bit more work (for the lay person) for only one-way mailing. Any future remailers (and for the purpose of this message, assume "remailer" means a pseudo-anonymous remailing mechanism like penet.fi) will need to maintain the ease of use that penet.fi has. No messy headers of embedded command lines. Just send the message to an address and it's taken care of. There are, however, a great number of internal improvements that could be made that would both improve user-end usefulness AND improve overall security. 1) Multiple Remailers: I'd like to see multiple (maybe >12) remailers that utilize the same database, upgraded by batched processes once or twice a day or "broadcast" realtime to all the reamilers in the web (probably the latter is better). In this way, a person with a pseudo-ID of FOO, could be addressed as FOO at ANY of the remailers. The primary purpose of this is to allow easy chaining (see below), but it might also serve to distribute much of the load around the net. Penet.fi is grossly overloaded, so a solution to that needs to be found. 2) Encrypted Databases: One of the failings of anon.penet.fi that has been exploited by by various LEAs is the fact that the database of users is accessible by the operator. Any properly designed 'nym' server should have a totally encrypted database. Thus if your local LEA roams by demanding to know the name of the person associated with an ID, the best the operator can do is to give them a copy of the encrypted entry from the database (or, I suppose, the entire database :-) 3) Limited ID lifetime Another failing, IMHO, with penet.fi is that ID#'s have an unlimited lifetime. I think any remailer should limit the lifetime of any ID to no longer than 12 months, with six months being the default, and 3 months being an option (plus, of course, a manual cancelation on the part of the user). When an ID is expired, it is removed entirely from the database and NOT reissued again. 4) Chained Mailings Because you have many remailers operating, all messages should be randomly chained through them. Perhaps the default number of hops is three, with the user-definable of 1 to 20. This means that while I might send a message to alt.sex.abuse.recovery at anon.mit.edu, it might end up being posted from anon.berkeley.edu after passing through anon.umn.edu and anon.toad.com. It makes traffic analysis that much more difficult. Before a chaining is done, the remailer should ping the target remailer to make sure it is up, so that mail isn't sitting in the queue. All chained mail should also be encrypted. 5) Encryption/Signature Validation Any message that is emailed PGP signed should be validated by the remailer (with the User having to email in their public key as part of the registration process, if they so choose, or remailers can use the keyserver). If the signature is valid, a line is added in remailer information section to the effect of "Message PGP Validated" and then sent PGP signed by the remailer. (the original sender's PGP signature is removed). An encrypted message should simply be PGP Signed by the final remailer posted/emailed to the destination Because there are multiple remailers (chained), only the final remailer should sign the message. 6) Two-way This goes pretty much without saying. If I send mail to somebody or post to news through a remailer, the person who received the message should be able to reply to my anonymous mailbox and I get the message (signed, of course, by the remailer). 7) Option Validation In order to change any of the options on your ID (ie, the expiration date of your ID, or to expire it immediately, or to set the number of "hops" you want to chain through), you should have to submit a PGP Signed command message. Then, similar to a LISTSERV that confirms subscriptions and unsubscriptions, a message is sent back asking you to "ok" these changes. This return message is sent as PGP encrypted email to your public key. When you decode it, you are given a, say, 10digit code string that you need to mail back to confirm the changes. If you don't, it doesn't. This helps keep down spoofing of messages changing your options without your ok. It's not perfect, and isn't totally secure, but it will catch many. In addition, you encourage the use of PGP by requiring it for changing any options. You can still use the remailer without PGP, but you can't access the options and are stuck with the defaults. However, one item that should not be allowed to be changed is your email address. If you move from foo at blah.com to blah at foo.com, you need to get a new ID, and expire the old one (or it will die by itself within a year). 8) Robust Web of Remailers Remailers come and go daily. Any pseudo-anonymous remailer web needs to be able to handle that fact. Thus, a mechanism needs to be put into place to allow for easy adding of a new machine (if it's easy, more people will do it) with minimal maintanence. In addition, if a remailer disappears (say, because somebody caught wind of it and ordered the student to turn it off :-), the rest of the remailer web needs to be able to survive. Of course, that particular address will be dead, but with apprpriate FAQs posted around, people should be able to quickly find another address that uses the same database. 9) Proper PR This beeds to be properly advertised as well. Penet.fi, whether good or bad, has a reputation of being a breeding ground for law-breakers. Any web set up needs to be pushed as nothing more than a "P.O. Box" on the Internet or some such. In reality, nothing is different, but in the public light, it would work better. 10) There is no number 10 ===================== Hmm, guess that's about it. Comments are appreciated (really they are :-) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMC6dmTokqlyVGmCFAQFrdAP/c/tWh9EtobXW4mTWKaWf7B+uaLJjQ/fW UwTkJKIsZYsoj3fzeTMN4lLNd0x2sIJdB+uCduTCm6UFPzlYVa9GKk2TmO+odtvd 4sCjqnYb0JDmxSWO2lC6OW6GiswTabpCbJ/tq4eSMHXZkM/UYfN3HQjupDQ7nPny VpxcAlNHueQ= =IUA6 -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.0 GED/J d-- s:++>: a-- C++(++++) ULU++ P+! L++ E---- W+(-) N++++ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G++++>$ e++ h r-- y++** ------END GEEK CODE BLOCK------ From jirib at sweeney.cs.monash.edu.au Sun Aug 13 22:11:42 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Sun, 13 Aug 95 22:11:42 PDT Subject: Why break ITAR? (was: Bet e$ on how long it will take for PGPFone to make it overseas!) In-Reply-To: <199508140120.VAA24979@bb.hks.net> Message-ID: <199508140509.PAA22562@sweeney.cs.monash.edu.au> Hello cypherpunks at toad.com and shamrock at netcom.com (Lucky Green) ... > Still, I have the feeling that > some irresponsible cyphercriminal will break US law and export PGPFone > anyway. ... Fi! You would not suggest that anyone would do that, do you? There are other ways to get it out, no? For instance, shortly after it is out, call the police stating that your home was burgled. Items missing? A few disks of publicly-available freeware. So what? *The Security of the Nation is at risk!* Good luck! Jiri -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) From stewarts at ix.netcom.com Mon Aug 14 01:26:37 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 14 Aug 95 01:26:37 PDT Subject: Bet e$ on how long it will take for PGPFone to make it overseas! Message-ID: <199508140823.BAA14036@ix9.ix.netcom.com> At 09:20 PM 8/13/95 -0400, you wrote: >I bet e$50 that PGPFone will have been exported 24 hours after its final >release has been announced to this list. Who is willing to take the bet? >Perhaps someone is willing to bet at less time? Not a chance I'd take this bet! 1) My e$ haven't arrived.... 2) If there were a serious risk of you losing, I know you're a good law-abiding guy, but you might have a "friend" who would help you out by exporting it in a hurry :-) 3) 24 hours sounds like a reasonably safe upper limit for the export time. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- Storyteller makes no choice - soon you will not hear his voice. His job was to shed light, and not to master. RIP, Jerry From carolann at censored.org Mon Aug 14 02:00:21 1995 From: carolann at censored.org (UnCensored Girls Anonymous) Date: Mon, 14 Aug 95 02:00:21 PDT Subject: Bet e$ on how long it will take for PGPFone to make it overseas! Message-ID: <199508140859.BAA15661@mailhost.primenet.com> -----BEGIN PGP SIGNED MESSAGE----- 24 minutes was a more reasonably safe upper limit. I just wondered why Alex got to have all the fun! Maybe I should move across the water or something? >3) 24 hours sounds like a reasonably safe upper limit for the export time. ># Bill Stewart, Freelance Information Architect RIP, Mick RIP, Jerry Love Always, Carol Anne -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMC8QSIrpjEWs1wBlAQHEGAP+J+jnpkQGsSFYzc2zrZuDztjKEatcxiWK ShfjjYvfjZKRMyuk1A6vl3UjMKjZaevdLcC2slgRzzU2KKCclwM7rQLcmgTrJKkZ 4v71bKnqDxBqx8WlPAKjj8RhACy296X7KX2AqetmBLoZGl2dwCxzbuZ1l7Zw7pQ9 jeuahRi4raw= =lN/A -----END PGP SIGNATURE----- -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From jcaldwel at iquest.net Mon Aug 14 03:05:35 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Mon, 14 Aug 95 03:05:35 PDT Subject: How to launder money (internationally) (fwd) Message-ID: -------- Forwarded message -------- Date: Sat, 12 Aug 1995 13:37:24 est From: Gary Livermore To: Multiple recipients of list CHAT Subject: How to launder money (internationally) How dirty drug money is laundered internationally: [From National Geographic, Vol.183, No.1 Jan.1993, pg105] Titled: The Power of Money, by Peter T White, Asst. Editor, quoting his sources as the "Centre for International Documentation of Organized and Economic Crime, located in Cambridge, England. [begin this section] ================================================================== This as a real-life example: A U.S. organized crime group with a lot of hot cash forms a cozy relationship with the central bank of a British Commonwealth country. Diplomats of that country carry the cash out of the U.S. If it's $10,000 or more, they are supposed to report that to U.S. Customs, but they don't; they "externalize" the cash. It goes into the central bank and then into various dummy companies in different countries in return for shares in those companies. The money is thus "agitated," so it'll be just about impossible for investigators to follow. Then, to "repatriate" the money, dummy companies in the U.S. sell their worthless shares to investors in Britain - who are in fact in on the scam - and behold, the money is back in the U.S., clean! Now it buys legitimate businesses, banks, political power. An operation like this, involving highly placed officials, and businessmen, will cost quite a bit, maybe 35 percent, but once the system is in place, people will want to use it - not only drug profiteers but also arms dealers, terrorist organizations, intelligence agencies... A prime haven for such shady customers was BCCI, the Bank of Credit and Commerce International, headquartered in Luxembourg and the Cayman Islands with branches in 72 countries. It is said to have secretly controlled the First American Bank of Washington, D.C. After BCCI collapsed in 1991, having defrauded depositors of several billion dollars, it became known as the Bank of Crooks and Criminal International. ================================================================= [End, this section] Can you say Mena - Clinton - Whitewater, 3 times real fast?!? In the very next section, there is an interesting little number used by the bank/finance crowds, it's number "72". [begin this section] =========================================================== - the rule of 72. No one is certain who first developed the rule, but the principle is quite simple: Divide any number into 72 and the answer tells how long it will take for a sum to double in financial terms. Are you charged 18 percent interest on the unpaid balance of your credit card account? Eighteen goes into 72 four times - so the debt would double in four years. Say your annual raise is 6 percent; that number goes into 72 twelve times, so in twelve years your salary will double. The same holds true of any investment. And what if inflation runs at 6 percent a year? Then after a dozen years your money will be worth half as much, so in a sense you'll be back where you started. =============================================================== [end this section] Gee, now I wonder if the money-changers figured this into setting annual inflation rates! Kind of keeps the middle class down, and stuck in a rut. *****My footer********************************************************* "We conclude that the Reserve Banks are not federal instrumentalities for purposes of the FTCA (Federal Tort Claims Act), but are independent, privately owned and locally controlled corporations" Lewis v. U.S. F.2d (1982) *********************************************************************** ... Those who follow like sheep deserve to get fleeced. --- PPoint 1.92 * Origin: Arizona's West Coast. My Point, Exactly! (1:300/507.4) SEEN-BY: 102/975 106/64 108/155 124/4014 132/209 133/1007 138/179 147/3032 SEEN-BY: 203/8888 231/110 511 955 236/48 260/104 300/507 704 356/3 369/85 372/5 From jcaldwel at iquest.net Mon Aug 14 03:05:37 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Mon, 14 Aug 95 03:05:37 PDT Subject: Bet e$ on how long it will take for PGPFone to make it overseas! In-Reply-To: <199508140120.VAA24979@bb.hks.net> Message-ID: In article <199508140120.VAA24979 at bb.hks.net>, shamrock at netcom.com (Lucky Green) wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >To loosen up the often so serious discussions on the list, I propose a >little game. PGPFone's release is about a week away. PRZ is trying his >hardest to keep it from being exported. Still, I have the feeling that >some irresponsible cyphercriminal will break US law and export PGPFone >anyway. Let us bet cyberbucks on how long it will take for this crime to >happen. Here is my initial offer: >I bet e$50 that PGPFone will have been exported 24 hours after its final >release has been announced to this list. Who is willing to take the bet? >Perhaps someone is willing to bet at less time? I don't bet money but I'd bet a debit note of 1U$ that it'll happen after it appears in someones home directory, is multiply encrypted and anonymously mailed. I give it about 78msec after the recievers local hardware is done crunching for it to be on it's way. ;-) I say substantially less than 24hrs... Ayep. From remailer at flame.alias.net Mon Aug 14 03:41:24 1995 From: remailer at flame.alias.net (Flame Remailer) Date: Mon, 14 Aug 95 03:41:24 PDT Subject: Changes in Operation.. Message-ID: <199508141041.MAA10228@utopia.hacktic.nl> ATTENTION: The anonymous remailer operators at vishnu.alias.net and spook,alias.net have decided to activate the reordering option on both the Type-I (original cypherpunk) and Type-II (MixMaster). This means that there will be at least 5 messages in the outbound queue and they will be delivered randomly. From aba at dcs.exeter.ac.uk Mon Aug 14 03:49:09 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Mon, 14 Aug 95 03:49:09 PDT Subject: Australia crypto ill news: pointers Message-ID: <20465.9508141048@exe.dcs.exeter.ac.uk> The following URL was posted by Ross Anderson (the author of the article quoted in RISKS): http://commerce.anu.edu.au/comm/staff/RogerC/Info_Infrastructure/Orlowski.html This is a pointer for the full text of the Orlowski paper (the cause of much discussion on the future of crypto in Australia). Also Roger Clark's home page contains lots of interesting references for crypto policy, privacy, some info on CFP, etc, very interesting reading I found: http://commerce.anu.edu.au/comm/staff/RogerC/RogersHome.html Adam -- HAVE *YOU* EXPORTED RSA TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ --rsa--------------------------8<------------------------------- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 A short time ago on cpunks someone posted this pointer: http://www.votelink.com/ as there was a vote and associated discussion forum being offered on the subject of Phil Z, the (somewhat leading - incorrectly leading) question: "Should Phil Zimmermann be prosecuted for allowing release of his PGP encryption program on the Internet?" (The comment on leading question being prompted of course by the fact that Phil did not himself export PGP, nor put it on the internet, nor even put it on US BBSes. The way I understand the story was that a friend of Phil's posted the code to US BBSes, and that an unknown 3rd party posted it from there to the Internet. He is being investigated for "making PGP available in a form in which it could be exported", something different to what is implied by the question. In this light I find it difficult to understand how he could be held to have "allowed it's release on the Internet", something which even the State Department investigation is not I think accusing him of. Several people pointed this out in the discussion forum. A more accurate phrasing would perhaps have been: "Should Phil Zimmermann be persecuted for writing PGP?" but then that is no doubt biased in the opposite direction.) An interesting vote in any case, and the balance so far is: YES: 000,172 | ABSTAIN: 000,096 | NO: 001,508 The abstainers I think could be partly explained by the worry that the question was leading or incorrect, as this opinion was voiced in the discussion forum. Also an interesting thread was generated in the (WWW hosted) discussion forum about the legal problems implied by me posting these two snippetts of code (which I posted to the forum earlier): #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0M83PL=@FR 8ES%:6Q"(F9A#)K!&_;X4TXZ?(T]6(]`>$*.^]3K*K["(239)\@F MHA\"<%"5(%N->/2!'>X3XPU<0!Y,F``58RK(F;K#XD2,^`F[L09CT1>MH,7/ ------------------------------------------------------------- (hmm it seems that their WWW conversion chopped out some parts of it presumably due to it containing < and > symbols, so perhaps their fears were even further unfounded). They were alarmed by the implication that their WWW server now contained PGP code which they did not feel qualified to judge the implications, or correctness of. This prompted the posting to the forum of a rather worried sounding disclaimer by a votelink representative, to the effect that they were abiding by the Prodigy ruling, and so felt unable to remove the offending piece of ITAR breakage, and yet felt rather unconfortable with it's presence. I hastened to explain (after a certain cpunk kindly drew by attention to the discussion which I had neglected to check out after posting the 1st message) that the same dilema applies to numerous other forums, such as USENET news distribution sites, sci.crypt archives, cpunks archives, etc, etc. Generated some interesting discussion anyway. Adam From danisch at ira.uka.de Mon Aug 14 05:23:19 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Mon, 14 Aug 95 05:23:19 PDT Subject: Q's on Number Theory/Quadriatic Residues Message-ID: <9508141212.AA01243@elysion.iaks.ira.uka.de> > >Bzzt! Try Again. If you use bc, you will notice that 9^2 mod 35 == 11 > >and 8^2 mod 35 == 29... You should go take your number theory class! > > Definitely. Is there an easy way to get from the 29 to the 8? I can see how > it goes > the other way, but what I didnt' see was how, if given 29, I could get the > 8? (Euclid's?) You can get the square root mod p (p prime) easily, if p+1 is divisible by 4. You (should) know that x ^ (p-1) equals to 1 mod p for every given x > 0. Therefore x ^ ( (p-1)/2 ) is either +1 or -1 mod p. Now you have a given x^2 and want to find x (one of both, there are two..) ( x^2 ) ^ ((p+1)/4) = x ^ ( (p+1)/2 ) = x * x ^( (p-1)/2 ) = +/- x . If p+1 is not divisible by 4, it's a little bit more difficult... In your example, 35+1 is luckily divisible by 4. But this doesn't help, because 35 is not a prime. 35 = 5*7 , you can use the chinese remainder and find the root mod 5 and the root mod 7. 7+1 is divisible by 4, you can use the trick: ( 8 ^ 2 ) ^ 2 mod 7 = +/- 1. (which is correct since 8 = 1 mod 7); +1 and -1 are the roots of (8^2) modulo 7. Modulo 5 we can't use the trick, but we guess the roots of (8^2) = 4 mod 5 as 2 and 3. Back to the main problem: You want to have the root of (8^2) mod 35. We found the roots 1 and 6 as roots of (8^2) mod 7 and the roots 2 and 3 as roots of (8^2) mod 5. Now solve the Chinese remainder for each possible pair (1,2), (1,3), (6,2), (6,3), and you get the _four_ roots of (8^2) mod 35. Two of them will be 8 and -8, and there are another two. BTW: This is one way to do a mental coin flipping. Hadmut :-) From nowhere at bsu-cs.bsu.edu Mon Aug 14 06:05:37 1995 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Mon, 14 Aug 95 06:05:37 PDT Subject: premail www interface Message-ID: <199508141305.IAA19498@bsu-cs.bsu.edu> I have worked the kinks out and now announce the premail www interface. The interface uses preamil to send you mail anonymously without fuss or muss. If you are not familiar with premail, check the page out and see what is all about. You can find the premail script on Raph's pinging page. The interface should be bug free, but if you find any, let me know. I welcome comments/flames/criticisms. If there are suggestions for upgrades or future ideas, let me know. The cpremailer that I have up is still there. These two www interfaces should serve many people well. The suggestions I received for the cpremailer have been implemented so that you, the user, selects the number of remailers to use. No more hardwiring and there is nothing that forces you to chain. http://miso.wwa.com/~dochobbs/premail.html <-premail interface http://miso.wwa.com/~dochobbs/cpremailer.html <- nate's www remailer If anyone has designed a similar remailer interface for premail, let me know. I would like to know how you did it differently. Of course this email is coming to you from the premail gate. Michael Hobbs dochobbs at wwa.com From futplex at pseudonym.com Mon Aug 14 06:28:43 1995 From: futplex at pseudonym.com (Futplex) Date: Mon, 14 Aug 95 06:28:43 PDT Subject: CoS Raid on "Copyright Terrorist" Message-ID: <9508141328.AA22188@cs.umass.edu> Some CoS news: This past Saturday (95/08/12) a prominent Church of Scientology litigator, Helena Kobrin, and some U.S. federal marshals raided the home of Arnaldo Lerma, seizing pretty much all his computer hardware, disks, etc. It seems that back in 1993, CoS was suing someone named Steven Fishman. As part of the legal proceedings he filed a "declaration", which routinely became part of the public record of the business of the court. This happens to have included some of the OT documents which the CoS claims as both copyrighted trade secrets and sacred texts. As with other unsealed court documents, copies of the Fishman declaration are available by snail mail from the court for 50 cents/page. Lerma ordered a copy from the court, then posted it to alt.religion.scientology. Now CoS is claiming copyright infringement. Helena Kobrin apparently wants to advance the state of the art in Infocalypse hyperbole; she is quoted in a wire service story as saying, in reference to Lerma's posting, "What he was engaging in was a form of copyright terrorism" Meanwhile, various sites have started carrying copies of the Fishman declaration, made available by http, ftp, gopher, finger, etc. A site in China was one of these data havens, until the resultant traffic load forced it to shut down. David Touretzky, a member of the CS faculty at Carnegie-Mellon, had a complete copy on his Web pages at http://www.cs.cmu.edu/~dst/Fishman/ until CMU's legal counsel received a fax from Helena Kobrin, demanding their removal. Pending review by the CMU legal staff, he has taken them off. However, he is maintaining a list of links to sites that still carry copies of the declaration, along with pointers to some other relevant sites, and his own comments on the situation. Apparently quite a few other a.r.s folks and their ISPs have received similar warning letters from HKK. Someone did a fairly competent forgery on a.r.s of a version of the warning letter, purportedly from Helena Kobrin to the entire net. I found it disturbingly plausible. Also, someone forged cancels of various articles including parts of the Fishman declaration, and of at least one which quoted no more than Touretzky's URL. A couple of other interesting sources for information on the Scientology/Net situation I've found recently are: http://amazing.cinenet.net/scientology.html and http://www.clark.net/pub/jcblal/jcbcos.html Freedom Magazine Vol 27, Issue 4, published by the CoS RTC, has some articles online dealing with copyright, anonymity, privacy, and cryptography. As I've said before, I'm scared of getting slapped with a frivolous lawsuit by some arm of the CoS, so I won't quote anything from the articles. Perhaps some of the other vocal people on the list who think CoS wouldn't hurt a fly will distribute some choice Fair Use quotes. http://www.theta.com/goodman/hijack.htm argues for pre-emption of new govt. regulation of anonymity on the net by application of existing law, although it fails to recognize some of the protections for anonymity in said law. It also quotes some criticism by Bruce Koball of the 40-bit export restriction on RC4, and Clipper. The article editorializes against govt. suppression of strong crypto. http://www.theta.com/goodman/lies.htm is entitled "Solutions to On-Line Lies", and advocates forcing remailer operators to know the identities of their users/customers, and holding them liable for the content of remailed messages. It generally urges intolerance of unpopular online speech, and remarkably laments Microsoft's inability to sue for defamation over the Microsoft-to-buy- Catholic-Church spoof. http://www.theta.com/goodman/crime.htm offers some case histories of net.criminals (according to them), including Kevin Mitnick, some guys accused of rape (stuck under the moniker of `child pornographers'), and Dennis Ehrlich, subject of a CoS-inspired February raid by the copyright police. The juxtaposition of these figures is strikingly absurd. There's more, but this should give you a taste for what's there. -Futplex From jya at pipeline.com Mon Aug 14 06:29:58 1995 From: jya at pipeline.com (John Young) Date: Mon, 14 Aug 95 06:29:58 PDT Subject: Data Secrecy Rift Message-ID: <199508141329.JAA02054@pipe4.nyc.pipeline.com> This seems worth posting in full: ---------- The New York Times, August 14, 1995, pp. D1, D8. Rift Emerges Over Computer Data Secrecy Issue By John Markoff Some of biggest names in the computer industry sent separate letters to the White House last week in pre-emptive moves aimed at a proposed regulation originally intended to insure that law-enforcement officials have access to encoded telephone and computer communications. The proposal may be released as soon as this week. But as the Government's task force on the encryption issue prepared to disclose the closely held details of the proposal -- the latest version of a measure revealed more than three years ago but subsequently reconsidered in the face of industry opposition -- unexpected divisions emerged from the last-minute, scattershot lobbying. The splits are developing at a crucial moment, with the Government's interagency task force also apparently divided between those favoring maximum governmental access to communications and those who support a loosening of export restrictions. Most industry executives had hoped to present a united front in favor of the more liberal position -- a goal that now appears to be in jeopardy. The two major groups sending letters to Vice President Al Gore, the Administration's point man on technology issues, were a group of computer hardware manufacturers and a group of the largest makers of software. In a letter sent to the Vice President last Thursday, eight executives, including James Treybig, chairman of Tandem Computers Inc.; Gil F. Amelio, chairman of the National Semiconductor Corporation; Edward McCracken, chairman of Silicon Graphics Inc.; Eugene Shanks Jr. president of the Bankers Trust New York Corporation, which conducts international electronic commerce, and Stephen T. Walker, chairman of Trusted Information Systems, urged that the Government immediately establish a new standard to control the export of technology that is used to encode communications, so that outsiders cannot tap in. A day later, however, a group of software publishers, including William H. Gates, chairman of the Microsoft Corporation; Jim P. Manzi, president of the Lotus Development Corporation and a senior vice president of I.B.M., Robert Frankenberg, chairman of Novell Inc.; Mark B. Hoffman, chairman of Sybase Inc., and Carol Bartz, chairwoman of Autodesk Inc., wrote arguing that the possible restrictive regulations that may soon be offered by the Government would fail to remove the current obstacles that keep American companies from competing in lucrative international markets. Many off-the-shelf programs cannot be marketed abroad without alteration under current regulations. For example, before American publishers can sell the popular Lotus Notes program abroad, they must replace its encoding system with a weakened version so that foreign communications can be monitored by American intelligence agencies. These restrictions date to the 1970's when advanced computer technology was treated as the equivalent of military technology and subject to the same strict controls. The software publishers have been able to sell their highly effective communications encoding products in this country, while sales abroad, they contend, have been hurt. Their letter also said that although the Administration agreed last year to work with industry toward a compromise, "there has been only minimal consultation with the software industry with respect to basic questions." "We're worried the Government is about to announce the son of Clipper," said Robert W. Holleyman 2d, president of the Business Software Alliance, referring to the Government's original proposal for changing the standard. This proposal, released in April 1993, would have replaced the cold war-era restrictions with a coding standard that allowed sales of strong encryption programs, but would have given United States law-enforcement agencies access to all communications through a back door with a numerical key. "The Administration has been trying to resolve how to keep U.S. companies competitive, but there remain individuals in the Government who want to do anything they can to slow the proliferation of new encryption technologies," Mr. Holleyman said. In April 1992, the Administration proposed a hardware-based system for protecting the privacy of telephone calls and computer data transmissions. The standard, known as the Clipper Chip, included a special "backdoor" that would permit law-enforcement officials to listen to conversations and monitor data exchanges. The original Clipper system called for a two-part key for decoding scrambled conversations. The two parts of the key -- actually two large numbers -- were to be held by two independent Government agencies. Under the plan, when a law-enforcement agency had a warrant to listen to a conversation encoded by Clipper, it would obtain the keys from the separate agencies. By merging the keys, it could obtain a key that would unlock the coded conversation. The Clipper proposal met with angry opposition both from advocates for civil liberties, who argued it would undermine the right to privacy, and by high-technology executives who said Clipper would be unacceptable for foreign users who would not want their conversations to be readable by the United States Government. The announcement of the new proposal may be imminent. Two trade associations, the Software Publishers Association and the American Electronic Association, are planning a conference on cryptography policy for Friday. Several people familiar with Administration policy discussions said the Government had until recently remained divided and that the director of the Federal Bureau of Investigation, Louis J. Freeh, has been the most vocal advocate of placing strict limits on any use of unsanctioned encryption technology. After the bombing of the Federal building in Oklahoma City, the F.B.I., circulated a proposed antiterrorism bill on Capitol Hill that would have banned even the domestic use of coding software except for systems approved by the Government. [End] From futplex at pseudonym.com Mon Aug 14 06:47:09 1995 From: futplex at pseudonym.com (Futplex) Date: Mon, 14 Aug 95 06:47:09 PDT Subject: Data Secrecy Rift In-Reply-To: <199508141329.JAA02054@pipe4.nyc.pipeline.com> Message-ID: <9508141346.AA22758@cs.umass.edu> John Markoff writes: > In a letter sent to the Vice President last Thursday, eight > executives, including James Treybig, chairman of Tandem > Computers Inc.; Gil F. Amelio, chairman of the National > Semiconductor Corporation; Edward McCracken, chairman of > Silicon Graphics Inc.; Eugene Shanks Jr. president of the > Bankers Trust New York Corporation, which conducts > international electronic commerce, and Stephen T. Walker, > chairman of Trusted Information Systems, urged that the > Government immediately establish a new standard to control > the export of technology that is used to encode > communications, so that outsiders cannot tap in. This doesn't say very much. What sort of "new standard" for crypto export control did they urge ? Also, if you'll pardon my naivete, how does TIS stand to benefit from such restrictions ? -Futplex From raph at CS.Berkeley.EDU Mon Aug 14 06:50:48 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 14 Aug 95 06:50:48 PDT Subject: List of reliable remailers Message-ID: <199508141350.GAA22629@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all at chaos.taylored.com This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"vox"} = " cpunk pgp. post"; $remailer{"avox"} = " cpunk pgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp. hash"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub reord"; $remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post ek reord"; $remailer{"rahul"} = " cpunk pgp hash filter"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"syrinx"} = " cpunk pgp reord mix post"; $remailer{"ford"} = " cpunk pgp"; $remailer{"hroller"} = " cpunk pgp hash mix cut ek"; $remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"crown"} = " cpunk pgp hash latent cut mix ek reord"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"spook"} = " cpunk mix pgp hash latent cut ek"; $remailer{"gondolin"} = " cpunk mix hash latent cut ek ksub reord"; $remailer{"rmadillo"} = " mix cpunk pgp hash latent cut"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. 21 Apr 1995: The new version of premail (0.33) is out, with direct posting, perl5 and better MH support, and numerous bug fixes. Last ping: Mon 14 Aug 95 6:00:15 PDT remailer email address history latency uptime ----------------------------------------------------------------------- spook remailer at spook.alias.net **-*+--+--- 1:32:10 99.99% bsu-cs nowhere at bsu-cs.bsu.edu +#**-#####*# 4:15 99.98% portal hfinney at shell.portal.com #******#.-*# 1:42:00 99.98% replay remailer at replay.com ************ 9:36 99.97% alumni hal at alumni.caltech.edu ****-***.-*# 2:05:47 99.97% hacktic remailer at utopia.hacktic.nl ************ 11:33 99.95% crown mixmaster at kether.alias.net ----------- 2:07:40 99.95% rmadillo remailer at armadillo.com +-+**++** 1:06:24 99.95% vox remail at vox.xs4all.nl ....-.-.--- 14:52:58 99.99% penet anon at anon.penet.fi -++*++++++*+ 1:45:24 99.76% hroller hroller at c2.org #**+*---##* 35:04 99.65% syrinx syrinx at c2.org ----------- 2:30:12 99.61% mix mixmaster at remail.obscura.com --------++- 2:30:54 99.53% c2 remail at c2.org +++-+---+++ 1:24:36 99.49% flame remailer at flame.alias.net ++++++++++++ 51:10 99.11% vishnu mixmaster at vishnu.alias.net **------ - 2:38:17 98.91% ideath remailer at ideath.goldenbear.com .--_.---.- 7:32:04 98.59% gondolin mixmaster at gondolin.org +***+ +*--*- 1:03:25 98.52% ford remailer at bi-node.zerberus.de **-** ***#*# 5:31 96.93% rahul homer at rahul.net ++**+#*##**# 3:42 99.99% extropia remail at extropia.wimsey.com -.-.-... 21:12:59 83.13% rebma remailer at rebma.mn.org ..---+-- 9:53:43 68.81% For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From talon57 at well.com Mon Aug 14 07:44:59 1995 From: talon57 at well.com (Brian D Williams) Date: Mon, 14 Aug 95 07:44:59 PDT Subject: E-Systems Digitrac 6700 Message-ID: <199508141444.HAA15938@well.com> Tim May writes: >It gets back to the threat model. If the threat model is >interception by the neighborhood kids, then schemes for >frequency-hopping, scrambling, "warbling," and PhasorPhone-like >diddling are OK. If the threat model is the local police >department tapping one's phone, probably not enough, as they >likely can gain access to the E-Systems DigiTrac 6700 and >trivially unscramble the signal. Ok, I'll take the Bait. What else can you tell us about the E- systems Digitrac 6700? "enquiring" minds want to know.......;) Brian D Williams Cypherpatriot From frissell at panix.com Mon Aug 14 08:16:34 1995 From: frissell at panix.com (Duncan Frissell) Date: Mon, 14 Aug 95 08:16:34 PDT Subject: "Protect the children" as passphrase to Constitution Message-ID: <199508141515.LAA00956@panix.com> At 05:35 PM 8/10/95 -0700, Timothy C. May wrote: >Now clearly this strategy will be welcomed by many. It's hard to argue >against children and against the "protection of children." Arguing the >Constitutional side is tough when "the children" are at issue. I don't know, I find it pretty easy. All you have to do is say "The Slickster thinks that kids should be able to get government condoms and government abortions at will and should be able to copulate with abandon -- so what's a few cigarettes?" I thought Heillary said that children had a right to sue their parents? If the children's rights movement wants all of the above, it has to allow them to smoke and avoid vaccinations as well. If it's wrong to interfere with kids' autonomy in sex and litigation, than it's wrong to interfere with their autonomy in guns and smokes. I always say that I want to reduce State power "for the children." Putting a really commie-liberal accent on the phrase. It bugs the opposition. It's a null argument since you can argue in favor of anything "for the children." During the '92 campaign, Clinton said "I wake up every morning and worry about your children." I said in one of my .sigs, "Please don't worry about my children because if you do you might feel compelled to do something about them and the ensuing fire fight could cause substantial collateral damage in the neighborhood." >The potential crypto relevance? Look for arguments about limiting access to >strong crypto to be more heavily focussed on "pedophiles" and >"pornographers." Look for calls to have a national I.D. card--which serves >many State-needed purposes (and I don't mean in terms of Revelations). A >national I.D. card could then be tied in to GAK/escrow systems. The current national ID push is for illegal immigration control purposes. The last national ID push was under the Health Security Act. They are certainly anxious to get internal passports, aren't they. Luckily, as long as other nations within our passport control zone (like Canada and Mexico) don't have national ID cards, they will be easy enough to dodge for non work purposes. The Jordan Commission recommendations (calling for SS#/True Name matches as a condition for employment) can be defeated by a direct action program of publishing valid SS#/True Name matches. If you get enough valid pairs out in the public domain (still legal to do), illegal aliens and citizens who prefer not to participate in the system can use them. That would corrupt the control system. I need practice with HTML forms and databases. Perhaps that would be a good project. Writing a simple form to collect and store SS#/Name submissions from the general public. DCF "Government is not healthy for children and other living things." From theilman at umsmed.edu Mon Aug 14 08:42:11 1995 From: theilman at umsmed.edu (Gary Theilman) Date: Mon, 14 Aug 95 08:42:11 PDT Subject: My pseudo-anonymous dream list Message-ID: <9508141541.AA03333@fiona.umsmed.edu> -----BEGIN PGP SIGNED MESSAGE----- >There are, however, a great number of internal improvements that could be >made that would both improve user-end usefulness AND improve overall >security. I use Private Idaho, Eudora, and an account on alpha.c2.org. Let's see how the wishlist compares with this setup. >1) Multiple Remailers: >I'd like to see multiple (maybe >12) remailers that utilize the same >database, upgraded by batched processes once or twice a day or "broadcast" >realtime to all the reamilers in the web (probably the latter is better). Probably could be done by sharing the alpha.c2.org database to other remailers. I don't see any security problems with this as long as people use encrypted remailing blocks. >2) Encrypted Databases: >Any properly designed 'nym' server should have a totally >encrypted database. alpha.c2.org doesn't require this, but a smart user will arrange to have their reply block encrypted with the key of several different remailers. >3) Limited ID lifetime >Another failing, IMHO, with penet.fi is that ID#'s have an unlimited >lifetime. Is this really a problem? Makes sense from a housekeeping point of view, though. >4) Chained Mailings >Because you have many remailers operating, all messages should be randomly >chained through them. You can set up your reply block for chaining, although it isn't random. >Before a chaining is done, the remailer should ping the target remailer to >make sure it is up, so that mail isn't sitting in the queue. Hmmm. May be a problem if you are using latent time. >All chained mail should also be encrypted. alpha.c2.org can do this >5) Encryption/Signature Validation >Any message that is emailed PGP signed should be validated by the remailer >(with the User having to email in their public key as part of the >registration process, if they so choose, or remailers can use the >keyserver). Does this present a security problem, perhaps in conflict with suggestions #2? >6) Two-way I can do this now, although sometimes the reply is delayed a few days. >7) Option Validation >In order to change any of the options on your ID (ie, the expiration date >of your ID, or to expire it immediately, or to set the number of "hops" >you want to chain through), you should have to submit a PGP Signed command >message. Then, similar to a LISTSERV that confirms subscriptions and >unsubscriptions, a message is sent back asking you to "ok" these changes. >This return message is sent as PGP encrypted email to your public key. >When you decode it, you are given a, say, 10digit code string that you need >to mail back to confirm the changes. If you don't, it doesn't. A password is required for alpha.c2.org to make changes. And any message containing command changes must be encrypted with the remailer's key. >8) Robust Web of Remailers >Remailers come and go daily. Any pseudo-anonymous remailer web needs to >be able to handle that fact. Thus, a mechanism needs to be put into place >to allow for easy adding of a new machine (if it's easy, more people will >do it) with minimal maintanence. In addition, if a remailer disappears >(say, because somebody caught wind of it and ordered the student to turn >it off :-), the rest of the remailer web needs to be able to survive. Of >course, that particular address will be dead, but with apprpriate FAQs >posted around, people should be able to quickly find another address that >uses the same database. I regularly check the pinging service at remailer-list at kiwi.cs.berkeley.edu to do this. > >9) Proper PR Agreed. GREAT SUGGESTIONS! I think that alpha.c2.org comes closest to fulfilling your wish list, although it has several problems. The greatest problem is ease of set up. It took me several tries before I figured out how to set up and send an encrypted reply block in such a way that it could not be traced back to me. It also suffers from tremendous overload, much like anon.penet.fi. As a result, it can be slow. I would add a few more suggestions of my own to your wishlist. 11) Seamless integration with existing mail programs, such as Eudora. 12) Notification that your message has been received (I'm not sure how to do this and maintain anonymity) 13) Ability to handle very large encrypted files (binaries). 14) Perhaps increasing security by breaking messages into several parts, routing them through different chains, and reassembling them just prior to transmission to recipient. Keep up the good work! -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMC+JEFQVGHmq7kxdAQEWOQQAvKO3kZp6uMoYdRgEohWFk8PpPdw27iSB si2hFqZOm72581sEo2OXCmCSM9pn193XSOSqZJ1yYALi1OfQ2UrzuNbpteyE2rP8 koz72XU7OIs+8eLJ4+lp02gCq4/0no/simB9fWO+cAIp5zWB30jaHdp2lca37Z8Y 7vuiMuT3Pxc= =4X+7 -----END PGP SIGNATURE----- Gary D. Theilman, Pharm.D. University of Mississippi School of Pharmacy Department of Clinical Pharmacy Practice Finger for PGP Public Key From jya at pipeline.com Mon Aug 14 09:15:38 1995 From: jya at pipeline.com (John Young) Date: Mon, 14 Aug 95 09:15:38 PDT Subject: COS_sak Message-ID: <199508141615.MAA29588@pipe4.nyc.pipeline.com> 8-14-95. NYPaper [a mote for Futplex's panoptic biblio]: "Dissidents Use Computer Network to Rile Scientology." The Church of Scientology is battling a band of on-line dissidents who have used the Internet to mail out globally its secret scriptures. On Saturday, as a result of a copyright infringement lawsuit, US marshals seized the computer of a former church employee who had electronically posted a 13-page text that he said was available in court records. Helena K. Kobrin, a lawyer for the church, said: "There are people out there who somehow think the Internet has created a new medium where all the rules go away, and it's not true. Things happen faster on the Internet, and we're going to keep up." COS_sak (about 7K) From jya at pipeline.com Mon Aug 14 09:17:10 1995 From: jya at pipeline.com (John Young) Date: Mon, 14 Aug 95 09:17:10 PDT Subject: CEL_tic Message-ID: <199508141617.MAA29734@pipe4.nyc.pipeline.com> 8-14-95. NYPaper: "Israelis and Others Feel the Sting of a Cellur Phone Bug." A software bug inside the Alpha digital phone of Motorola has demonstrated an area of vulnerability in the growing web of digital communications systems -- and prompted Motorola to issue a worldwide recall. Motorola wound up asking 150,000 Alpha users in six countries to return the phones to have the software changed. The Alpha adheres to an emerging standard for digital cellular telephones called time division multiple access, or T.D.M.A. The bug caused the phone to lock on to one channel and stay there indefinitely. "There are tremendous risks as soon as you put something in software," said Peter Neumann, a computer security specialist with SRI International. The cellular industry "has foisted a disastrously insecure technology on the public," he said. CEL_tic (about 7K) From tedwards at src.umd.edu Mon Aug 14 12:08:35 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Mon, 14 Aug 95 12:08:35 PDT Subject: PRZ encrypted voice software release imminent In-Reply-To: Message-ID: On Fri, 11 Aug 1995, David Neal wrote: > On Fri, 11 Aug 1995, Vladimir Z. Nuri wrote: > > when someone invents cheap hardware that you can just plug > > on top of any existing phone, i.e. "the phone adaptor", TPA?, > > *that's* when the world is going to go crazy with crypto. > It's closer than you think. I've been messing with TI's > Digital Signal Processing DSK. For $99 you get a DSP > with audio in, audio out and 10k of memory. Reference > implementations of : DTMF encoders/decoders; 300, 1200, 2400 baud > modem programs; and voice processing software already exist. It would be interesting to create a hardware device which is interoperable with PGPFone but uses a DSP chip and a slower control processor. I can easilly imagine $100-$150 as a reasonable range. I will be really curious to see what kind of voice coder they are using in PGPFone...I assume it is some flavor of CELP. -Thomas From wilcoxb at nagina.cs.colorado.edu Mon Aug 14 12:14:20 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Mon, 14 Aug 95 12:14:20 PDT Subject: An article for Wired magazine In-Reply-To: <950814181048_74774.3663_EHL147-1@CompuServe.COM> Message-ID: <199508141914.NAA16529@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > First of all, digital money can take various forms. Existence on a hard > drive is one of those forms. But, it is also possible to have digital money > on a card-based platform. Mondex in the UK currently has official government > units of account digitally represented for their Mondex card trial in > Swindon. They have also announced that in the future this card will hold up > to five "official" currencies. Furthermore, they make no secret about the > fact that this digital money is ideally suited to transfer on the Net. Visa > and Mastercard are both working on stored-value cards which will also > digitize official currencies. CyberCash has also announced plans for an > electronic token which will most likely represent an official currency. > Others will announce soon. I'd like to go on record as stating that all of these other systems pretty much suck. Mondex, for example, actually stores non-crypto messages of the type "Hi there I represent one hundred Belgian crowns" in its cards, so if you can hack the "front-door" security (possibly with physical hacking of the card) and convince a Mondex card that your PC is another Mondex card you can transfer infinite money to it. (Well, I suppose you wouldn't be able to transfer more than 2^64 units of currency or some such limit, but you get the idea.) Contrast this with DigiCash's scheme in which each cyberbuck is cryptographically unforgeable. Most of the other companies have similarly weak security. Many of them are not offering any new technology at all, but are simply offering to transport your credit card number for you, encrypted, over the net. Furthermore none of DigiCash's competitors, as far as I have been able to learn, offer any kind of anonymity the way DigiCash does. The closest they come is "confidentiality". Yeah-- right. I can get the same offer from the Ministry of Truth. Finally, be aware that e-cash can be put onto a smart card just as well as on a magentic disk. DigiCash is actually in the process of developing and/or marketing smart cards that hold such things as toll token for toll roads and civic credits for coffee houses in Europe. See their home page for more detailed (and probably more accurate) info. Source of facts behind these opinions: Perusing the web pages of the principals. DigiCash home page http://www.digicash.com/ FIRST VIRTUAL Holdings Incorporated http://www.fv.com/ Mondex Home Page http://www.mondex.com/mondex/home.htm CyberCash, Inc. Home Page http://www.cybercash.com/ CommerceNet Home http://www.commerce.net/ RSA Data Security, Inc.'s Home Page http://www.rsa.com/ Net1 Home Page http://www.netchex.com/ Electronic Commerce http://www.zurich.ibm.ch/Technology/Security/extern/ecommerce/ The NetCheque(SM) system http://nii-server.isi.edu:80/info/NetCheque/ NetMarket Homepage http://netmarket.com/nm/pages/home Downtown Anywhere - Front Street http://www.awa.com/ Internet Shopping Network http://www.internet.net/ Cash, Tokens, etc on NII http://www.cnri.reston.va.us:3000/XIWT/documents/dig_cash_doc/ToC.html NetBill Project Home Page http://www.ini.cmu.edu/netbill/ NetMarket Homepage http://netmarket.com/nm/pages/home NexusBucks http://www.c2.org/nexbucks/ Economics and the Internet http://gopher.econ.lsa.umich.edu/EconInternet.html Security First Network Bank, FSB http://www.sfnb.com/ Commerce on the Internet http://home.netscape.com/newsref/std/credit.html A History of Money http://www.ex.ac.uk/~RDavies/arian/llyfr.html Wenbo Mao's Presentation http://www.hpl.hp.co.uk/projects/vishnu/main.html Internet Casinos http://www.casino.org/" ADD_DATE="801367759 The E-cash Market http://www.c2.org/~mark/ecash/ecash.html > Stand-by though: governments and central banks will do everything in their > power to discourage and prevent this for the power to issue and coin money is > one of THE most cherished privileges of the Crown ! ...and it seems like the first step that they are taking is sanctioning inferior, less secure, privacy-decreasing technologies over DigiCash's superior alternative. And so it goes... Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMC+gSPWZSllhfG25AQHe+gQAhiPQ8GN+cg4Q6lLe6c8UQovOVN301lop tAthnw7qbLDY/dKItCy9AzImDGn2WFTwx3i+nouWbDSWwGUw0Zlc6ajdRlCviX9a BihtvGJaaujxv13ERI6jjmmfkvbctDfqUrDvrgjQB/0kOhSxt5VTkA2tNdzGiEK9 4EA3f+0Cah0= =cJy2 -----END PGP SIGNATURE----- From gnu at toad.com Mon Aug 14 12:24:33 1995 From: gnu at toad.com (John Gilmore) Date: Mon, 14 Aug 95 12:24:33 PDT Subject: Are we forming the "social sector"? FYIntrospection... Message-ID: <9508141924.AA00272@toad.com> Forwarded-by: sbb at well.com (Stewart Brand) To: telecom_ir at rand.org cc: Frank Fukuyama Subject: Re: Cyberspace Security and the Internet Metaphor Date: Sun, 13 Aug 95 12:12:46 PDT From: David Ronfeldt The discussion has assumed a familiar ring, as though the responsibilities for and answers to cyberspace security lie in the usual two realms or sectors: government or market, public or private. Is that the only range of choice? It pretty much has been for decades. But I still say there is a new realm/sector emerging out there now, which, for lack of a more acceptable term, amounts to what Drucker terms the social sector. "the post-capitalist polity needs a 'third sector,' in addition to the two generally recognized ones, the 'private sector' of business and the 'public sector' of government. It needs an autonomous social sector." (Drucker 1993) Many Internet-related NGOs (like EFF) and individuals (like Zimmerman) fall in this sector. They aren't government or market; they are nonstate, nonprofit actors. And besides just having a lot to say about cyberspace security issues, they have some roles to play--e.g., distribution of encryption techniques, watchdog and warning activities. For now, these roles are minor. But my guess is that they will get increasingly bigger, probably in ways we do not yet foresee. Whether their roles will soon be as significant as those of government and market actors is less important than whether they are, and increasingly will be, contributing something significant to the overall design mix. My presumption is that advanced societies develop mixes that distribute "the solution" across various realms and their actors. What I would like to know and discuss--and I ask you all--is what these nonstate, nonprofit actors are doing at present that amounts to their being part of the solution(s)? From rah at shipwright.com Mon Aug 14 13:00:26 1995 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 14 Aug 95 13:00:26 PDT Subject: Are we forming the "social sector"? FYIntrospection... Message-ID: > "the post-capitalist polity needs a 'third sector,' in addition > to the two generally recognized ones, the 'private sector' of > business and the 'public sector' of government. It needs an > autonomous social sector." (Drucker 1993) This is a quote from the following: "The Age of Social Transformation", Peter Drucker, _The Atlantic Monthly_ 11/94, pp 53-80. ... which I just read this weekend, coincedentally. Yes, it's statist. Still, it's a good read. I learned something from it, even if I found myself talking back a little. ;-). Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From dochobbs at wwa.com Mon Aug 14 13:03:24 1995 From: dochobbs at wwa.com (Michael D. Hobbs) Date: Mon, 14 Aug 95 13:03:24 PDT Subject: My pseudo-anonymous dream list Message-ID: Gary wrote, I would add a few more suggestions of my own to your wishlist. 11) Seamless integration with existing mail programs, such as Eudora. what about...pine, pegasus, sendmail, airmail, news mail programs... I think this would be up to the individual user or for someone to develop the perfect pgp mail program. 12) Notification that your message has been received (I'm not sure how to do this and maintain anonymity) I don't know either if you chain your mail before it gets to the nym server. The idea of chaining is to keep the sender anonymous. Maybe if the nym server send mail to your reply block every time your alias and password are used to send mail. Though it would have to be something like "your alias has sent mail to the following xxx at xxx.xxx. 13) Ability to handle very large encrypted files (binaries). Why? I think this would either 1) cripple the server from the load 2) make it easier to track back to the sender. If you are comparing 1 meg files against 1000 byte files it would be much easier to filter out what you are not looking for. 3) give anon mailers the reputation of porn/warez/church of scientology document distibuters and not privacy mailers which defeats some of the things that are trying to get done. 14) Perhaps increasing security by breaking messages into several parts, routing them through different chains, and reassembling them just prior to transmission to recipient. Ouch. I think that would be hard to manage :) Can you imagine thousands of users sending tens of thousands of messages a day and having more than one remailer having to keep track of hundreds of thousands of 'chunks' of mail. That would start to resemble tcp/ip in complexity. Keep up the good work! The concepts are good, I just don't think the implementation would be very easy. You should sign up on the nym server mailing list that was posted here a few days ago if you are interested in pursuing these ideas. _____________________________________________________________ dochobbs at wwa.com M.D. Hobbs mhobbs at rad.rpslmc.edu http://miso.wwa.com/~dochobbs finger for my pgp key I am human and nothing human do I count alien. From schampeo at imonics.com Mon Aug 14 13:08:32 1995 From: schampeo at imonics.com (Steven Champeon - Imonics Development) Date: Mon, 14 Aug 95 13:08:32 PDT Subject: Are we forming the "social sector"? FYIntrospection... Message-ID: <9508142008.AA23481@fugazi.imonics.com> | From owner-cypherpunks at toad.com Mon Aug 14 15:48:43 1995 | Subject: Are we forming the "social sector"? FYIntrospection... | Sender: owner-cypherpunks at toad.com | | [ ... ] | | "the post-capitalist polity needs a 'third sector,' in addition | to the two generally recognized ones, the 'private sector' of | business and the 'public sector' of government. It needs an | autonomous social sector." (Drucker 1993) Not to start a holy war (no pun intended) but isn't this the role that according to Locke, et al., was supposed to be filled by Religion? A moral/social force standing beside government and economics? If Dr. Johnson had been less immersed in the idea of Truth, I believe he would have agreed. He wrote for money, hobnobbed with royalty for status, and was driven by a need to prove himself worthy in the eyes of his Maker. I can't stand the perspectives that come out of this "we're so objective we ignore anything that reeks of irrationality" stance. By restricting themselves to the projection of history that results, they can't see the ways in which the things they deny have been the major players in the situation they claim to understand. "Post-capitalist polity"? What the hell is this guy smoking? I say this not to advance the role of religious fundamentalism, but as a reminder of the past and an earnest attempt to get people to recognize that like it or not, religion (however you may conceive it) is already there. You could argue that people go into government for power and business for money, and whatever is left over constitutes their religious frame. Charles Winquist, a professor of the philosophy of religion at Syracuse, calls religion that which defines what is "real and important" for a person, a culture, or a nation. I would argue that once you abstract out the money and power aspects of this, you are left with exactly what this guy Drucker is trying to say we need. And we already have it. I like to write good code and do intelligent Web site design. And I don't do it for Jesus, or Buddha, or Rev. Moon. I do it because it is what gives my life a sense of reality, and because it is what I have determined to be important right now. I also pay attention to issues such as are discussed here (excepting the conspiracy crap) because I can see that it will be important to me and others. Just my $.02, Steve From paul at poboy.b17c.ingr.com Mon Aug 14 13:19:58 1995 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 14 Aug 95 13:19:58 PDT Subject: An article for Wired magazine In-Reply-To: <199508141914.NAA16529@nagina.cs.colorado.edu> Message-ID: <199508142009.AA07344@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > Furthermore none of DigiCash's competitors, as far as I have been able to > learn, offer any kind of anonymity the way DigiCash does. The closest they > come is "confidentiality". Yeah-- right. I can get the same offer from the > Ministry of Truth. True. On the other hand, many of these other companies are actually doing commerce Right This Minute. As a vendor, my primary interest is availability. Digicash stands to lose out in the marketplace. Why? Because you can't actually buy and sell real goods for real cash right now. One day, sure, but not now. By the time they deploy their system, consumers who aren't as concerned, or knowledgeable, as cypherpunks will have made some other system the market leader. Chilling thought. I hope DC can get a backing bank sometime soon. - -Paul - -- Paul Robichaux, KD4JZG | Do you support free speech? Even when perobich at ingr.com | you don't like what's being said? Be a cryptography user. Ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMC+taqfb4pLe9tolAQE0igP/bAT0EidHjONMjmjXmy5AZLCKzj3TM1U0 qPIZR72noaL6YeUQKig9u9DLRe3tSMz9sobSqZuOguapiTP/ZhusoaOVUwxsdgQe SWtJwgIaMzESZr1lWihUyCopvKiHZmlyCX/3pnpKyubWcCa2lNn9crgzkof1BgVV vIw6S16waSU= =00jq -----END PGP SIGNATURE----- From zeus at pinsight.com Mon Aug 14 13:24:49 1995 From: zeus at pinsight.com (J. Kent Hastings) Date: Mon, 14 Aug 95 13:24:49 PDT Subject: Get 1/3 net of 900-CAN-MY0B Message-ID: <199508142024.NAA27382@utopia.pinsight.com> -- [ From: J. Kent Hastings * EMC.Ver #2.5.02 ] -- Buy ads for The Agorist Institute's new privacy information audiotext distribution line (aka 900-number), and get 1/3 of the income above strictly defined costs for TeleConnect and MCI. After computing the service bureau and MCI take, it looks like we'll have to charge 1.95 (or 1.99 more likely) per minute if more than half of the money is to be available for a three way split. Right now I'm reading a script on a low audio volume tape player at 99 cents per minute. The three ways are 1/3 to Lon Weber, freedom4 at aol.com, the owner of the 900#, 1/3 to J. Kent Hastings, zeus at pinsight.com, Assistant Director of The Agorist Institute, the "sponsor" of the line, and 1/3 to an advertiser. If more than one advertiser gets involved, we can assign and pay for calls in defined territories. If you buy ads in Colorado, you'd get 1/3 of the net from Colorado calls. Or if just a few participate with nationwide print, radio, or video infomercials, we can assign extension numbers, which are automatically tallied by TeleConnect, to identify who is to be paid. Of course, one single investor willing to finance a complete ad campaign could use these techniques to select the most profitable approaches. We have the line, 1-900-CAN-MY0B, and it is already approved. The "MIND YOUR 0WN BUSINESS" audiotext program. 1 - 9 0 0 - C A N - M Y 0 B (1-900-226-6902) Note the zero digit, not the letter "O." "The Feds say you can't have privacy, but we say you CAN 'Mind Your 0wn Business!'" Help get it going, so we can make a dollar and provide useful privacy news and techniques to the public. A 900# doesn't have the printing and postage costs of a newsletter, and the listener doesn't need to use a credit card or write a check for a subscription. I'm also willing to give 1/2 of my 1/3 (=1/6) for monthly professional audio production. Send e-mail to me at zeus at pinsight.com for more information. Kent -- J. Kent Hastings, Assistant Director of The Agorist Institute zeus at pinsight.com -- http://www.pinsight.com/~zeus/agorist/ From bailey at computek.net Mon Aug 14 13:47:37 1995 From: bailey at computek.net (Mike Bailey) Date: Mon, 14 Aug 95 13:47:37 PDT Subject: Bet e$ on how long it will take for PGPFone to make it overseas! In-Reply-To: <199508140120.VAA24979@bb.hks.net> Message-ID: On Sun, 13 Aug 1995, Lucky Green wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > To loosen up the often so serious discussions on the list, I propose a > little game. PGPFone's release is about a week away. PRZ is trying his > hardest to keep it from being exported. Still, I have the feeling that > some irresponsible cyphercriminal will break US law and export PGPFone > anyway. Let us bet cyberbucks on how long it will take for this crime to > happen. Here is my initial offer: > > I bet e$50 that PGPFone will have been exported 24 hours after its final > release has been announced to this list. Who is willing to take the bet? > Perhaps someone is willing to bet at less time? > > Have fun, > This is a sucker bet ... more appropriate would be that you bet it will take longer than X amount of time. Verification would be tricky too. -Mike ************************************************************************** * Mike Bailey (hm)214-252-3915 * * AT&T Capital Corporation. (wk)214-456-4510 * * email bailey at computek.net host bambam.computek.net * * "Remember you can tune a piano but you can't tuna fish -Joe Walsh" * * http://www.computek.net/public/bailey * ************************************************************************** From wilcoxb at nagina.cs.colorado.edu Mon Aug 14 13:54:47 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Mon, 14 Aug 95 13:54:47 PDT Subject: An article for Wired magazine In-Reply-To: <199508142009.AA07344@poboy.b17c.ingr.com> Message-ID: <199508142054.OAA18740@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > True. On the other hand, many of these other companies are actually doing > commerce Right This Minute. As a vendor, my primary interest is availability. I understand what you mean, although *my* primary interest is techno-enthusiasm and near-future sociological speculation. :-) > Digicash stands to lose out in the marketplace. Why? Because you can't > actually buy and sell real goods for real cash right now. One day, > sure, but not now. By the time they deploy their system, consumers who > aren't as concerned, or knowledgeable, as cypherpunks will have made > some other system the market leader. I'm afraid these words will turn out to be prophetic. On the other hand, the nature of this market is such that the industry leadership can turn-over quickly. I expect that the factor which has the most inertia in this game is consumer mind-share. The other factors-- capital, technology, skilled labor, publicity-- can all be quickly gained by any aggressive new start-up that wants them. > Chilling thought. I hope DC can get a backing bank sometime soon. According to Steven Levy (in his Wired mag story on David Chaum), Chaum refuses to make deals with companies that would cut corners on his privacy provisions. I don't know how accurate that story is, but if it is true it would explain why DigiCash is the technological leader and the marketplace dark horse. (Hm. "DC" -- "DigiCash" -- "David Chaum". I just noticed that...) Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMC+3wvWZSllhfG25AQGjQgP/dhMWwEEPasttIs/RvkNFA6qRUS9A/7F2 96QvWhA9vetBq97LmwWZxluxw8VgPUoJyltX+eVOHt+JCeDy36rxOhcMe2hH1Z8B qGZUcwpZ8IUIxkq43SQ0M+MqWyEWRn/0c9vNxu39o7CnOQWIZPfjdSp0CtRdjmu2 E0ypPAFV73c= =uynK -----END PGP SIGNATURE----- From frissell at panix.com Mon Aug 14 13:59:32 1995 From: frissell at panix.com (Duncan Frissell) Date: Mon, 14 Aug 95 13:59:32 PDT Subject: Phone Card Risks Message-ID: <199508142054.QAA23629@panix.com> One of the plethora of TV Magazine shows featured Tim McViegh and phone cards last week. Maybe I should post to Risks. According to the story, Tim McViegh bought a bunch of phone cards from "The Spotlight" (famous Klan paper) which carried the Spotlight brand name. He made lots of calls. Later, the Fibbies who checked all the phone records for room and pay phones at the motels where TM was staying came up with lots of calls to the 800 number of the vendor who was actually switching calls for the Spotlight phone cards. The vendor found the card number(s) that matched those calls and all the other calls that matched those card numbers. They made it seem like such a match was a big thing. Perhaps their transaction database was not well developed. In any case, they wrote a little software and gave the Fibbies a list of all of TM's calls. There are supposed to be lots of calls to fertilizer dealers, his sister, and others. Very interesting. This is an obvious risk in the use of phone cards that anyone should be able to figure out for themselves since it is the same risk that pay phones have always had. If the Fibbies can find out what telephones you have used, they can get those records and trace things from there. This problem has occurred before for "right wing" nuts and the Mafia. Several years ago after members of The Order robbed an armored car in northern California, the Fibbies found a nearby motel where a bunch of suspicious characters had all stayed together and traced calls from the pay phone outside to various wives/girl friends and broke the case from there. Likewise Mafiosi in their NYC social clubs have often shown bad phone habits using the nearest pay phone, etc. If a pay phone is used enough and well-enough known to the Fibbies, it even becomes worthwhile to tap it. So buy lots of phone cards from different dealers (*never* The Spotlight), use phones unconnected to you, don't make too many calls from the same phone or using the same card, and be sure to destroy the card preferably before you use it (the only significant thing about phone cards are the numbers which can be stored in an encrypted file). An easy way to accomplish much of the above is to hang out in big cities instead of the boonies. It's a lot easier to find an unlinked phone (unlinked to you, that is) in the city than in the country. DCF "'Well, he hit what he was aiming at.' Marine DI discussing the fact that the guy up in the tower at the University of Texas shooting people was an ex-Marine." From 74774.3663 at compuserve.com Mon Aug 14 14:35:53 1995 From: 74774.3663 at compuserve.com (Jon Matonis) Date: Mon, 14 Aug 95 14:35:53 PDT Subject: An article for Wired magazine Message-ID: <950814205254_74774.3663_EHL102-1@CompuServe.COM> This is so that you have the complete context of the post. ---------- Forwarded Message ---------- From: Jon Matonis, 74774,3663 TO: Electronic Cash (post), INTERNET:ecm at ai.mit.edu DATE: 8/14/95 11:10 AM RE: Copy of: Re: An article for Wired magazine Robert Hettinga (rah at shipwright.com)wrote: >My point is that there isn't e$ denominated in a government's currency, >more to the point, a popular currency like dollars or marks, or yen. That >would make it possible for me to pay a dollar on the net for goods worth a >dollar. That's what I meant by "real" currency. What we have are unique >digital certificates with indeterminate lifetimes which have no nominal >value except what people are willing to pay for them in the open market. >This is fine. In fact it's pretty cool that people are willing to impute >value to them by buying and selling them exclusive of any other economic >backing. Since this is for a magazine article, I want to clear up some misconceptions. The e$ experiment as conducted by DigiCash has broader implications, which the article may or may not decide to address. First of all, digital money can take various forms. Existence on a hard drive is one of those forms. But, it is also possible to have digital money on a card-based platform. Mondex in the UK currently has official government units of account digitally represented for their Mondex card trial in Swindon. They have also announced that in the future this card will hold up to five "official" currencies. Furthermore, they make no secret about the fact that this digital money is ideally suited to transfer on the Net. Visa and Mastercard are both working on stored-value cards which will also digitize official currencies. CyberCash has also announced plans for an electronic token which will most likely represent an official currency. Others will announce soon. Even DigiCash, in its own material, states that they are only the supplier of technology. This cyberbuck experiment was to demonstrate that technology -- primarily to banks. They don't intend to be in this business as the monetary supplier. So, the e$ technical experiment served its purpose. It was unbacked because that was not what they were promoting. Banks, as licensees, will perform the monetary functions and they will undoubtedly issue digital money at par with governmental units of account. The trend here is definitely towards "official" currencies and that will give digital money the trustworthiness and familiarity which it needs so desparately for acceptance. But that is not to say that this is the preferred course. Other trustworthy, brand-name issuers (non-banks, i.e., Coca-Cola, AT&T, United Airlines, Fidelity Investments) with similiar technology (or ones that license it) can certainly monetize any bearer instruments and then digitize those instruments for the purpose of a negotiable unit of value. I argue that this is the preferred course because it will eliminate the reliance on banks (and central banks) and speed up considerably the proliferation of digital money for the benefit of all. Stand-by though: governments and central banks will do everything in their power to discourage and prevent this for the power to issue and coin money is one of THE most cherished privileges of the Crown ! This WiReD article is just the beginning ! Jon W. Matonis From tedwards at src.umd.edu Mon Aug 14 17:11:34 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Mon, 14 Aug 95 17:11:34 PDT Subject: Request for Cypherpunks to CU-SeeMeize mbone video Message-ID: A while back someone mentioned that they would be videocasting a Cypherpunks meeting over the MBONE. While the MBONE is great for many of us, CU-SeeMe would provide a much larger audience. Check out http://www.umich.edu/~dschluss/nv-cusm.html for information on how to forward MBONE video to a CU-SeeMe reflector. -Thomas From carolab at censored.org Mon Aug 14 17:22:46 1995 From: carolab at censored.org (Censored Girls Anonymous) Date: Mon, 14 Aug 95 17:22:46 PDT Subject: Phone Card Risks In-Reply-To: <199508142054.QAA23629@panix.com> Message-ID: On Mon, 14 Aug 1995, Duncan Frissell wrote: > > This is an obvious risk in the use of phone cards.... And up here in Minneapolis, ALMOST ALL of the central city area pay phones are now rigged so they will not accept change between 11 PM and 7 AM. Forewarned is forearmed. Love Always, Carol Anne Member Internet Society - Certified BETSI Programmer - WWW Page Creation ------------------------------------------------------------------------- Carol Anne Braddock <--now running linux 1.0.9 for your pleasure carolann at censored.org __ __ ____ ___ ___ ____ carolab at primenet.com /__)/__) / / / / /_ /\ / /_ / carolb at spring.com / / \ / / / / /__ / \/ /___ / ------------------------------------------------------------------------- A great place to start My Cyber Doc... From lat at iac.net Mon Aug 14 17:39:16 1995 From: lat at iac.net (Lynn TerWoerds) Date: Mon, 14 Aug 95 17:39:16 PDT Subject: PERRY METZGER: YOUR MOMMY IS CALLING YOU HOME Message-ID: Anonymous remailer? What a crock! In my book, you might as well have written this rant on swift moving water or the wind. Lynn TerWoerds Cincinnati, OH From tcmay at got.net Mon Aug 14 17:54:44 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 14 Aug 95 17:54:44 PDT Subject: Name Overloading Message-ID: At 8:54 PM 8/14/95, Bryce Wilcox wrote: >(Hm. "DC" -- "DigiCash" -- "David Chaum". I just noticed that...) Also "Dining Cryptographers," as in "DC-Nets," which DC invented. Chaum only smirks when asked about this multiple overloading. --Tim May, aka Marcus Registrada (overloaded with Trade Mark, Turing Machine, and maybe other things...) ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sjb at austin.ibm.com Mon Aug 14 17:59:44 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Mon, 14 Aug 95 17:59:44 PDT Subject: votelink - some discussions on Phil Z & ITAR In-Reply-To: <20548.9508141111@exe.dcs.exeter.ac.uk> Message-ID: <9508150059.AA12545@ozymandias.austin.ibm.com> aba at atlas.ex.ac.uk writes >They were alarmed by the implication that their WWW server now >contained PGP code which they did not feel qualified to judge the >implications, or correctness of. This prompted the posting to the >forum of a rather worried sounding disclaimer by a votelink >representative, to the effect that they were abiding by the Prodigy >ruling, and so felt unable to remove the offending piece of ITAR >breakage, and yet felt rather unconfortable with it's presence. Interesting reaction, if I understand it rightly... "We're afraid that having less than two tenths of a percent of PGP on our system causes us to violate ITAR, but we're also afraid to remove it because it may constitute 'moderation' of the discussion and thereby open us to liability." From penny at tyrell.net Mon Aug 14 18:45:09 1995 From: penny at tyrell.net (Alan Penny) Date: Mon, 14 Aug 95 18:45:09 PDT Subject: e$: Reuters Smells the Coffee + (cyphergroupie confession) Message-ID: <199508150140.AA05322@tyrell.net> I might as well confess now and get it over with. Yes I am a cyphergroupie. I do write code, but it is not cypher-code, however I do get paid for it, which along with taking care of my family consumes most of my time. I have a sliver of time that I can devote to reading mailing lists and newsgroups from the internet. If you will indulge me, I write this letter for my own amusement and with the hope that it my spark some interest. > Date: Sat, 12 Aug 1995 10:05:35 -0400 > From: rah at shipwright.com (Robert Hettinga) > Subject: e$: Reuters Smells the Coffee > > > --- begin forwarded text > > Mime-Version: 1.0 > Date: Sat, 12 Aug 1995 00:01:58 > From: infocker at megaweb.com > Sender: infocker at megaweb.com () (from unknown.aol.com 205.188.2.111) > To: www-buyinfo at allegra.att.com > Subject: Cyber Economy--Govts. Cannot Control > > Thought Mr. Hettinga might particularly appreciate this perspective. > > Jim Rapp > Alexandria, Virginia > "give me more info" > > As always, do not send the copyright police after me. > > > LONDON - Growing business on the Internet computer network could > allow companies and individuals to avoid taxes and build up a black > economy increasingly out of range of government intervention and > regulation, computer experts say. > [snip] > > "Electronic purses," loaded from banks down telephone lines, > could become the favored means of payment for fast, anonymous and > secure payments, with currencies of choice becoming more exotic, > depending on what is acceptable to dealmakers. Hmm, Lately I have seen an advertisement on TV from a credit card company (it might be CitiBank, I don't recall) describing a new style of credit card (Ringo Star is the spokesman for the card). Its name is "Private Issue". According to the ad you can pick your card design (the picture background of the card), and your billing date. After seeing this "e$: Reuters Smells the Coffee" post I wonder if the Bank/Credit-Card company is easing customers into thinking of private issue cash/credit as a Good-Thing(tm), or it may just be some sort of marketing gimick to sell more credit card. However, I do find the choice of name interesting - "Private Issue". The recent issue of Extropian Magazine (ya, they can be a little kooky, usually there is something interesting said in the magazine), featured a disussion of the privitazation of money (with references to Hayek's book The Denationalization of Money) and its "compatability" with ecash. When I first heard about the concept of privitizing money I thought it could not be done. But lately I have been wondering if it is possible to "sell the idea", especially after seeing the "Private Issue" ad. If you pitched ecash the right way it is possible that it could catch on. I think that the most important part of selling the private currency to small buisnesses would be if the ecash "works" just like credit cards. If any one out there is thinking of a real 'private issue'. I think that this is one of the most important design features for the potential private currency. What I mean by "works" like credit cards is not the transaction tracking bookeeping part, but the physical handling of the transaction at the point of sale. I envision a card reader machine that you run a magnetic strip card through. The machine read/writes the ecash card does what ever cryptographic steps necessary to complete the transaction and the card is handed back to the customer. Credits are transmited to the eash bank/currency issuer and the clerk hands the customer a recipt. It would also be good if the card reader machine could also process transactions with traditional credit cards. You could even have a logo sticker that you put on your shop window to show that you will accept that "new kind of credit-card". Is the bank/credit-card company laying the marketing ground work for a private currency based on ecash? If it is, it is a interesting way of selling the concept, making it a COOL RAD - avant garde thing to use. Other selling points of a private issue could be lack of inflation, better intrest rates and possible tax advantages. Of course the issuer would have to be trusworth (or at least more trusworth than the guverment!). Signing off, while shopping for Cayman Islands bank services... [-------------------------------------------------------------------------] [ Public pgp-key: email penny at tyrell.net with subject as 'send pgp-key' ] [ My opinions are mine. I have scored 90% on the the Turing Test. ] [ Alan Penny, penny at tyrell.net ] From hallam at w3.org Mon Aug 14 18:59:41 1995 From: hallam at w3.org (hallam at w3.org) Date: Mon, 14 Aug 95 18:59:41 PDT Subject: An article for Wired magazine In-Reply-To: <199508142009.AA07344@poboy.b17c.ingr.com> Message-ID: <9508150158.AA12834@zorch.w3.org> I'm less worried about the annonymity aspect than the security aspect. The reported Mondex approach is less than impressive. The major problem with DigiCash is the patent portfollio. I don't much like the idea of David Chaum replacing the government as the controller of the money supply. Sorry, I just don't. The problem with Chaum's work is that it is unbalanced. He considers only the privacy aspect. The prevention of extortion aspect he does not consider. DigiCash have never addressed the baby-napping protocol problem as far as I am aware. Governments have certain rights in our society that individuals do not. This is justified by their being democratically accountable. I don't think we should readily agree to surrender those rights. Do you want the world of the future to be controlled by Bill Gates, Ted Turner and David Chaum? From perry at panix.com Mon Aug 14 19:44:23 1995 From: perry at panix.com (Perry E. Metzger) Date: Mon, 14 Aug 95 19:44:23 PDT Subject: An article for Wired magazine In-Reply-To: <9508150158.AA12834@zorch.w3.org> Message-ID: <199508150244.WAA19899@panix4.panix.com> hallam at w3.org writes: > The problem with Chaum's work is that it is unbalanced. He considers > only the privacy aspect. The prevention of extortion aspect he does > not consider. DigiCash have never addressed the baby-napping > protocol problem as far as I am aware. DigiCash as defined makes it trivial to trace cash you give to someone provided there is collusion between the payer and the bank. Doesn't that solve the baby-napping problem? Incidently, so far as I know, there is no physical world way to solve the babynapping problem. Hell, you can just demand a case with five kilos of gold in it if $50,000 in cash doesn't suit your tastes. I defy governments to eliminate gold as well as paper currency. > Governments have certain rights in our society that individuals do > not. This is justified by their being democratically accountable. Lets not get into a polititical discussion, but many of us here would deny the legitimacy of authoritarianism simply on the basis that a majority of the tiny minority that votes decided to vote for it. .pm From klbarrus at infocom.net Mon Aug 14 20:25:50 1995 From: klbarrus at infocom.net (Karl L. Barrus) Date: Mon, 14 Aug 95 20:25:50 PDT Subject: Q's on Number Theory/Quadriatic Residues Message-ID: <199508150325.WAA08157@infocom.net> >How are these square roots? 9 is certainly not the square root of 11, nor is >8 the square root of 29, even modulo 35. What this means is that 9^2 mod 35 = 11, and 8^2 mod 35 = 29. See the list right above the chart that is confusing you. For example, it lists x^2 = 29 mod 35 has a solution: x = 8,13,22,27 So actually there are 3 other solutions... 13, 22, and 27 are also square roots of 29 mod 35. >[ 1/v vs. v-1] >Are these two expressions interchangeable Yes. >3)Speaking of errata, where can I find a copy? Hm... I forgot. I have one somewhere and will send it along if I find it. >Is it possible to predict the possible quadriatic residues, or is an Yes, you can use the Jacobi symbol to determine if a is a quadratic residue mod n. See page 207. >5)From what does Feige-Fiat-Shamir derive its security? Difficulty of factoring. -- Karl L. Barrus From agent at agents.com Mon Aug 14 21:05:25 1995 From: agent at agents.com (agent at agents.com) Date: Mon, 14 Aug 95 21:05:25 PDT Subject: You are being monitored Message-ID: <199508150404.AAA04907@qks.com> If anybody can determine who this came from pleez post a guess. This is an experiment from inside a program environment. I am serious. -- Tim May From carolab at censored.org Mon Aug 14 21:21:23 1995 From: carolab at censored.org (Censored Girls Anonymous) Date: Mon, 14 Aug 95 21:21:23 PDT Subject: You are being monitored In-Reply-To: <199508150404.AAA04907@qks.com> Message-ID: Whois yielded this: [usr5.primenet.com] (carolab): whois agents.com Software Agents (AGENTS-DOM) 12236 Brittania Cir Germantown, MD 20874 Domain Name: AGENTS.COM Administrative Contact: Houston, Bob (BH55) rkh at ACCESS.DIGEX.NET (301) 601-4362 Technical Contact, Zone Contact: Kern, Edward (EK6) ejk at DIGEX.NET 800-969-9090 301-847-5000 (FAX) 301-847-5215 Record last updated on 10-Jan-94. On Mon, 14 Aug 1995 agent at agents.com wrote: > > If anybody can determine who this came from pleez post a guess. > > This is an experiment from inside a program environment. I am serious. > > > > -- Tim May > Member Internet Society - Certified BETSI Programmer - WWW Page Creation ------------------------------------------------------------------------- Carol Anne Braddock <--now running linux 1.0.9 for your pleasure carolann at censored.org __ __ ____ ___ ___ ____ carolab at primenet.com /__)/__) / / / / /_ /\ / /_ / carolb at spring.com / / \ / / / / /__ / \/ /___ / ------------------------------------------------------------------------- A great place to start My Cyber Doc... From tcmay at got.net Mon Aug 14 21:23:48 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 14 Aug 95 21:23:48 PDT Subject: You are being monitored Message-ID: At 9:10 PM 8/14/95, agent at agents.com wrote: >If anybody can determine who this came from pleez post a guess. > >This is an experiment from inside a program environment. I am serious. > > > >-- Tim May Well, never mind, I guess. I don't think I added this, but I guess I did. So much for my experiment. My new SmalltalkAgents environment has a method for mailing from within a program environment, if a TCP/IP connection is open. This allows Smalltalk programs to directly send mail. On a Macintosh, this is not so trivial. The manufacturer is apparently acting as the collection point, and any name can be put into the From: field. --Tim ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jya at pipeline.com Tue Aug 15 05:32:27 1995 From: jya at pipeline.com (John Young) Date: Tue, 15 Aug 95 05:32:27 PDT Subject: CAT_tal Message-ID: <199508151232.IAA25456@pipe4.nyc.pipeline.com> 8-15-95. NYPaper. [fundie lab-work for quantum cryptomorrow.] "It's a Molecule. No, It's More Like a Wave. In theory, an amoeba can behave as a wave and interfere with itself. In a university laboratory, a subatomic search for Schrodinger's Cat." Scientists at the Massachusetts Institute of Technology recently completed an experiment that proves that an object at least as large as a molecule can be made to act like a light wave -- forcibly split into two component waves and separately manipulated, altered, recombined and analyzed. Dr. David E. Pritchard and his colleagues at M.I.T. remind skeptics that quantum theory permits any object to behave as either a particle or a wave, depending on how it is viewed. Dr. Pritchard's research and that of other teams around the world represent an explosion of scientific interest in interferometry, a centuries-old technique by which waves are split and made to interfere with themelves, revealing details of nature that are otherwise hidden. With a brilliant history of discovery behind it, interferometry seems poised for a new golden age. CAT_tal (about 15kb) From frissell at panix.com Tue Aug 15 06:19:29 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 15 Aug 95 06:19:29 PDT Subject: CoS Raid on "Copyright Terrorist" Message-ID: <199508151319.JAA18056@panix.com> At 09:28 AM 8/14/95 -0400, Futplex wrote: >Some CoS news: > >This past Saturday (95/08/12) a prominent Church of Scientology litigator, >Helena Kobrin, and some U.S. federal marshals raided the home of Arnaldo >Lerma, seizing pretty much all his computer hardware, disks, etc. So why is it that people insist on listing their home addresses with their ISP's rather than a mail receiving service or something else. It is very hard to raid a mail drop and obtain anything useful. While it is true that if you blow up buildings, the Fibbies may be able to find you, quite simple techniques can frustrate even quite dedicated private parties. DCF "We warned you mental defectives back in '65 that the socialized medicine offered by Medicare and Medicaid would be expensive, lousy, and eventually not there at all but you didn't believe us. Good luck." From stripes at va.pubnix.com Tue Aug 15 06:52:43 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Tue, 15 Aug 95 06:52:43 PDT Subject: Use of the IV in DES & stuffing the first block w/ random stuff Message-ID: I have recently started writing a small pair of encription and decription programs. I was planning of gennerating the key by taking the MD5 of the text password supplied by the user. Seeing that I have 64 bits left over (MD5 gives me 128 bits, single DES needs 56, tripple DES needs 168 - so I have a bit over 64 bits left in both cases), is there anything useful that I could do with them? Does setting the IV (normally left at zero) buy me anything? Does craming it into the first data block help protect me from known plaintext attacks? (I was going to use CBC so unless they know the first block they can't use a known plaintext attack, right?) Or am I better off putting the extra 64 bits of "key" into the IV, and gennerating a strong random number to stuff in the first block - since the decoder can just ignore that block anyway. (or should I ignore the IV, and stuffing random crud in the first block?) I don't recall Applyed Crypto. addressing these issues, but if I just managed to forget can someone remind me what chapter I need to re-read? From gate at id.WING.NET Tue Aug 15 06:59:50 1995 From: gate at id.WING.NET (The Gate) Date: Tue, 15 Aug 95 06:59:50 PDT Subject: The Spotlight In-Reply-To: Message-ID: Perry, just a brief correction to the original file > From: Duncan Frissell > To: cypherpunks at toad.com > Subject: Phone Card Risks > > One of the plethora of TV Magazine shows featured Tim McViegh and phone > cards last week. Maybe I should post to Risks. > > According to the story, Tim McViegh bought a bunch of phone cards from "The > Spotlight" (famous Klan paper) The Spotlight is more of a rogue faction CIA/FBI Constitutionalist paper than a Klan paper, by my reckoning. Sources available on request. From asgaard at sos.sll.se Tue Aug 15 07:30:11 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Tue, 15 Aug 95 07:30:11 PDT Subject: You are being monitored In-Reply-To: Message-ID: > The manufacturer is apparently acting as the collection point, and any name > can be put into the From: field. Then, effectively, Quasar is a new(?) kind of remailer. There was no got.net in the headers I could see. The next question is how they log incoming agents. Mats From cea01sig at gold.ac.uk Tue Aug 15 07:45:41 1995 From: cea01sig at gold.ac.uk (Sean Gabb) Date: Tue, 15 Aug 95 07:45:41 PDT Subject: Free Life article Message-ID: <8975.9508151445@gold.ac.uk> The article below, about money laundering, is taken from the latest issue of Free Life, the journal that I edit. If you like it and want to read more, send a $5 dollar bill to the Editorial address at the bottom of this text. If you want to read lots more, send me $20 for a four issue subscription. Comments always welcome! Sean Gabb Editor Free Life London 25th July 1995 A R T I C L E B E G I N S ===================================================================== International Efforts to Combat Money Laundering William C. Gilmore (ed.) Grotius Publications Limited, Cambridge, 1992, 335pp, 48 (pbk) (ISBN 0 521 46305 X) Money Laundering: A Practical Guide to the New Legislation Rowan Bosworth-Davies and Graham Saltmarsh Chapman & Hall, London, 1994, xii and 304pp, 49.50 (hbk) (ISBN 0 412 57530 2) The first of these books is a collection of treaties, plus other documents, concerned with the international fight against money laundering. The second explains how these treaties have been enacted into, and are enforced under, the laws of the United Kingdom. Both works will repay the closest study. In clear detail, they show the growth of what must be called a New World Order, and how, without some interposing cause, this may produce a universal slide into despotism. The fight against money laundering begins with realising that the "War on Drugs" has been lost. When goods are portable and easily concealed, and when demand for them is strong enough to bear almost any cost of bringing them to market, the main effect of prohibition will be to put a bounty on crime. For all the efforts of the past three generations, illegal drugs are available in most high security prisons. In much of the West, street prices have been stable or even falling since 1980. The official response, however, has not been to give in and legalise the trade, but to expand the War to a front where previously there had been few hostilities. While keeping up their efforts against the trade itself, the authorities have turned increasingly to confiscating its proceeds. This new approach has three alleged benefits: First, it will deprive criminals of their incentive to enter and remain in the trade; Second, it will allow the punishing of those in charge of the trade - people who never touch or see illegal drugs, but to whom the main profits ultimately flow; Third, it can make the War on Drugs self-supporting, and perhaps yield a surplus for other public spending. There is, however, one practical difficulty. Before the authorities can confiscate the money, they must find it. To do this, they must keep it from being merged beyond recall into the general flow of investment. This involves ending bank secrecy and imposing a mass of financial regulation. Now, most people - especially the rich - dislike having their lives pried into. Nor do banks like higher costs and limitations on what business they can do. And so, given the present freedom of capital markets, no government acting alone can afford a strict policy of confiscation. It would, sooner or later, cause a flight of transactions to more liberal places. The solution has been to try making everywhere in the world equally illiberal. Such was the purpose of the United Nations Convention Against Illicit Traffic in Narcotic Drugs and Narcotic Substances, signed in Vienna in December 1988 [full text in Gilmore, pp.75-97]. This is one of the most important international treaties of the past 50 years. It not merely requires its signatory states to criminalise the laundering of drug money, and to confiscate it where found, but lays down so far as possible a common wording for the criminal statutes, and a common mode of enforcement. It also requires full and prompt cooperation between the signatory states for the enforcement of these laws anywhere in the world. The Convention had little direct or immediate effect on British law. Many of its requirements, indeed, had already been met in the Drug Trafficking Offences Act 1986. Most others were only met in the Criminal Justice Act 1993, which enacts the European Community Directive of 1991 on the Prevention of the Use of the Financial System for the Purpose of Money Laundering [full text in Gilmore, pp.250-67]. This itself derives from the Vienna Convention only through the Council of Europe Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime 1990 [full text in Gilmore, pp.177-91]. Even so, this country is fast becoming a financial police state of the kind agreed at Vienna - and where the process cannot be traced to the Convention, it can be traced to the same international pressures of which the Convention is itself a result. Let me explain. When I talk about a New World Order, I do not mean some grand conspiracy of bankers, or Jews, or Illuminati, or even - with far more probability - the American Government. There are countries where policy is largely dictated from outside. But for rich and powerful countries, the truth is more complex. Most international obligations imposed on this country, for example, were not only consented to by our rulers, but were usually proposed by them, and are enforced by agencies in which our own countrymen often occupy senior positions. Where others see conspiracies, I see public choice economics. Whenever a government tries to do something dangerous or unnecessary, like banning drugs or educating the poor, it must set up an agency through which to spend the allocated funds. Once employed, the agents will - as if directed by an invisible hand - start to find more and more justifications for expanding their status and numbers. They collect the statistics. They know which ones to publish and which to hold back. They are the politicians' first and favoured source of advice. They have their pet journalists. They trade favours with the relevant interest groups. They know exactly how to give themselves a pleasing life, and how to see off threats to it. Unless the money runs out, or the public turns really nasty, they can write their own budget cheques. By natural extension, the same is now happening at the international level - though with potentially far worse consequences. In the first place, there is limitless money: budgets would need to swell unimaginably large to reach even one per cent of gross planetary product. In the second, public anger seldom crosses borders; and, if all else fails, the politicians and bureaucrats in one country can shelter behind the excuse of treaty obligations that cannot be unilaterally be cast off - not, at least, without consequences more horrible than words exist to describe. Third, the enforcement of international treaties means the growth of what is in effect an international bureaucracy. The local enforcers of a treaty may be citizens of the signatory states, who will live and work in their home countries, and may even occupy positions in the domestic administration. Yet these are people who, by virtue of the agreements they enforce, and the contacts they make and maintain in other countries, are members of an international order. And, in at least the case of money laundering, they will share an agenda that is often deeply hostile to their native institutions. This can be seen - expressed with almost naive honesty - in the book by Messrs Bosworth-Davies and Saltmarsh. Both are British police officers: the latter is a departmental head at the National Criminal Intelligence Service. Both take it for granted that the world needs an international police force. Both are unable to believe that anyone can disinterestedly object to the necessary harmonisations of law, and the corresponding abolition of Common Law protections. They "know one senior clearing banker who has described this [money laundering] legislation as the nearest thing he has experienced to 'McCarthyism'...".[p.172] Of course, they see things differently. The legislation discloses, on mature reflection, a set of carefully structured laws which, with good will, due diligence and a modicum of responsible attention from the industry as a whole, should not prove too burdensome. Indeed, the authors believe that some of the regulatory requirements have been diluted too much already, in a misguided attempt to placate the sensibilities of certain sectors of the industry....[Ibid.] With people like this advising the politicians and lecturing the rest of us, little wonder the Drug Trafficking Offences Act predates the Vienna Convention by two years! Though they will hotly disagree - and even perhaps consider a libel writ - Messrs Bosworth-Davies and Saltmarsh cannot be regarded as our countrymen. More at home in a gathering of Bulgarian or Filipino police chiefs than with any of us, they are foreigners with British passports. Somewhat less honest, though still interesting, is the Explanatory Report of the Committee of Experts who drafted the Council of Europe Convention [full text in Gilmore, pp.192-237]. Though formally subordinate to a committee of the various European Ministers of Justice, these experts plainly saw their first duty as lying elsewhere. Call it "the international community" or their own order, their duty was collective and not to any single country. Look at their dislike of the narrow focus of the Vienna Convention. They wanted something that would also allow confiscation for terrorist offences, organised crime, violent crimes, offences involving the sexual exploitation of children and young persons, extortion, kidnapping, environmental offences, economic fraud, insider trading and other serious offences. [Gilmore, p.204] But they had to concede that not every European country might like its own laws against these acts to be written by an international committee. And so they allowed each signatory state to reserve whatever of these acts to its own legislative process. The experts agreed, however, that such states should review their legislation periodically and expand the applicability of confiscation measures, in order to be able to restrict the reservations subsequently as much as possible. [Ibid.] And this is only the beginning. As yet, the shape of world government exists barely in outline. But the tendency ought to be plain. Power is moving from national - and mostly democratic - governments to unaccountable and even invisible bureaucracies. Liberal institutions that are often the work of ages are being hammered into the transmitters of unlimited power. We are beginning to known how people in the Greek city states felt after absorption into the Roman Empire. When the American militiamen cry out that the United Nations is about to invade in black helicopters and plant microcomputers in their bottoms, I am at least sceptical. This is not the New World Order that I see. What I do see is actually worse. We can shoot the helicopters down, and dig out the microcomputers, and put the ringleaders on trial. We can go about playing the hero of our choice from Star Wars. But in the real world, there is no Death Star to blow up - no Darth Vadar to push into the void. There is just a huge, elastic network of people, all acting in what they believe is the public good, most with some degree of public support. How this kind of despotism can be resisted is another question, and I have said enough already. But I will repeat - the books here reviewed do repay a very close study. At the very least, it is useful to see the enemy's future plan laid out in such detail. Sean Gabb ====================================================================== $$$$$$ $$$$$ $$$$$$ $$$$$$ $$ $$ $$$$$$ $$$$$$ $$ $$ $ $$ $$ $$ $$ $$ $$ $$ $$ $ $$ $$ $$ $$ $$ $$ $$$$ $$$ $$$$ $$$$ $$ $$ $$$$ $$$$ $$ $$ $ $$ $$ $$ $$ $$ $$ $$ $$ $ $$ $$ $$ $$ $$ $$ $$ $$ $ $$$$$$ $$$$$$ $$$$$$ $$ $$ $$$$$$ A Journal of Classical Liberal and Libertarian Thought Production: Editorial: c/o the Libertarian Alliance 123a Victoria Way 25 Chapter Chambers Charlton London SW1P 4NN London SE7 7NX Tel: **181 858 0841 Fax: **171 834 2031 E-mail: cea01sig at gold.ac.uk EDITOR OF FREE LIFE: SEAN GABB ______________________________________________________________________ How to subscribe: Send cheque for GBP10 or US$20 made out to the Libertarian Alliance. ====================================================================== FOR LIFE, LIBERTY AND PROPERTY ====================================================================== From adam at bwh.harvard.edu Tue Aug 15 08:02:12 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 15 Aug 95 08:02:12 PDT Subject: An article for Wired magazine In-Reply-To: <9508150158.AA12834@zorch.w3.org> Message-ID: <199508151501.LAA12164@bwnmr5.bwh.harvard.edu> P Hallam wrote: | The major problem with DigiCash is the patent portfollio. I don't | much like the idea of David Chaum replacing the government as the | controller of the money supply. Sorry, I just don't. Remember that the patents only last 17 years. (A few more, since some of the major ones are staggered, but not a long time. Governments tend to last longer than that.) -- "It is seldom that liberty of any kind is lost all at once." -Hume From jya at pipeline.com Tue Aug 15 09:29:24 1995 From: jya at pipeline.com (John Young) Date: Tue, 15 Aug 95 09:29:24 PDT Subject: PCryptoids Message-ID: <199508151629.MAA16751@pipe1.nyc.pipeline.com> A couple of cryptoids from PC Mag, 9-12-95: [Review excerpts] *Network Security, Private Communication in a Public World*, review by O. Ryan Tabibian The book is grouped into three parts: "Cryptography,' "Authentication," and "Electronic Mail." There is also a "Leftover" section, which covers security with popular network operating systems such as Microsoft Windows NT and NetWare. Most books fail to cover the difficult subject of cryptography effectively. *Network Security*, however, clearly describes the different cryptography methods -- such as secret key, hashing, and public-key cryptography -- as well as a variety of other technologies, including Diffie-Hellman and RSA. The second section, "Authentication," deals with how a system or persons you are communicating with can verify your identity. Verification schemes range from simple passwords to complex digital signatures. The authors do a remarkable job of describing and analyzing the variety of authentication methods. Since the majority of your access to the outside world is through e-mail, your messages are probably most vulnerable. The book covers some of the popular e-mail security schemes, such as public key and privacyenhanced mail. A brief overview of X.400 is also included. Overall this is perhaps the most comprehensive, yet easiest-to-understand book covering network security available. Network Security, Private Communication in a Public World, by Charlie Kaufman, Radia Perlman, and Mike Speciner, $46.00. Prentice Hall PTR, 800-947- 7700; ISBN: 0-13-061466-1. ----------- [Then, Bill Machrone muses on the utility of an electronic business cards. Excerpts:] Some of my correspondents want a magnetic stripe on the business card, pretty much like the one on your credit cards. Others want a bar code. Assuming that you don't use the back of your card for an alternative language, you've got several square inches back there, plenty of room for data. What will we use it for? The database stuff is the easy and obvious part. Since the computer industry and IS departments are likely to be the earliest adopters, it would be a simple matter to standardize on a format that the reader spits out for easy importation into just about anything. If the software and I/O devices are cheap enough, the rest of the world will come along -- and benefit. Authentication is a potentially huge application. In some South American countries, fraudulent representation is common. Crooks collect business cards from legitimate businesspeople and then misrepresent themselves to perpetrate a variety of scams. As a result, businesspeople commonly tear a corner of their card as they hand it to you. You don't trust a card that wasn't torn in front of you. A more elegant solution lies in a new Kodak technology that can encode your likeness in as little as 500 bytes, readable by your PDA, notebook, or desktop machines. You could also include a machine-readable version of your public encryption key, making it easy for people to send you secure communications. ---------- From tcmay at got.net Tue Aug 15 09:29:48 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 15 Aug 95 09:29:48 PDT Subject: Smalltalk Musings Message-ID: I have a few musings on Smalltalk and its possible role in themes of interest to many of us. First, a comment on the "mailer" I tried last night: At 2:24 PM 8/15/95, Mats Bergstrom wrote: >> The manufacturer is apparently acting as the collection point, and any name >> can be put into the From: field. > >Then, effectively, Quasar is a new(?) kind of remailer. >There was no got.net in the headers I could see. The >next question is how they log incoming agents. I discovered that the "-- Tim May" added to the end was by them, not me. Just coincidence that I usually add "--Tim May" or "-- Tim May" before my automatic sig block. This was an experimental mailer included--"for educational purposes"--in the latest Developer's Release of SmalltalkAgents. It has a few specific things hardwired into it, such as using qks.com as its SMTP server. Not a very effective remailer, as nothing cryptographically strong is included. However, it shows that more and more languages and environments are "speaking TCP/IP" and that integration of this stuff into high level language environments is here. Java and HotJava do similar things, perhaps even more powerfully. And obviously Unix/Linux tools are the standard here. A few words on Smalltalk, an old language that is gaining in popularity. (Smalltalk is doing pretty well for large projects. Several banks and trading firms have aggressive Smalltalk programs, preferring it to C++ for large, object-oriented projects. The company behind NetBank and NetCash, SoftwareAgents, is using SmalltalkAgents. The leader in Smalltalk is of course ParcPlace, which recently merged with Digitalk. Lots of info is available on Smalltalk on the Web.) The richness of Smalltalk lies in the extensive class libraries. Everything is an object, no exceptions. (My personal interest--my asbestos suit is now on--is in looking at economic exchanges and finding the classes and methods, sort of "the ontology of money," and working on implementing them.) A few words of history. Most of you know that the current "graphical user interface" (GUI) of the Macintosh and (more recently) Windows and X, etc., goes back to two main sources: the Xerox work by Aland Kay, Dan Ingalls, and others on Smalltalk and the Xerox and MIT work on Lisp Machines. The machines from Xerox Parc in the late 70s had the features we now think of as central: bit-mapped screen, windows, menus, pop-up dialogs, mouse and movable cursor, variable fonts, etc. (And the Xerox Parc folks were of course influenced by the work of others, including Doug Engelbart at Stanford Research Institute and the object-oriented language Simula.) I'm not advocating that anyone use Smalltalk. Use what feels right, or what your companies and groups expect. C++ is without doubt the most popular. But diversity is good, so Python, Java, C+@, TCL, Lisp, Smalltalk, Perl, Eiffel, Scheme, and even REXX all have roles to play, especially in specfic situations. If Tim Berners-Lee and Marc Andreessen had dropped "hypertext" when it was "dead and buried," where would we be today? More info on SmalltalkAgents and their other products can be found at http://www.qks.com/ . The Macintosh version is currently their only supported platform, with a Windows NT (maybe Win '95, but doubtful) version due later this year, and various Unix versions due after that. They have some advances over ParcPlace's VisualWorks, but their longterm success is not assured. Nor is my longterm success assured. :-} -TCM ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From kutek at ios.com Tue Aug 15 09:43:34 1995 From: kutek at ios.com (No Name) Date: Tue, 15 Aug 95 09:43:34 PDT Subject: VIACRYPT =money for Phil Z ??? Message-ID: <2NLMwQSYSH4F084yn@ios.com> Does anyone know if PKZ get's any royalties from the sale of Viacrypt- it is after all his code, isn't it?.Or is the Viacrypt source entirely different ? Speaking of which code, has Viacrypt been "verified" in any way by some independent agency? From stewarts at ix.netcom.com Tue Aug 15 10:47:52 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 15 Aug 95 10:47:52 PDT Subject: My pseudo-anonymous dream list (fwd) Message-ID: <199508151744.KAA08592@ix7.ix.netcom.com> At 02:26 PM 8/15/95 GMT0BST, Kev wrote: >> I've heard this criticism of PGP before, but I don't quite understand it. >> PGP is free. Why not just upgrade to version 2.6? > >Easy to say not so easy to do if your outside the USA/Canada. Quite easily done. ftp.ox.ac.uk has a good collection of PGP versions. (Oh, no! Somehow these crafty foreigners managed to smuggle munitions out of the country right under the nose of our intelligence services! :-) PGP 2.6.i was written to be a 2.6-compatible version for non-US use, or you can use the 2.6.2 source code with RSAEuro instead of RSAREF and not violate your government's copyright rules. The reason PGP 2.6 is incompatible with 2.4 and earlier versions is that it let MIT make PKP happier about letting them use RSAREF, which gave them patent-legitimacy in the US. (Incompatibilities between earlier versions could be blamed on gratuituous attempts at standards-compatibility...) >However my point may be underlined by a little example :- [Example deleted.] Also, the code has been set up so that new versions can read files written by old versions, and can write files in old-format when needed; I assume the developers will continue this approach any time they make incompatible changes. But the big differences in 3.0 will be libraryizing the code - one effect is that people will be able to build their own PGP-based tools more easily than before, but aren't forced to include the whole package, so people may end up building incompatible parts using the libraries. Some of this is unavoidable - e.g. an encrypted telnet won't talk to a batch file encryptor, but they should still be using the same signature code for session-keys (or DH-halfkeys). #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- Storyteller makes no choice - soon you will not hear his voice. His job was to shed light, and not to master. RIP, Jerry From stewarts at ix.netcom.com Tue Aug 15 10:48:06 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 15 Aug 95 10:48:06 PDT Subject: VIACRYPT Message-ID: <199508151744.KAA08566@ix7.ix.netcom.com> At 10:47 AM 8/15/95 -0400, No Name wrote: >Does anyone know if PKZ get's any royalties from the sale of Viacrypt- >it is after all his code, isn't it?. Or is the Viacrypt source entirely >different ? >Speaking of which code, has Viacrypt been "verified" in any way by >some independent agency? The RSA code in ViaCrypt 2.4 is different from the PGP code; most of the rest is the same. The documentation includes a note from Phil, and I think the code is signed by him. You can trust it. As far as money goes, I don't know their financial arrangements. My copy has a pretty low serial number; I hope they've sold enough to make some bucks. The Windows version of 2.7.1 is substantially different - it's got a GUI interface, with a shell-like piece underneath that looks more like vanilla PGP. The Preface says it's using ViaCrypt's DigiSig+ RSA implementation, the IDEA implementation is licensed from Ascom-Tech AG, the compression code is from Info-Zip bt Mark Adler and Jean-loup Gailly, and they've licensed Phil Zimmermann's PGP(tm) for the remainder. They also acknowledge that lots of people contributed, including Branko Lankester and Peter Gutmann. The code is signed by ViaCrypt, and their key is signed by Phil. The documentation is substantially rewritten, mostly for the GUI part. The examples are somewhat amusing (removing a signature from a key for Bill Haydon ....) #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- Storyteller makes no choice - soon you will not hear his voice. His job was to shed light, and not to master. RIP, Jerry From jp at jep.pld.ttu.ee Tue Aug 15 10:56:14 1995 From: jp at jep.pld.ttu.ee (Jyri Poldre) Date: Tue, 15 Aug 95 10:56:14 PDT Subject: CAT_tal In-Reply-To: <199508151232.IAA25456@pipe4.nyc.pipeline.com> Message-ID: CAT_tal (about 15kb) From rjc at clark.net Tue Aug 15 11:01:36 1995 From: rjc at clark.net (Ray Cromwell) Date: Tue, 15 Aug 95 11:01:36 PDT Subject: CoS Raid on "Copyright Terrorist" In-Reply-To: <199508151319.JAA18056@panix.com> Message-ID: <199508151800.OAA07537@clark.net> > > At 09:28 AM 8/14/95 -0400, Futplex wrote: > >Some CoS news: > > > >This past Saturday (95/08/12) a prominent Church of Scientology litigator, > >Helena Kobrin, and some U.S. federal marshals raided the home of Arnaldo > >Lerma, seizing pretty much all his computer hardware, disks, etc. > > So why is it that people insist on listing their home addresses with their > ISP's rather than a mail receiving service or something else. It is very > hard to raid a mail drop and obtain anything useful. While it is true that > if you blow up buildings, the Fibbies may be able to find you, quite simple > techniques can frustrate even quite dedicated private parties. One of the reasons I used to receive all my mail at the "FSF" machines (GNU.AI.MIT.EDU) was because I had a completely anonymous account. I had the GNU account long before the FSF started registering people's name/phones, and I used to telnet into GNU from several completely open annexes in Maryland. (the colleges would allow you to simply telnet from the terminal server to anywhere with no restrictions. This was back in 88-89 when the internet wasn't as big. Of course, they shut it off later when outside users started busying up the lines) And since I had root on the system, I could delete the logs recording which IP addresses I was coming from. Nowadays, a $10-20/mo maildrop at places like "Mailboxes, Etc" works fine. (although there's still the possibility of them nabbing you when you go to pick up the mail) -Ray From adwestro at ouray.cudenver.edu Tue Aug 15 11:15:22 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Tue, 15 Aug 95 11:15:22 PDT Subject: VIACRYPT =money for Phil Z ??? In-Reply-To: <2NLMwQSYSH4F084yn@ios.com> Message-ID: On Tue, 15 Aug 1995 10:47:18 -0400, kutek at ios.com (No Name) wrote: > Does anyone know if PKZ get's any royalties from the sale of Viacrypt- > it is after all his code, isn't it?.Or is the Viacrypt source entirely > different ? He gets a small royalty. I glanced at the August '95 "Internet World" article without buying the mag :-) and in it prz says his ViaCrypt royalty doesn't even pay his phone bill. (Dunno how much his phone bill is, tho.) Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 From m5 at dev.tivoli.com Tue Aug 15 11:18:29 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Tue, 15 Aug 95 11:18:29 PDT Subject: CoS Raid on "Copyright Terrorist" In-Reply-To: <199508151319.JAA18056@panix.com> Message-ID: <9508151817.AA03464@vail.tivoli.com> Ray Cromwell writes: > Nowadays, a $10-20/mo maildrop at places like "Mailboxes, Etc" works fine. Mailboxes Etc. insists on getting a picture ID; at least they did last time I checked. Some smaller mom&pop places will take a business card (time to break out your Jim Rockford Business Card Fabrication Kit). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From stewarts at ix.netcom.com Tue Aug 15 13:44:22 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 15 Aug 95 13:44:22 PDT Subject: Use of the IV in DES & stuffing the first block w/ random stuff Message-ID: <199508152039.NAA15590@ix7.ix.netcom.com> At 09:52 AM 8/15/95 -0400, you wrote: >I have recently started writing a small pair of encription and >decription programs. I was planning of gennerating the key by >taking the MD5 of the text password supplied by the user. A reasonable approach, but be careful in your implementation. I haven't seen the book "A Million Wimpy Passwords and their MD5s" yet, but the CD-ROM version may be out soon :-) And you can probably ftp it from dockmaster. >Seeing that I have 64 bits left over (MD5 gives me 128 bits, single >DES needs 56, tripple DES needs 168 - so I have a bit over 64 bits >left in both cases), is there anything useful that I could do with them? > >Does setting the IV (normally left at zero) buy me anything? IVs are designed to let you put random stuff in them to discourage known-plaintext attacks, replay attacks, etc. However, suppose you take a known 64 bits from MD5(password) and put them in the IV - instead of the Bad Guy needing to brute-force 168-bit-deep Triple DES, he gets to brute force MD5s of human-selected passwords instead, which makes a lot of pre-computation possible. Also, for 3-Key Triple-DES, how do you get 168 bits of key from 128bits of MD5? (for 2-Key 3-DES, you only need 112 bits...) If you do something like M1=MD5(Key), M2=MD5(M1,Key), realize you've got at most 128 bits of real key instead of 168, though that probably needn't worry you too much... >Does cramming it into the first data block help protect me from >known plaintext attacks? (I was going to use CBC so unless they >know the first block they can't use a known plaintext attack, right?) Won't hurt, as long as you remember to remove it on the decrypt-end. >Or am I better off putting the extra 64 bits of "key" into the IV, >and generating a strong random number to stuff in the first block >- since the decoder can just ignore that block anyway. Put the strong random number in the IV, if you've _got_ a source of strong random numbers... You might want to do something fancy like choose a random salt, use the salt for the IV, and use MD5(salt,human-selected-key) for the key. This makes pre-computation much less useful (unless you're careless and use MD5(key,salt) instead if MD5(salt,key)...), and means that you use a different session key for each batch of stuff you encrypt, even though you're using the same key. If you're paranoid about replay attacks, you could let some of the bits of the salt be random and some be a counter, and never accept a key smaller than the one from the previous successfully-decrypted message. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- Storyteller makes no choice - soon you will not hear his voice. His job was to shed light, and not to master. RIP, Jerry From s5cromw at watson.ibm.com Tue Aug 15 13:51:27 1995 From: s5cromw at watson.ibm.com (Ray Cromwell) Date: Tue, 15 Aug 95 13:51:27 PDT Subject: Object Oriented Crypto API In-Reply-To: <199508031625.JAA11761@jobe.shell.portal.com> Message-ID: <9508152050.AA21250@play.watson.ibm.com> Sorry I took so long to respond. Hal wrote: > I enjoyed Ray's message about the crypto library interface. I haven't > had time to study it closely, but I have a couple of quick comments: > > I thought Wei's library looked pretty easy to use already. Maybe Ray > could show an example of what would be needed with Wei's library to do > some "typical" crypto function, say encrypting a message with someone > else's RSA key. Then we could compare it with how the same function > would look with Ray's proposed interface. Wei's library is easy to use from a certain standpoint. It depends on a ASN.1 stream paradigm to stack cryptographic layers. However, I think it is lacking in certain areas which makes it difficult to use, and it is completely missing many functions such as key distribution and management. To RSA encrypt with Wei's library, you have to open the key file (or read it into memory somehow), and instantiate a "BufferedTransformation" which is a sort of internal stream library. Then you construct a RSAPublicKey object around the BufferedTransformation, then you generate a random blockcipher key, and tell the RSAPublicKey object to encrypt it. Next, you encode your plaintext with the block cipher separately using the blockcipher key. I'm going to ignore the actual syntax of Wei's library for the moment (because I don't remember it) and use pseudo code. key_data_stream = FileSource("publickey.data") /* like ifstream() */ RSAPublicKey rsa_object(key_data_stream); random_blockcipher_key = /* generate the key somehow, note, key generation is not standardized across all encryption algorithms, so the application writer must know how to generate the session key manually */ rsa_object.Encrypt(random_blockcipher_key, encryptedkey); DESEncryption desenc(random_blockcipher_key); desenc.ProcessBlock(plaintext, ciphertext); /* write "encryptedkey" and "ciphertext" somewhere */ Under my scheme, it would look something like this /* we are given PlainText p, a KeyID which is of the format KeyID ::= identifier ['::' keyserver] identifier ::= RFC822_EMAIL_ADDR | HEX_STRING; keyserver ::= FULLY_QUALIFIED_DOMAIN_NAME; example: "Ray Cromwell" ::keyserver.com we are doing RSA encryption with DES */ DESEncryptionAlgorithm des; RSAEncryptionAlgorithm rsa(des); Encrypt(rsa, KeyId, p, c); Here's the explaination of what's going on underneath (refer to my OO Crypto API article if needed) DES is a BlockCipherEncryptionAlgorithm (child of EncryptionAlgorithm) RSA is a PublicKeyEncryptionAlgorithm (also a child of EncryptionAlgorithm) that expects to be constructed with a BlockCipherEncryptionAlgorithm because it uses a blockcipher as the underlying encryption technique and only encrypts the session key. Any old BlockCipherEncryptionAlgorithm will do, DES, IDEA, etc. RSA doesn't care. Encrypt() is a global function which takes as its first argument an EncryptionAlgorithm, second, a KeyID, and third/fourth a plaintext and ciphertext tokenized stream (to be explained later). Encrypt() doesn't care what the cryptosystem is, it's a single entry point for the application developer. Encrypt's pseudocode looks like this Encrypt(EncryptionAlgorithm encalg, KeyID kid, Plaintext p, Ciphertext c) { KeyDomain kdom=encalg.GetKeyDomain(kid); EncryptionKey ek = GetKey(kdom, kid); encalg.encrypt(ek, p, c); } Line 1 asks the EncryptionAlgorithm (whatever type it really is), to return a KeyDomain for that cryptosystem. A KeyDomain is an abstract universal object for fetching any key type from any place. It could for instance, be fetching the key from a disk file, from an email signature, or am internet key server. Line 2 calls a global key management function GetKey which queries a KeyDomain with the KeyID to return an EncryptionKey. Line 3 calls the encrypt function on the EncryptionAlgorithm. I have toyed with other interfaces. For instance, since we want to support the definition of new KeyDomain types, we really should allow an overloaded Encrypt where the EncryptionKey is passed as an argument, so that the application developer can use third party KeyDomains. Every EncryptionAlgorithm (hereafter abbreviated EA, where DA is a DecryptionAlgorithm) knows how to generate a KeyPair which contains an encryption and decryption key such that DA(keypair.decryption_key, EA(keypair.encryption_key, plaintext)) == plaintext Whether the cipher is symmetric or not is irrevelent. The RSAEncryptionAlgorithm encrypt() function basically calls generate_key() on the block cipher and uses that as the session key. Application developers are shielded from the representation of keys and the generation of them. The real dream is to have a generic crypto library which can encrypt anything using any algorithm fetching keys from any medium and reading and writing any valid crypto file format. Application developers could write code to operate on PGP file formats, RSAREF, PEM, or anything without having to know anything about those formats at all. The only thing that is standardized is the KeyID format. Sort of a Universal Resource Name (URN) for key identification. Perhaps "key://keyserver.domain/keyid" would be better. Reading and Writing any file format ----------------------------------- How would an application be able to operate on a RIPEM message, and a PGP file without knowing about the format of either? The general scheme is to use a tokenized stream which records what has been done to the plaintext, and then some stream encoding objects which "map" the stream to the local format as long as the stream is consistent with the algorithms the file format supports. Think of the stream as a string in a regular language (in the sense of automata theory). The stream "mapper" is a deterministic finite automaton which processes the "string" (the stream tokens) and determines 1) whether the string is acceptable by the language (file format) it's mapping to, and 2) generates side effects which write out the format to a buffer or file. Consider the following symbol set, S={ RSA_ENCRYPTION, PUBLICKEY_REF, DES_ENCRYPTION, IDEA_ENCRYPTION } A tokenized stream might look like RSA_ENCRYPTION PUBLICKEY_REF [pkey data] [encrypted session key] DES_ENCRYPTION [ciphertext] A PGPEncoder would reject this stream because it doesn't use IDEA. Encoders would have the job of verifying consistency of the stream with the underlying file format, and also whether or not the stream was encoded properly in the first place. If the stream is invalid, exceptions are thrown. If some tokens are missing (such as a timestamp), the Encoder can supply them. > The other point is that there needs to be the ability to encrypt only > a bit of a message at a time. Particularly with public key the first > message may be special in that it generates a session key which is used > for the remainder. So an interface for piecewise encryption and > decryption is necessary. The way to do this is to provide secondary interfaces across all Algorithms which allow the operations of Init, Update, and Finalize, much like RSA's MD5 interface operates. -Ray >From owner-cypherpunks Tue Aug 15 15:06:28 1995 From gt7508b at prism.gatech.edu Tue Aug 15 15:06:28 1995 From: gt7508b at prism.gatech.edu (PHrEaK!) Date: Tue, 15 Aug 95 15:06:28 PDT Subject: Purple Boxes In-Reply-To: <199508112044.NAA12959@netcom19.netcom.com> Message-ID: <199508152206.SAA23244@acmex.gatech.edu> > it would be called the "purple box" because I have not heard > of any other devices called "purple boxes" (i.e. this string > in the "colorful" hacker namespace does not seem to be used up yet) > and also the famous WWII compromised japanese diplomatic codes > were called Purple. This isn't very important, but there actually is a purple box, but like many boxes hogging up "colorspace" this one isn't too exciting. Its a telephone hold button... (woo woo) > one of the problems is that serious crypto chips are pretty > expensive. but an analog scrambler would actually be a decent > start on all this, and I bet it could be built pretty cheaply. Does anyone know of sources for des chips??? Are there any public key chips out there??? Has anyone ever tried putting PGP on a chip??? RSA??? (Are these too slow for realistic real time hardware voice/data encryption??) I know a little about digital electronics (I am a computer engineering student) and I would love to get some data books and see if I could come up with a secure "encryption box" that people could build. Obviously such things are available from AT&T, etc... but they come at a premium due to the fact that people who need such security normally have the cash for it. I little public key encryption box that is arguably easy to construct and costs less than $50 in parts would catch on fast in the hacker world. At that point, someone would go into business selling the things, as compaines did with blue boxes (remmeber how apple computers got started?) and red boxes (look in 2600 marketplace.) Please anyone send me info on possible vendors/databooks and I will definately look into this. -- =-=-=-=-=-=-= Tom Cross AKA The White Ninja / Decius 6i5 */^\* -=-=-=-=-=-=-=- -=-=-=-=-=- TWN615 at mindvox.phantom.com GT7508B at prism.gatech.edu =-=-=-=-=-=-= =- "Government is not a reason, not an eloquence; it is a force. Like fire, =- -=- it is a dangerous servant and a fearful master." -- George Washington -=-= From stripes at va.pubnix.com Tue Aug 15 15:41:16 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Tue, 15 Aug 95 15:41:16 PDT Subject: Use of the IV in DES & stuffing the first block w/ random stuff In-Reply-To: <199508152039.NAA15590@ix7.ix.netcom.com> Message-ID: In message <199508152039.NAA15590 at ix7.ix.netcom.com>, Bill Stewart writes: >At 09:52 AM 8/15/95 -0400, you wrote: >>I have recently started writing a small pair of encription and >>decription programs. I was planning of gennerating the key by >>taking the MD5 of the text password supplied by the user. > >A reasonable approach, but be careful in your implementation. >I haven't seen the book "A Million Wimpy Passwords and their MD5s" yet, >but the CD-ROM version may be out soon :-) And you can probably >ftp it from dockmaster. I don't know what can be done here other then encuraging the user to use a long password. [...] >IVs are designed to let you put random stuff in them to discourage >known-plaintext attacks, replay attacks, etc. However, suppose you >take a known 64 bits from MD5(password) and put them in the IV - >instead of the Bad Guy needing to brute-force 168-bit-deep Triple DES, >he gets to brute force MD5s of human-selected passwords instead, >which makes a lot of pre-computation possible. Don't I need to know what goes into the IV? I can't just stick random stuff in it - I need to stick something that is a function of the passphrase into it (or make the user remember something my program spits out). >Also, for 3-Key Triple-DES, how do you get 168 bits of key from >128bits of MD5? (for 2-Key 3-DES, you only need 112 bits...) >If you do something like M1=MD5(Key), M2=MD5(M1,Key), realize >you've got at most 128 bits of real key instead of 168, >though that probably needn't worry you too much... Oh, I was going to do a MD5 of half of the passphrase to get one key pair, then MD5 the other half to get another key, and that left about 64 bits to play with.... [...] >>Or am I better off putting the extra 64 bits of "key" into the IV, >>and generating a strong random number to stuff in the first block >>- since the decoder can just ignore that block anyway. >Put the strong random number in the IV, if you've _got_ a source >of strong random numbers... Don't I need to reproduce the same IV during the decryption? >You might want to do something fancy like choose a random salt, >use the salt for the IV, and use MD5(salt,human-selected-key) for the key. >This makes pre-computation much less useful (unless you're careless >and use MD5(key,salt) instead if MD5(salt,key)...), and means that >you use a different session key for each batch of stuff you encrypt, >even though you're using the same key. If you're paranoid about replay >attacks, you could let some of the bits of the salt be random and some >be a counter, and never accept a key smaller than the one from the >previous successfully-decrypted message. Hmmmm, so I should put the salt in the clear at the start of the file? This looks like an intresting idea. (it occurs to me that I never mentioned what my "sample application" was - I was thinking of encryption backup tapes so they can safely be transported off site and stored.) From prm at rome.isl.sri.com Tue Aug 15 15:43:50 1995 From: prm at rome.isl.sri.com (Philip R. Moyer) Date: Tue, 15 Aug 95 15:43:50 PDT Subject: RC4 key search report Message-ID: <9508152243.AA17885@toad.com> Are there any technical reports available describing the RC4 key search efforts? I am interested specifically in number of machines (compute power) and time to completion. Cheers, Phil From stripes at va.pubnix.com Tue Aug 15 15:49:49 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Tue, 15 Aug 95 15:49:49 PDT Subject: Purple Boxes In-Reply-To: <199508152206.SAA23244@acmex.gatech.edu> Message-ID: In message <199508152206.SAA23244 at acmex.gatech.edu>, PHrEaK! writes: [...] >> one of the problems is that serious crypto chips are pretty >> expensive. but an analog scrambler would actually be a decent >> start on all this, and I bet it could be built pretty cheaply. >Does anyone know of sources for des chips??? CEI makes a "Super Crypt Chip" that does single and tripple DES, I beleve you can clock it at 25Mhz and get 32bits of cyphertext out per cycle in single DES mode, it is somewhat slower (but not three times slower) in tripple DES mode. I beleve that's what UUNET uses in their LanGuardian product. I have the spec sheet in a box somewhere if anyone needs the part number. Definitly more then fast enough to encrypt voice traffic. >Are there any public key chips out there??? I think NEC makes one. I know AT&T makes one. DEC had some, but they may not have been a comercial product. Sorry I don't have part numbers, and havn't read a spec sheet for any of them. >Has anyone ever tried putting PGP on a chip??? RSA??? (Are these too >slow for realistic real time hardware voice/data encryption??) DEC had a chip in the lab that could RSA encrypt/decrypt at a rather hiigh speed, unfortunitly I don't recall the speed - something like a DS0's worth (or it may have as low as 32Kbits/sec worth) - less then a T1. I have no doubt that there are some very fast hardware IDEA chips (which is what I think you need to make go fast to get a hardware PGPphone to go fast - well the codec as well) >I know a little about digital electronics (I am a computer engineering >student) and I would love to get some data books and see if I could >come up with a secure "encryption box" that people could build. >Obviously such things are available from AT&T, etc... but they come at >a premium due to the fact that people who need such security normally >have the cash for it. I little public key encryption box that is >arguably easy to construct and costs less than $50 in parts would >catch on fast in the hacker world. At that point, someone would go into >business selling the things, as compaines did with blue boxes (remmeber >how apple computers got started?) and red boxes (look in 2600 marketplace.) >Please anyone send me info on possible vendors/databooks and I will definately >look into this. I'm afarid it won't be $50 worth of parts untill you start buying thousands of chips at once. From frissell at panix.com Tue Aug 15 16:51:56 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 15 Aug 95 16:51:56 PDT Subject: CoS Raid on "Copyright Terrorist" Message-ID: <199508152000.QAA14285@panix.com> At 01:17 PM 8/15/95 CDT, Mike McNally wrote: >Mailboxes Etc. insists on getting a picture ID; at least they did last >time I checked. Some smaller mom&pop places will take a business card >(time to break out your Jim Rockford Business Card Fabrication Kit). I always supply picture ID these days. It's really rough getting those cold lamination-Employee ID kits from Office Depot, taking the polaroid on a blue background, trimming the photo, and assembling the employment ID. I'm one of my best employees. Don't forget to include your EMP_NO. It gives the clerk something to write down. DCF "Governments are simply not fully sovereign in the world of information; their powers within it are strangely limited....This weakness of government control within computer nets--a product of strongly protected privacy, a lack of frontiers and confusions of jurisdiction--make them natural places for subversion." -- The Economist "Softwar--A Survey of Defence Technology" From jya at pipeline.com Tue Aug 15 17:22:50 1995 From: jya at pipeline.com (John Young) Date: Tue, 15 Aug 95 17:22:50 PDT Subject: TYM_eup Message-ID: <199508160022.UAA13728@pipe3.nyc.pipeline.com> Time magazine of Augst 21 has a breathless cover story on cyber war, infowar and farside warriors, with a piece on a Rocky Horror Rand war game. Someone who knows the URL for Time articles may want to wave it. Or, for squeamish ossifragers who do not want to be IDed at the Time stakeout: TYM_eup (about 36kb in 2 parts) From shamrock at netcom.com Tue Aug 15 17:22:57 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 15 Aug 95 17:22:57 PDT Subject: Purple Boxes Message-ID: <199508160020.UAA15367@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199508152206.SAA23244 at acmex.gatech.edu>, gt7508b at prism.gatech.edu (PHrEaK!) wrote: >Does anyone know of sources for des chips??? >Are there any public key chips out there??? >Has anyone ever tried putting PGP on a chip??? RSA??? (Are these too >slow for realistic real time hardware voice/data encryption??) >I know a little about digital electronics (I am a computer engineering >student) and I would love to get some data books and see if I could >come up with a secure "encryption box" that people could build. I don't know off the top of my head who makes DES and RSA chips. I am sure there are many manufactors of DES chips. Try TI, National, and Motorola. I belive that Schneier has a list of RSA chip makers. For the DSP part of a "bump in the cord" encrytion box, you want to get the "TI TMS320 Family Development Support" booklet by calling (800) 477-8924. You also want to look at Motorola's 68000 CPU, DSP, and controller on one chip. I can't recall the exact product number. Just call Motorola and ask for it. Have fun, - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDE5iSoZzwIn1bdtAQETkgGAjfPRJ09tGSauoSSWuaQiBqeVjI0sWXWH vJ5Ft3efVPBaZTEMXh0Q4MOkH23ot3hS =FJ9y -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Aug 15 17:29:30 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 15 Aug 95 17:29:30 PDT Subject: Purple Boxes Message-ID: <199508160026.UAA15442@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199508152206.SAA23244 at acmex.gatech.edu>, gt7508b at prism.gatech.edu (PHrEaK!) wrote: >Does anyone know of sources for des chips??? >Are there any public key chips out there??? >Has anyone ever tried putting PGP on a chip??? RSA??? (Are these too >slow for realistic real time hardware voice/data encryption??) >I know a little about digital electronics (I am a computer engineering >student) and I would love to get some data books and see if I could >come up with a secure "encryption box" that people could build. I don't know off the top of my head who makes DES and RSA chips. I am sure there are many manufactors of DES chips. Try TI, National, and Motorola. I belive that Schneier has a list of RSA chip makers. For the DSP part of a "bump in the cord" encrytion box, you want to get the "TI TMS320 Family Development Support" booklet by calling (800) 477-8924. You also want to look at Motorola's 68000 CPU, DSP, and controller on one chip. I can't recall the exact product number. Just call Motorola and ask for it. Have fun, - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDE67ioZzwIn1bdtAQGdwQF+MnhFo72hoxjAzESO/MksNE1QKNys35Tp zJZJxng6FOxikLO01FjmKR32A47Pq7cK =in6Q -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Aug 15 17:31:31 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 15 Aug 95 17:31:31 PDT Subject: Purple Boxes Message-ID: <199508160028.UAA15477@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article , stripes at va.pubnix.com ("Josh M. Osborne") wrote: >I'm afarid it won't be $50 worth of parts untill you start buying >thousands of chips at once. For a single device, count on spending ~$400 for hardware. In large volumes, you should be able to go below $150. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDE7oCoZzwIn1bdtAQFxAAF/YIJPuO5siDuspQhDGf6u+nks1lXfjCj9 z/NZFxQkVsDVv/GvQnPdPKYYr144eVuE =57Vm -----END PGP SIGNATURE----- From die at pig.die.com Tue Aug 15 19:47:54 1995 From: die at pig.die.com (Dave Emery) Date: Tue, 15 Aug 95 19:47:54 PDT Subject: Purple Boxes In-Reply-To: <199508160020.UAA15367@bb.hks.net> Message-ID: <9508160230.AA01456@pig.die.com> Lucky Green writes : > > In article <199508152206.SAA23244 at acmex.gatech.edu>, > gt7508b at prism.gatech.edu (PHrEaK!) wrote: > > >Does anyone know of sources for des chips??? > >Are there any public key chips out there??? > >Has anyone ever tried putting PGP on a chip??? RSA??? (Are these too > >slow for realistic real time hardware voice/data encryption??) > >I know a little about digital electronics (I am a computer engineering > >student) and I would love to get some data books and see if I could > >come up with a secure "encryption box" that people could build. > > I don't know off the top of my head who makes DES and RSA chips. I am > sure there are many manufactors of DES chips. Try TI, National, and > Motorola. I belive that Schneier has a list of RSA chip makers. > I'm quite convinced that with a fast microcontroller and especially a really fast DSP engine you can do both 3-DES and idea in the same hardware that does the rest. You need only to encrypt somewhere between 9.6 kbits and 16 kbits per second or between 1 and 2 kbytes/sec or 125 to 250 block encryptions per second which is lots less than 100+ kbytes/second people have been getting for DES file encryption on high end PC class processors. And a good DSP core carefully programmed is probably quite comparable to the performance of a DX-4 or mid range Pentium on algorithms such as DES, idea or even RC4. I should think realistically there should be a lot of bandwidth left over for the voice compression - for the encryption you might possibly be talking 5% of the dsp cpu if you use a 50 mhz part. And while RSA is nice, it has usually been confined to key exchange because it so slow. There are hardware versions of RSA that will work at modem speeds or better with reasonable moduluses but this is specialized VLSI hardware and as far as I have ever noticed is not available cheaply as is the kind of DSP used for V.34 modems. And certainly doing key exchange RSA on a dsp or 32 bit microcontroller is reasonable if it only adds a second or two of call setup. > For the DSP part of a "bump in the cord" encrytion box, you want to get > the "TI TMS320 Family Development Support" booklet by calling (800) > 477-8924. You also want to look at Motorola's 68000 CPU, DSP, and > controller on one chip. I can't recall the exact product number. Just call > Motorola and ask for it. > I reiterate my suggestion of a few months ago that one could quite easily adapt the firmware on one of the new simultanious data and digital voice on the same phone line modems to incorperate encryption, and quite possibly encryption/key exhange interoperable with some mode of PGPphone. Doing this would relieve one of the need to develop or manufacture any hardware at all - all that would be required to have a portable "bump in the cord" encrypter widely available for a low price would be creating a new version of the downloadable flash ROM image that did encryption and PGPphone key exchange. Dave Emery die at die.com From shamrock at netcom.com Tue Aug 15 20:12:47 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 15 Aug 95 20:12:47 PDT Subject: Purple Boxes Message-ID: At 22:30 8/15/95, Dave Emery wrote: > I'm quite convinced that with a fast microcontroller and >especially a really fast DSP engine you can do both 3-DES and idea in >the same hardware that does the rest. [...] > I should think realistically there should be a lot of bandwidth >left over for the voice compression - for the encryption you might >possibly be talking 5% of the dsp cpu if you use a 50 mhz part. I agree. You can easily do encryption and compression on the same chip. There is no need for a separate DES/RSA chip. I only included some possible DES chip manufactors, because the original poster asked for them. -- Lucky Green PGP encrypted mail preferred. From monty.harder at famend.com Tue Aug 15 20:39:26 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Tue, 15 Aug 95 20:39:26 PDT Subject: An article for Wired magazine Message-ID: <8AF3490.0003000322.uuout@famend.com> PE> kilos of gold in it if $50,000 in cash doesn't suit your tastes. I PE> defy governments to eliminate gold as well as paper currency. Um. Didn't FDR try that? * Free will made me do it! --- * Monster at FAmend.Com * From perry at piermont.com Tue Aug 15 20:41:58 1995 From: perry at piermont.com (perry at piermont.com) Date: Tue, 15 Aug 95 20:41:58 PDT Subject: Purple Boxes In-Reply-To: <9508160230.AA01456@pig.die.com> Message-ID: <199508160341.XAA16498@frankenstein.piermont.com> "Dave Emery" writes: > I reiterate my suggestion of a few months ago that > one could quite easily adapt the firmware on one of the new simultanious > data and digital voice on the same phone line modems to incorperate > encryption, and quite possibly encryption/key exhange interoperable > with some mode of PGPphone. Does Rockwell sell voice/data modem chipsets? .pm From tcmay at got.net Tue Aug 15 20:50:56 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 15 Aug 95 20:50:56 PDT Subject: Purple Boxes vs. Native Signal Processing Message-ID: At 4:12 AM 8/16/95, Lucky Green wrote: >I agree. You can easily do encryption and compression on the same chip. >There is no need for a separate DES/RSA chip. I only included some possible >DES chip manufactors, because the original poster asked for them. The trend is away from having two chips when one will suffice. Thus, the Macintosh 840av and 660av had a Motorola 68040 _and_ a Motorola 56000 DSP chip for speech processing and recognition, sound processing, etc....they were dropped and replaced by the PowerPC machines, which dispensed with the separate DSP chips. (The DSPs were never fully supported by software, especially from third party vendors....) And Intel is pushing "native signal processing," wherein DSP functions are pushed back into the CPU. If the CPU is fast enough, as the fast Pentiums are, this can work. This may be partly to sell more and faster Pentiums and partly because Intel has no effective DSP products at this time. (Intel has generally missed out on the DSP market, despite arguably having invented the first DSP chip. In 1977 I worked on the Intel 2920 signal processor, the first general purpose chip to do signal processing. Invented by Ted Hoff, the same guy who invented the microprocessor, it was abandoned a few years later. Then came the success of TI's TMS320 (or similar) DSP chips, the Motorola 56000 series, and Intel was out of the game.) Pushing DSP functions into the CPU can be taken too far. Apple, for example, had/has a "Geo Modem," or something like this, which does modem funtions in the CPU of some machines. Last I heard it was stuck at being too slow, with no software updates, and effectively is being abandoned. Modems have gotten so cheap that using the CPU makes little sense if it also complicates software. As in everything, the choice in partitioning is crucial. Of relevance to this list, I see no hope whatsoever that people will buy gizmos to do encryption if a software-only ("native signal processing") solution is within a factor of several in performance. After all, people complain that RSADSI wants "exorbitant" prices ($125) for public key ecryption and demand that "free" products are needed, so I can't see them spending $300 or even $100 for a hardware solution that does encryption a bit faster. If the Pentium + Soundblaster can do VoicePGP or PGPFone or Nautilus, then what's the incentive to buy additional hardware? Last I heard about CELP, it could handle "Pretty Good Voice" on a mere 66 MHz 486, and that's about 2-4x slower than what people are routinely buying today. (The situation may be slightly different for a fully-productized and consumerized "bump in the wire" secure phones, where the finished product will be sold to a different sort of customer than those clamoring for cheap crypto.) In conclusion, I'd always look to a software solution first. Anything that requires chips is automatically harder to build and to sell. Most importantly, a solution which runs on standard hardware available around the world will be trivially exportable (technologically) and will spread within days of availability, whereas a hardware-dependent solution will likely remain obscure and hard to export. Sofware solutions rule! --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From Ranxerox at ajsbbs.com Wed Aug 16 00:18:25 1995 From: Ranxerox at ajsbbs.com (Ranxerox at ajsbbs.com) Date: Wed, 16 Aug 95 00:18:25 PDT Subject: next letter... Message-ID: <199508160718.AAA10488@eskinews.eskimo.com> > Pl. teach me about american indians ? What would you like to know... I'll answer any questions that I can, and research any that I can't. > From Canada or a US state ? Well, the Chickasaw tribe is originally from the Southeastern US (Alabama, Kentucky, etc.) The name (in the native language) means 'Unconquered and Unconquerable' During that time, the Chickasaws were mainly farmers/traders. But if someone made them mad, they NEVER forgot or forgave until the debt was settled. Early in the war between the French and English, the English hired the Chickasaw people to fight for them. The French didn't stand a chance after that because of the Chickasaw and their allies. (When the Chickasaw were hired, they also asked other tribes to help in the war.) The Chickasaw's real name is spelled Chikasha (chi-KAH-shuh). My 'indian name' is: "Akuckma Kallo Hin-li Nita ho atuk Nutackhish". (It means 'Bad-tempered standing bear, he that has a beard.') And since I am 1.9 - 2m tall and weigh about 150Kg, it kind of fits... #:^) > I made a blizz trip to California and, when staying at the Canyon's, I had > the opportunity to visit Indian reserves but didn't want to - don't ask me > why. I'm a little disturbed by these "come-and-see-me" touristic > roundtrips. Although I saw a lot in a very very short time, I felt > uncomfortable about looking at "people" as part of the trip. Stupid? As long as you treat the people with respect and dignity, what is to be ashamed of? These displays are done to educate people. To let them know more about the tribe, it's culture and it's history. As long as you keep in mind the idea that it's there to teach, there's nothing at all wrong with it. There are some ceremonies that aren't done for show. Like (for example) the Cheyanne (shy-ANN) Sun Ceremony. This is a VERY serious thing. It lasts for 4 days (4 is an important number). During this ceremony, sacrifices are made. You can sacrifice some of your flesh by cutting it off of your own body, or you can sacrifice pain. If you choose to sacrifice pain, then there are several options. You can have bone skewers inserted under the muscles in your chest and be lifted into the air until the skewers tear free (blowing a bone whistle the whole time). Or you can have ropes attached to the skewers and the top of a pole, then you lean back until you break the ropes. (Again blowing the whistle.) Another way is to have Buffalo Skulls attached to the skewers. You then put the Buffalo skulls on your back and dance until they break free or tear out of your chest. And all of this is done in the hottest part of the summer. (At a temperature of about 38C.) > Where do you live now? How did you evolve from an Indian culture to a > US-city-bourgeois-like life ? I live about 30Km north of Seattle in a town of 75,000 called Everett. It's a nice place to live. Not too much crime except for an occasional noise complaint. All things considered, I think it's a nice place to raise my kid. > > Hobbies : Midieval Warfare (Tactics & Weapons), > Woops ! Woops? Is that good or bad? > Sorry I was late in wishing you all the best. At your age, the world's > expecting you ! Uh oh... I was hoping to sneak up on it. #:^) > I won't comment on the maths.. I really hate it, sorry ! Most people don't like math... I guess you have to be a little crazy to like math. But I've found that it actually relaxes me. I sit down and figure out a new formula, and I feel good that IU was able to do it. > Another cultural "question" : what's a "peptic ulcer"? I know an ulcer as > being something very painful on your stomac (I never had it, thanks God..) A peptic ulcer IS a hole in the stomach... I've had the ulcer since I was 9 years old. It's like a part of the family now. So I consider it a 'pet'. I know it sounds crazy, but if I worry about it, it just hurts more. It feels like having a belly full of fire as it is. I don't need it hurting any more. > Believe it or not, I've been in Washington once but on business trip for > the AIIM show (sorry, AIIM stands for Association for Image and Information > Management - a "huge" yearly show)... In fact, these business trips are a > real scandal fly in/fly out without any time for visiting whatsoever because > of time (and money) constraints.. > Forget these negative words, because I really loved all my US trips > (but was really mad not to be able to spend at least one week in each > city/state) I've been in Boston and Lowell/Mass several times, in My uncle teaches music at Berkley Music College near Boston. Some of his works have been berformed by the New York Philharmonic Orchestra, and the Zurich Philharmonic Orchestra. I know NOTHING about music though... I'm a scientist, not an artist. > Canada once (the Water Falls, straight from Boston and back the same Niagara Falls? > day), Los Angeles(+ one day Disney Land), Florida(+ one day Disney World - > waw !!), in Chicago and SanFrancisco twice, in NY three times, and of course > my "see-the-US-in-10-days" tour which involved the Californian Coast > (Monterrey, Carmel, SeaWorld, LA) + all canyons, Death Valley, Arizona > Desert, Scottsdale, etc. I went down to California a few years ago to meet some friends. Haven't been back though... :( > When I re-read this, I have no right to complain : I loved it all and > won't stop coming over... Next year, I hope to conquer Canada while one > holiday. (The AIIM show will be in Chicago again in 1996). If you like being in the outdoors, you may want to consider going to Alaska (Denali National Park) or the Canadian Northwest Territories. > By the way, your US map (on my computer) is a little bubbled.. What do you mean 'bubbled'? It didn't come out right? > But don't worry, I have great maps and books and videos and whatever > on the States at home. I have even family in the Concorde/Mass. and > in the Vermont. My girlfriend is originally from Connecticut, and I always tease her about it. I tell her that if my friends knew that my girlfriend was a 'damn yankee', they'd never let me hear the end of it. > all my internet drugs, except when it's football on TV...) Football = Soccer I presume... Over here 'Football' is a completely different game. I used to play it in school when I was about 16 years old. (Ever seen/herd of 'The Dallas Cowboys'?) > I'll come back to you soon (we have a four days week-end here as from > Saturday). Hope you enjoy your weekend. > PS : Thanks for all info about the net.. Where did you learn > French? (Escargot..) I don't know French... I know food. At 150Kg, I know food... #:^) Hope to hear from you again soon... Paul ranxerox at ajsbbs.com From Damien.Doligez at inria.fr Wed Aug 16 01:42:51 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Wed, 16 Aug 95 01:42:51 PDT Subject: SSL challenge -- broken ! Message-ID: <9508160842.AA27120@couchey.inria.fr> -----BEGIN PGP SIGNED MESSAGE----- SSL challenge -- broken This is to announce the solution of the SSL challenge posted by Hal Finney on July 17, 1995 (message-ID: <3u6kmg$pm4 at jobe.shell.portal.com>), also found at: The 40-bit secret part of the key is 7e f0 96 1f a6. I found it by a brute force search on a network of about 120 workstations and a few parallel computers at INRIA, Ecole Polytechnique, and ENS. The key was found after scanning a little more than half the key space in 8 days. The cleartext of the encrypted data is as follows: The SERVER-VERIFY message is: 9C B1 C7 83 D9 BB B7 75 01 6F 19 19 03 58 EC 05 MAC-DATA 05 MSG-SERVER-VERIFY AF 84 A7 79 F8 13 69 20 25 9B 53 A0 60 AE 75 51 CHALLENGE The CHALLENGE part is a copy of the challenge sent by the client in its first message. The answer is the CLIENT-FINISHED message: 22 BB 23 39 55 B0 7F B6 1A B0 35 85 F7 DB C1 E5 MAC-DATA 03 MSG-CLIENT-FINISHED BF EB 90 F8 2C 0C E1 EA 18 AC 11 4C 83 14 21 B6 CONNECTION-ID The next message is SERVER-FINISHED: D4 CD F3 4E 38 F1 2B 1E DC FD 72 C8 34 02 CD FF MAC-DATA 06 SERVER-FINISHED-BYTE 23 1C 05 40 60 72 49 6E 83 BA D1 28 CC 9B 5F 63 SESSION-ID-DATA Then comes the data message sent by the client. This is the juicy one. I have broken the contents into its fields (the body was just one long line) 72 23 B5 98 0D D0 07 1A DA F1 C7 A4 40 41 5A 10 MAC-DATA POST /order2.cgi HTTP/1.0 Referer: https://order.netscape.com/order2.cgi User-Agent: Mozilla/1.1N (Macintosh; I; PPC) Accept: */* Accept: image/gif Accept: image/x-xbitmap Accept: image/jpeg Content-type: application/x-www-form-urlencoded Content-length: 472 source-form=order2-cust.html& order_number=31770& prod_80-01020-00_Mac=1& carrier_code=UM& ship_first=Cosmic& ship_last=Kumquat& ship_org=SSL+Trusters+Inc.& ship_addr1=1234+Squeamish+Ossifrage+Road& ship_addr2=& ship_city=Anywhere& ship_state=NY& ship_zip=12345& ship_country=USA& ship_phone=& ship_fax=& ship_email=& bill_first=& bill_last=& bill_org=& bill_addr1=& bill_addr2=& bill_city=& bill_state=& bill_zip=& bill_country=USA& bill_phone=& bill_fax=& bill_email=& submit=+Submit+Customer+Data+ This order came from Mr Cosmic Kumquat, SSL Trusters Inc., 1234 Squeamish Ossifrage Road, Anywhere, NY 12345 (USA). Unfortunately, Mr Kumquat forgot to give his phone number, and the server's reply (in two packets) is: 09 12 AD FE A5 A9 BF D1 8C 8C E2 6A A3 48 B9 75 MAC-DATA HTTP/1.0 200 OK Server: Netscape-Commerce/1.1 Date: Wednesday, 12-Jul-95 05:40:30 GMT Content-type: text/html 1C CD C4 3D 80 F1 7B 94 11 AC E8 72 B1 99 BC FA MAC-DATA Error

Error

The shipping address you supplied is not complete. The street address, city, state, zip code, country and phone number are mandatory fields. Please go back and specify the full shipping address. Thank you. This result was found with a quick-and-dirty distributed search program, which I wrote when I realized that the cypherpunks were going to be a few weeks late with their collective effort. When the program was running, it took little more than one week to find the key (it would have taken about 15 days to sweep the entire key space). I ran it on almost all the machines I have access to, summarized in the following table: type speed (keys/s) number notes - -------------------------------------------------------- DEC (alpha) 18000-33000 34 DEC (MIPS) 2500-7500 11 SPARC 2000-13000 57 HP (HPPA/snake) 15000 3 Sony (R3000) 1100-4000 3 Sun 3 600 2 Sequent B8000 100 x 10 1 (1) Multimax (NS532) 600 x 14 1 (1) KSR 3200 x 64 1 (1) (2) Notes: 1. These are multiprocessor machines 2. The KSR spent only about 2 days on this computation. The total average searching speed was about 850000 keys/s, with a maximum of 1350000 keys/s (1150000 without the KSR). Conclusions: * Many people have access to the amount of computing power that I used. The exportable SSL protocol is supposed to be weak enough to be easily broken by governments, yet strong enough to resist the attempts of amateurs. It fails on the second count. Don't trust your credit card number to this protocol. * Cypherpunks write code, all right, but they shouldn't forget to run it. I want to thank the people at INRIA, Ecole Polytechnique, and Ecole Normale Superieure for giving their CPU time. (Most of them are on vacation anyway...) You can find a copy of this text at -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCSAwUBMDG4dVNZwSQVabihAQGeFAPnUZil4WlauoMke9HaULDNOVf1hLXS0i9U VJWZsPHcihDbn6nBN9T6f3sW/S08N5YJFSCmuZzqO59c0nOAKILb6a3TsXjFEcu8 W8UfwFsZa6gx7iuYqandhoHBEkkc5NSwMe1f+lPiV2MdclzQ4/VtZ7Oa1VB+RftD Am4+w/Y= =Fju1 -----END PGP SIGNATURE----- **** This is a timestamp of the above message: -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQBVAwUAMDGsOeWrvYiumrHZAQF0QwIAnDWdVVTiVmUTY5lp08yPeLRoFetczb+U E0WVgTUJ4a16tinOPaJl/6jOpPUUPWMjkDaD2N1xw8lGqm0UgZJiGIkAkgMFATAx uKJTWcEkFWm4oQEBAQ8D5ixvYrpEAQYfeNXmbB46BTTnBwBPS/JjfVFEEnC0Zsoj cyh/WELUsZf785b23vEq9JFvZB+bq1UsJTpttl335TrW344ZYof3kl6fdEF2Jf5q LxQjkuP9s/OQX5iJZpHz4LUxbb+/hOwSdZ2O3LV7ETiHs9AK1+bnKfOGDyei =qO7V -----END PGP MESSAGE----- From stewarts at ix.netcom.com Wed Aug 16 01:48:30 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 16 Aug 95 01:48:30 PDT Subject: Purple Boxes Message-ID: <199508160843.BAA25109@ix9.ix.netcom.com> At 10:30 PM 8/15/95 -0400, Dave Emery wrote: > I reiterate my suggestion of a few months ago that >one could quite easily adapt the firmware on one of the new simultanious >data and digital voice on the same phone line modems to incorperate >encryption, and quite possibly encryption/key exhange interoperable >with some mode of PGPphone. Doing this would relieve one of the >need to develop or manufacture any hardware at all - all that would >be required to have a portable "bump in the cord" encrypter widely >available for a low price would be creating a new version of the >downloadable flash ROM image that did encryption and PGPphone >key exchange. Most modems I've seen only have one set of audio interfaces, and a bump-in-the-cord phone needs two (one for the voice side, one for the modem line side.) (Having two jacks doesn't count.) So you'd need at least two modems, one straight and one re-educated, and you'd probably need lots more flash ROM than the average modem has. On the other hand, laptops are increasingly getting multimedia capabilities like built-in sound cards, and if there's a microphone jack you're in business (uh, well, for $3K or so) Or a cheaper laptop with two PCMCIA modems, if you can re-educate one, which also lets you move the non-audio parts of your secure phone program into the PC. Of course, if you want long conversations from the airport, you'll still need to find a payphone within 4-6 feet of an electric socket and not located under a MegaMuzak speaker, but that's easier than trying to balance a TI Silent 700 under similar conditions :-) #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- "The fat man rocks out Hinges fall off Heaven's door "Come on in," says Bill" Wavy Gravy's haiku for Jerry From jcaldwel at iquest.net Wed Aug 16 03:32:56 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Wed, 16 Aug 95 03:32:56 PDT Subject: Purple Boxes In-Reply-To: <199508160341.XAA16498@frankenstein.piermont.com> Message-ID: perry at piermont.com wrote: > > > "Dave Emery" writes: > > I reiterate my suggestion of a few months ago that > > one could quite easily adapt the firmware on one of the new simultanious > > data and digital voice on the same phone line modems to incorperate > > encryption, and quite possibly encryption/key exhange interoperable > > with some mode of PGPphone. > > Does Rockwell sell voice/data modem chipsets? Do bears crap in the woods? ;-) My PP14.4 uses a rockwell chipset with caller ID built in. -- So you may wonder -- "But what does that have to do with me?" Answer: I have locked horns with "The Devil", buddy boy, and compared to him, you ain't sh**. Brian Francis Redman to Chip Berlet From jcaldwel at iquest.net Wed Aug 16 03:35:03 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Wed, 16 Aug 95 03:35:03 PDT Subject: An article for Wired magazine In-Reply-To: <8AF3490.0003000322.uuout@famend.com> Message-ID: MONTY HARDER wrote: > > PE> kilos of gold in it if $50,000 in cash doesn't suit your tastes. I > PE> defy governments to eliminate gold as well as paper currency. > > Um. Didn't FDR try that? Didn't a lot of sheep let him get away with it? -- So you may wonder -- "But what does that have to do with me?" Answer: I have locked horns with "The Devil", buddy boy, and compared to him, you ain't sh**. Brian Francis Redman to Chip Berlet From danisch at ira.uka.de Wed Aug 16 04:08:14 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Wed, 16 Aug 95 04:08:14 PDT Subject: Purple Boxes Message-ID: <9508161105.AA21087@elysion.iaks.ira.uka.de> > Has anyone ever tried putting PGP on a chip??? RSA??? (Are these too > slow for realistic real time hardware voice/data encryption??) We have implemented a public-key system in smartcards. The secret key is completely generated and hidden inside the card. The public key system is TESS (RFC1824). An authenticated key exchange is perform by the card in about one second. Hadmut From liberty at gate.net Wed Aug 16 05:15:55 1995 From: liberty at gate.net (Jim Ray) Date: Wed, 16 Aug 95 05:15:55 PDT Subject: PGP use in Guatemala? Message-ID: <199508161214.IAA25845@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Dear Cypherpunks: Could someone please send me (hopefully documented) examples of PGP use and the government reaction to it in Guatemala or point me to where to find articles (if there are any) on the subject? Please reply privately to liberty at gate.net Thanks. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMDHgEm1lp8bpvW01AQHVpwQAhS16CfDaRcqPHNkbanIWGJ1qchjsBoqZ Or4rxTLNm9LpvMjoiptR8Myo09YaEnYzm38nw4CW4YyMtEVFde99teL0VzSNyYTm YPL0COTcB6Sw5Ti1w3yjQsKEaMnX1homGRRIFmGpTP9KZfrq/nt193Jw1WySzsMe zad0RqPCgOM= =v2J6 -----END PGP SIGNATURE----- Regards, Jim Ray Don't investigate Mena, Arkansas and contra-coke. Embarrassment is a threat to national security... ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ From jya at pipeline.com Wed Aug 16 06:08:44 1995 From: jya at pipeline.com (John Young) Date: Wed, 16 Aug 95 06:08:44 PDT Subject: PRZ Wins One Message-ID: <199508161308.JAA18682@pipe2.nyc.pipeline.com> PRZ is awarded a 1995 Chrysler Award for Innovation in Design, says a $40,000 full-page ad in The NYT today, with a brief citation: Philip Zimmermann is the designer of Pretty Good Privacy (PGP), an E-mail encryption software. Thanks to the algorithms of PGP, which was released to the public as free software in 1991, E-mail messages can be sent securely all over the world without the risk of interception by any third party. No mention of the free-world leader's sword poised to decapitalize the public-spirited designer to protect IC hegemony. From dmandl at panix.com Wed Aug 16 06:46:58 1995 From: dmandl at panix.com (dmandl at panix.com) Date: Wed, 16 Aug 95 06:46:58 PDT Subject: Zimmermann wins Chrysler Award Message-ID: There's a full-page ad on page A9 of today's Wall Street Journal announcing the winners of the "1995 Chrysler Award of Innovation in Design." One of the six winners is Phil Zimmermann. I quote: "Philip Zimmermann is the designer of Pretty Good Privacy (PGP), an E-mail encryption software. Thanks to the algorithms of PGP, which was released to the public as free software in 1991, E-mail messages can be sent securely all over the world without risk of interception by any third party." In case you're interested: "For the past three years, Chrysler Corporation has been honoring outstanding designers. By showcasing great innovations in fields such as graphic, interactive, product, architectural, and environmental designs, Chrysler strives to bring well-deserved attention to those designers whose common attribute is a passionate commitment to their vision." Among the other winners: the hip graphic design group Reverb and "carceral" architect Frank Gehry. --Dave. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From sbryan at maroon.tc.umn.edu Wed Aug 16 07:29:42 1995 From: sbryan at maroon.tc.umn.edu (Steve Bryan) Date: Wed, 16 Aug 95 07:29:42 PDT Subject: Purple Boxes vs. Native Signal Processing Message-ID: At 8:58 pm 8/15/95, Timothy C. May wrote: [snip] >The trend is away from having two chips when one will suffice. Thus, the >Macintosh 840av and 660av had a Motorola 68040 _and_ a Motorola 56000 DSP [snip] >Pushing DSP functions into the CPU can be taken too far. Apple, for >example, had/has a "Geo Modem," or something like this, which does modem >funtions in the CPU of some machines. Last I heard it was stuck at being >too slow, with no software updates, and effectively is being abandoned. [snip] My apologies if this is being too compulsive but for reasons of accuracy it should be pointed out that the DSP in the Mac 660av and also the 840av is the AT&T 3210. The other point I'd make is more a matter of opinion. The Geopod and associated software has been excellent and revisions have just recently been released by Apple and Cypress Research. The phone capability is particularly well designed. This is in marked contrast to the demo program called ApplePhone which was mistakenly treated as an attempt at a finished product when it was just intended as a technology demonstration. It took an unusually long time for MegaPhone, the finished product from Cypress Research, to finally appear. As far as speed is concerned there is impatience about the 14,400 bps limit and that remains the major shortcoming. But even that may be corrected by Apple before too much longer. Personally, I'm more than willing to accept the tradeoff in order to have the tight integration of the three capabilities (data, fax and phone). I still have a funky NuBus card from SuperMac (with three RJ11 connectors and an RS232 connector that was designed to combine these capabilities, it was a prototype) sitting in a drawer while my Quadra and PowerMac are smoothly providing the services. The next step will be to integrate PGPFone with the other three functions so that one could handle data, fax, phone, and secure phone all with the same phone line and without requiring a rocket scientist to set up and use it. +---------------------------------------------------------------------- |Steve Bryan Internet: sbryan at maroon.tc.umn.edu |Sexton Software CompuServe: 76545,527 |Minneapolis, MN Fax: (612) 929-1799 |PGP key fingerprint: B4 C6 E2 A6 5F 87 57 7D E1 8C A6 9B A9 BE 96 CB +---------------------------------------------------------------------- From kinney at bogart.Colorado.EDU Wed Aug 16 07:58:18 1995 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Wed, 16 Aug 95 07:58:18 PDT Subject: Use of the IV in DES & stuffing the first block w/ random stuff In-Reply-To: Message-ID: <199508161458.IAA12814@bogart.Colorado.EDU> > >You might want to do something fancy like choose a random salt, > >use the salt for the IV, and use MD5(salt,human-selected-key) for the key. > >This makes pre-computation much less useful (unless you're careless > >and use MD5(key,salt) instead if MD5(salt,key)...), and means that > >you use a different session key for each batch of stuff you encrypt, > >even though you're using the same key. If you're paranoid about replay > >attacks, you could let some of the bits of the salt be random and some > >be a counter, and never accept a key smaller than the one from the > >previous successfully-decrypted message. > > Hmmmm, so I should put the salt in the clear at the start of the file? > This looks like an intresting idea. What I do in Curve Encrypt for the Mac is use the MD5 of the pass phrase, a 128-bit random salt (overkill is cheap here) and a one-byte counter field passed repeatedly through MD5, like this: = MD5[] = 128 bits of randoms = 0 MD5Init() for (a tenth of a second) MD5Update[] = + 1 = MD5Final() At startup, the program determines how many iterations of MD5Update can be accomplished in a tenth of a second on the current CPU, and the loop is run that many times. The number of iterations and the salt are stored with the encrypted file, in the clear. The point to the concatenation is that this buffer is 65 bytes long, and MD5 works on 64-bit blocks, so that the buffer is shifted by one byte in the MD5 block each iteration, making precomputation of the MD5 addition steps more of a pain. Also note that the buffer is _not_ repeatedly MD5-hashed, but repeatedly sent to MD5Update() instead. This is out of fear that there might be fixed-points in the hash algorithm. -- Will From jya at pipeline.com Wed Aug 16 08:26:45 1995 From: jya at pipeline.com (John Young) Date: Wed, 16 Aug 95 08:26:45 PDT Subject: BUY_lou Message-ID: <199508161526.LAA06595@pipe3.nyc.pipeline.com> 8-16-95. NYPaper: "The F.B.I. and Ruby Ridge." [Editorial] Since the paranoid days of J. Edgar Hoover, the F.B.I. has been struggling to free itself of an institutional incapacity to admit its mistakes and punish wrongdoing by senior officials. Mr. Freeh, who was entrusted with this task, seems to have put misplaced confidence in a longtime friend and associate. Mr. Freeh is said to be infuriated that his trust was abused. Well he should be furious -- especially at himself. "Separatist Family Given $3.1 Million From Government." The Government agreed today to pay $3.1 million to the family of a white separatist whose wife and teen-age son were killed three years ago by Federal agents in a standoff on a remote Idaho mountainside. The decision to give Mr. Weaver and his children any money was particularly stunning, since Federal prosecutors tried two years ago to have him convicted in the killing of a Federal marshal at Ruby Ridge, and sought the death penalty. Federal investigators involved in the case were rebuked by the judge who presided over the trial. The case has also taken on political dimensions. Some conservative groups have cited the shootout, along with the 1993 F.B.I. assault on the Branch Davidian compound near Waco, Tex., as examples of Government abuse of power. BUY_lou From stripes at va.pubnix.com Wed Aug 16 08:44:51 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Wed, 16 Aug 95 08:44:51 PDT Subject: BUY_lou In-Reply-To: <199508161526.LAA06595@pipe3.nyc.pipeline.com> Message-ID: Hit me please. :-) From sean at escape.ca Wed Aug 16 09:14:48 1995 From: sean at escape.ca (Sean A. Walberg) Date: Wed, 16 Aug 95 09:14:48 PDT Subject: Eudora/Trumpet encryption Message-ID: I'm a crypto newbie here, but does anybody know how Trumpet Winsock and/or Eudora encrypt the passwords in their .ini files? I am trying to write a front end for a client and would rather it set up automatically rather than the program ask. How would I go about cryptoanalysing this? If it were a simple XOR, then wouldn't Plaintext1^Cypher1 == Plaintext2^Cypher2 and so on? Thanx for any help you can give me on this matter, Sean o-------------------o----------------------o-----------------------o | Sean Walberg, | Tech Support | Pas_al, _obol, BASI_, | | sean at escape.ca | escape communication | PostS_ript, T_L... | | Mail for PGP key | 925-4290 | C fills all the holes | o----------------] http://www.escape.ca/~sean [--------------------o From lep at tanju.wsnet.com Wed Aug 16 09:30:14 1995 From: lep at tanju.wsnet.com (Alan Patterson) Date: Wed, 16 Aug 95 09:30:14 PDT Subject: DSP's, Purple Boxes, Etc... Message-ID: For those interested in design of these purple boxes, etc., you might want to check out a couple of magazines that are FULL of advertisements and specs on DSP's, CPU's, communications design equipment, etc: Data Communications (800) 525-5003 and Computer Design Circulation Director (918) 832-9287 email paulw at pennwell.com Both magazines are free. Alan Patterson (lep at wsnet.com) PGP public key available at MIT keyserver. WSNetwork Communications Services, Inc. Fngpt: 41D0F61B496FECC09FABECF686AB2AIC Montgomery, Alabama (334) 263-5505 (800) INET-750 PGP Encrypted Email Preferred From rah at shipwright.com Wed Aug 16 09:41:14 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 16 Aug 95 09:41:14 PDT Subject: Phone call for Mr. Doligez, was Re: SSL challenge -- broken ! Message-ID: >-----BEGIN PGP SIGNED MESSAGE----- > >SSL challenge -- broken Indeed, it seems so, and the feeding frenzy in the press has begun. I zinged this over from cypherpunks to www-buyinfo this morning, and this afternoon I got a rather interesting call from a reporter. I told him about ITARs, its effect on internet commerce and the silliness of a 40 bit key, etc. He wanted to know if I knew Damien's phone number(!), and I told him to have ATT put one of their translators-for-hire on the line and call INRIA, Ecole Polytechnique, or Ecole Normale Superieure, and track him down there. Meanwhile, if Mr. Doligez sees this, call Alan Beck at 619-625-0700, or email him at alan at tgc.com. I can see the headlines now: "Netscape Security Broken, Stock Falls". Make-a the Ganglia Twitch. Haven't had this much fun since the hogs ate my little brother... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From pcw at access.digex.net Wed Aug 16 09:55:27 1995 From: pcw at access.digex.net (Peter Wayner) Date: Wed, 16 Aug 95 09:55:27 PDT Subject: Phone call for Mr. Doligez, was Re: SSL challenge -- broken ! Message-ID: <199508161654.MAA25878@access5.digex.net> I don't think that there is any serious worry for Netscape. Their security is fine-- it's just crippled by the US Government. They could probably start distributing binary versions of their software that used full 128 bit keys in several hours. It's just that the Government gets pissed off about these things. In general, it just adds more flames to the fire started by the letter written by Microsoft, IBM and Lotus. Their point is bolstered by this easy attack. -Peter From die at pig.die.com Wed Aug 16 10:39:46 1995 From: die at pig.die.com (Dave Emery) Date: Wed, 16 Aug 95 10:39:46 PDT Subject: Purple Boxes In-Reply-To: <199508160843.BAA25109@ix9.ix.netcom.com> Message-ID: <9508161739.AA02917@pig.die.com> > > At 10:30 PM 8/15/95 -0400, Dave Emery wrote: > > I reiterate my suggestion of a few months ago that > >one could quite easily adapt the firmware on one of the new simultanious > >data and digital voice on the same phone line modems to incorperate > >encryption, and quite possibly encryption/key exhange interoperable > >with some mode of PGPphone. > Most modems I've seen only have one set of audio interfaces, > and a bump-in-the-cord phone needs two (one for the voice side, > one for the modem line side.) (Having two jacks doesn't count.) > So you'd need at least two modems, one straight and one re-educated, > and you'd probably need lots more flash ROM than the average modem has. The kind of modem I was refering to is designed to supply a digital voice connection interleaved with 28.8 kb V.34 high speed data over a common modem connection. As such it has an extra audio A/D and D/A and line interface; in fact some of these modems actually have a full telco CO type phone line interface so one can plug in a regular vanilla phone and talk full duplex over the digital path just as on an analog phone line. They are already trully bump-in-the-cord devices. These modems are a new product, just being introduced, and are apparently aimed at the service desk/tech support market where they supply the capability for someone diagnosing a problem to have the customer's screen display on their system and access their keyboard while talking to the customer about what is wrong. (As a historical note, I was involved in the development of this technology at Data General in the late 70's using fdm data over voice analog signalling - the reason it didn't catch on was that the modem connection was very slow (300 baud)). There is an effort in the modem industry to standardize the voice compression used and the protocol so such modems will interoperate with those made by other manufacturers - I don't think anybody has addressed encryrption in this protocal (after all, the NSA has kept encryption out of the data side of modems where it would be trivial to implement). As for the ROM size issue - I'm sure if one was expecting to be able to drop in PGPphone code relatively unmodified it would be a problem, but actually implmenting the core encryption and crypto sync stuff would only be a few tens of kb of code at most in a ROM that may well be 512 kb or more now with significant space reserved for expansion and bug fixes and support of older modem protocols. Dave Emery die at die.com From hfinney at shell.portal.com Wed Aug 16 10:46:13 1995 From: hfinney at shell.portal.com (Hal) Date: Wed, 16 Aug 95 10:46:13 PDT Subject: SSL challenge -- broken ! Message-ID: <199508161745.KAA08481@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- From: Damien.Doligez at inria.fr (Damien Doligez) > This is to announce the solution of the SSL challenge posted by Hal > Finney on July 17, 1995 (message-ID: <3u6kmg$pm4 at jobe.shell.portal.com>), > also found at: Although it is hardly necessary, I can confirm the accuracy of the decryption found, and I extend my congratulations for this achievement! Ironically, I understand that an independent effort coordinated by Adam Back also discovered the key at approximately the same time. In addition, Eric Young had done a search starting at 8000000000 and upwards; unfortunately the key value of 7ef0961fa6 was only about one percent below his starting point. Hopefully Adam will supply more information. It will be interesting to see what the fallout is from this accomplishment. It should provide ammunition for the current effort by Microsoft and other companies to try to persuade the government to allow the export of full 56 bit DES. Knowing the tendency of the media and the net to oversimplify, this will probably come out as "SSL is broken" just as the RSA-129 result led to "RSA is broken" stories. This would not be as egregious an oversimplification as in the RSA case, but in fairness it should be recognized that SSL as a spec provides support for much stronger ciphers than the intentionally weakened RC4-40 which was broken here, but Netscape was constrained by the government to supply browsers with only the weak encryption. I am a little alarmed by the suggestion that this news could have some marked impact on the Netscape stock price. From our perspective this was certainly an unsurprising result (not to take anything away from Damien and others who worked on it). It is a useful reminder that the things we work on here can have profound consequences. Hal Finney hfinney at shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBMDIuehnMLJtOy9MBAQHQbwH+I0YL1ewcCbXOGw8yYvKXIJMg15O0jmqW wMb6SKrethbJzpWXJBpC1oKrl8wVzPvqBCLJtfJFWcN9xD4pTOluhA== =0GPy -----END PGP SIGNATURE----- From schampeo at imonics.com Wed Aug 16 11:05:41 1995 From: schampeo at imonics.com (Steven Champeon - Imonics Development) Date: Wed, 16 Aug 95 11:05:41 PDT Subject: Phone call for Mr. Doligez, was Re: SSL challenge -- broken ! Message-ID: <9508161804.AA26353@fugazi.imonics.com> | Subject: Re: Phone call for Mr. Doligez, was Re: SSL challenge -- broken ! | From: Peter Wayner | | I don't think that there is any serious worry for Netscape. Their | security is fine-- it's just crippled by the US Government. They | could probably start distributing binary versions of their software | that used full 128 bit keys in several hours. It's just that the | Government gets pissed off about these things. The netscape client already has these capabilities built in. During the negotiation stage, the client talks to the server, which announces which strength to use. For exported versions of both the client and the server they are limited to 40 bit RC4. For US versions, all available strengths are supported with an option to enable them. Pull up Netscape, and for the URL type: "about:". It will tell you which algorithms are used, but not their key bit length. When you configure their Commerce server, you have the option to enable any of the supported bit lengths and algorithms, including RC2 and RC4, IDEA, 40 -> 128 bits, 64 -> 192 for DES. Netscape's server, since it must service foreign requests, probably doesn't even waste its time asking for >40 bit, since that would add to the time it takes to negotiate a common scheme. If anyone has any insight into this, please fill me in. I just wanted to clarify a few things. Steve -- Steve Champeon Technical Lead, Imonics Web Services From jim at acm.org Wed Aug 16 11:07:10 1995 From: jim at acm.org (Jim Gillogly) Date: Wed, 16 Aug 95 11:07:10 PDT Subject: SSL challenge -- broken ! In-Reply-To: <199508161745.KAA08481@jobe.shell.portal.com> Message-ID: <199508161806.LAA29214@mycroft.rand.org> > Hal writes: > I am a little alarmed by the suggestion that this news could have some > marked impact on the Netscape stock price. From our perspective this was > certainly an unsurprising result (not to take anything away from Damien So far it appears not to have had an effect. The two web pages I know about that track Netscape show it holding steady a point and a half above where it opened. Even the IF market on SSLW doesn't seem to be taking much notice of it, despite my attempts at manipulating that market. Jim Gillogly Mersday, 24 Wedmath S.R. 1995, 18:06 From usura at replay.com Wed Aug 16 11:10:48 1995 From: usura at replay.com (Alex de Joode) Date: Wed, 16 Aug 95 11:10:48 PDT Subject: SSL challenge -- broken ! Message-ID: <199508161810.AA05369@xs1.xs4all.nl> Hal sez: [..] : I am a little alarmed by the suggestion that this news could have some : marked impact on the Netscape stock price. From our perspective this was : certainly an unsurprising result (not to take anything away from Damien : and others who worked on it). It is a useful reminder that the things we : work on here can have profound consequences. Just to bad Ecash and the ON-Line Stock/Options Broker [TM] aren't available, would be a good time to buy some put options on Netscape Communications. -- Alex de Joode Fear Uncertainty and Doubt, Inc. From loki at obscura.com Wed Aug 16 11:24:39 1995 From: loki at obscura.com (Lance Cottrell) Date: Wed, 16 Aug 95 11:24:39 PDT Subject: SSL challenge -- broken ! In-Reply-To: <199508161806.LAA29214@mycroft.rand.org> Message-ID: Even more to the point is my claim on IF about brute forcing a 40 bit cipher "Cr40". -Lance On Wed, 16 Aug 1995, Jim Gillogly wrote: > > > Hal writes: > > I am a little alarmed by the suggestion that this news could have some > > marked impact on the Netscape stock price. From our perspective this was > > certainly an unsurprising result (not to take anything away from Damien > > So far it appears not to have had an effect. The two web pages I know about > that track Netscape show it holding steady a point and a half above where it > opened. Even the IF market on SSLW doesn't seem to be taking much notice of > it, despite my attempts at manipulating that market. > > Jim Gillogly > Mersday, 24 Wedmath S.R. 1995, 18:06 > ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From jweis at primenet.com Wed Aug 16 11:32:41 1995 From: jweis at primenet.com (Jason Weisberger) Date: Wed, 16 Aug 95 11:32:41 PDT Subject: Phone call for Mr. Doligez, was Re: SSL challenge -- broken ! In-Reply-To: <199508161654.MAA25878@access5.digex.net> Message-ID: <199508161832.LAA28361@usr5.primenet.com> > > I don't think that there is any serious worry for Netscape. Their > security is fine-- it's just crippled by the US Government. They > could probably start distributing binary versions of their software > that used full 128 bit keys in several hours. It's just that the > Government gets pissed off about these things. > I have to agree, Netscape may spend some energy to upgrade their encryption, but it really won't buy them all that much. SSL, to me, is like using a "security envelope" to mail cash or putting the club on your car. It presents just enough of an obstacle to keep honest people honest. jweis at primenet.com http://www.qtime.com/~jweis From perry at piermont.com Wed Aug 16 11:33:43 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 16 Aug 95 11:33:43 PDT Subject: SSL challenge -- broken ! In-Reply-To: <199508161806.LAA29214@mycroft.rand.org> Message-ID: <199508161832.OAA19556@frankenstein.piermont.com> Jim Gillogly writes: > > Hal writes: > > I am a little alarmed by the suggestion that this news could have some > > marked impact on the Netscape stock price. From our perspective this was > > certainly an unsurprising result (not to take anything away from Damien > > So far it appears not to have had an effect. The two web pages I know about > that track Netscape show it holding steady a point and a half above where it > opened. Even the IF market on SSLW doesn't seem to be taking much notice of > it, despite my attempts at manipulating that market. I haven't seen any news stories about this on the wire services. Someone would have to write a story about it first before people would know... .pm From rah at shipwright.com Wed Aug 16 11:46:00 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 16 Aug 95 11:46:00 PDT Subject: SSL challenge -- broken ! Message-ID: At 1:45 PM 8/16/95, Hal wrote: >I am a little alarmed by the suggestion that this news could have some >marked impact on the Netscape stock price. My apologies for causing alarm. I was merely making a too-subtle joke about hysteria in the press and the capital markets for Netscape, and its inevitable backlash. Madness of crowds and all that... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From eb at comsec.com Wed Aug 16 12:58:03 1995 From: eb at comsec.com (Eric Blossom) Date: Wed, 16 Aug 95 12:58:03 PDT Subject: Purple Boxes In-Reply-To: <9508160230.AA01456@pig.die.com> Message-ID: <199508161935.MAA23741@comsec.com> > I reiterate my suggestion of a few months ago that > one could quite easily adapt the firmware on one of the new simultanious > data and digital voice on the same phone line modems to incorperate > encryption, and quite possibly encryption/key exhange interoperable > with some mode of PGPphone. I've looked at the AT&T simultaneous voice and data stuff (VoiceSpan), and from what I can determine from reading between the lines, the voice stuff is not really digitized (a la PCM), rather it is just pushed around somewhere else in the spectrum. The data is apparently modulated using a variant on QAM, and the data rate varies dynamically depending on whether or not you are saying anything. As I recall the block diagram is ... +-----------+ +--------+ analog voice <---> | | | |<--- TIP | Modem IC |<----> | DAA | digital bitstream <---> | | | |<--- RING +-----------+ +--------+ You can get data sheets from AT&T Microelectronics. Eric From banisar at epic.org Wed Aug 16 12:59:15 1995 From: banisar at epic.org (Dave Banisar) Date: Wed, 16 Aug 95 12:59:15 PDT Subject: FBI Files on Clipper Releas Message-ID: FOR RELEASE: August 16, 1995, 2:00 p.m. EST CONTACT: David Sobel (202) 544-9240 FBI FILES: CLIPPER MUST BE MANDATORY WASHINGTON, DC - Newly-released government documents show that key federal agencies concluded more than two years ago that the "Clipper Chip" encryption initiative will only succeed if alternative security techniques are outlawed. The Electronic Privacy Information Center (EPIC) obtained the documents from the Federal Bureau of Investigation under the Freedom of Information Act. EPIC, a non-profit research group, received hundreds of pages of material from FBI files concerning Clipper and cryptography. The conclusions contained in the documents appear to conflict with frequent Administration claims that use of Clipper technology will remain "voluntary." Critics of the government's initiative, including EPIC, have long maintained that the Clipper "key-escrow encryption" technique would only serve its stated purpose if made mandatory. According to the FBI documents, that view is shared by the Bureau, the National Security Agency (NSA) and the Department of Justice (DOJ). In a "briefing document" titled "Encryption: The Threat, Applications and Potential Solutions," and sent to the National Security Council in February 1993, the FBI, NSA and DOJ concluded that: Technical solutions, such as they are, will only work if they are incorporated into *all* encryption products. To ensure that this occurs, legislation mandating the use of Government-approved encryption products or adherence to Government encryption criteria is required. Likewise, an undated FBI report titled "Impact of Emerging Telecommunications Technologies on Law Enforcement" observes that "[a]lthough the export of encryption products by the United States is controlled, domestic use is not regulated." The report concludes that "a national policy embodied in legislation is needed." Such a policy, according to the FBI, must ensure "real- time decryption by law enforcement" and "prohibit[] cryptography that cannot meet the Government standard." The FBI conclusions stand in stark contrast to public assurances that the government does not intend to prohibit the use of non-escrowed encryption. Testifying before a Senate Judiciary Subcommittee on May 3, 1994, Assistant Attorney General Jo Ann Harris asserted that: As the Administration has made clear on a number of occasions, the key-escrow encryption initiative is a voluntary one; we have absolutely no intention of mandating private use of a particular kind of cryptography, nor of criminalizing the private use of certain kinds of cryptography. According to EPIC Legal Counsel David Sobel, the newly- disclosed information "demonstrates that the architects of the Clipper program -- NSA and the FBI -- have always recognized that key-escrow must eventually be mandated. As privacy advocates and industry have always said, Clipper does nothing for law enforcement unless the alternatives are outlawed." Scanned images of several key documents are available via the World Wide Web at the EPIC Home Page: http://www.epic.org/crypto/ban/fbi_dox/ -30- _________________________________________________________________________ Subject: FBI Files on Clipper Released _________________________________________________________________________ David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://epic.org Washington, DC 20003 * ftp/gopher/wais cpsr.org From adam at bwh.harvard.edu Wed Aug 16 13:10:39 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 16 Aug 95 13:10:39 PDT Subject: Phone call for Mr. Doligez, was Re: SSL challenge -- broken ! In-Reply-To: <199508161654.MAA25878@access5.digex.net> Message-ID: <9508162008.AA00722@waller.harvard.edu> Peter Wayner writes: | I don't think that there is any serious worry for Netscape. Their | security is fine-- it's just crippled by the US Government. They | could probably start distributing binary versions of their software | that used full 128 bit keys in several hours. It's just that the | Government gets pissed off about these things. I'm not sure I trust their security. I know I have no reason to; their server comes as 14.9mb of object code. I know of no vendor who ships a bug free 14mb product. (To be more than fair, most of those binaries are relatively small, on the order of 250k.) As RTM, Sr asked, if your programs are buggy, what does that say about their security? (Not that I'm offering up exploits; simply saying that I suspect there are problems, and that those problems can make whatever security SSL does or doesn't offer moot). The operative question is not one of 'what is the cost of breaking SSL relative to the financial gain?' but 'what is the cost of breaking or bypassing SSL relative to the risk involved and the financial gain?' Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From habs at warwick.com Wed Aug 16 13:40:23 1995 From: habs at warwick.com (Harry S. Hawk) Date: Wed, 16 Aug 95 13:40:23 PDT Subject: SSL challenge -- broken ! In-Reply-To: <199508161832.OAA19556@frankenstein.piermont.com> Message-ID: <199508162039.QAA27638@cmyk.warwick.com> > I haven't seen any news stories about this on the wire > services. Someone would have to write a story about it first before > people would know... I've suggested this to a few reporters I know.. /hawk From die at pig.die.com Wed Aug 16 13:45:28 1995 From: die at pig.die.com (Dave Emery) Date: Wed, 16 Aug 95 13:45:28 PDT Subject: Purple Boxes In-Reply-To: <199508161935.MAA23741@comsec.com> Message-ID: <9508162044.AA03254@pig.die.com> > > I've looked at the AT&T simultaneous voice and data stuff (VoiceSpan), > and from what I can determine from reading between the lines, the > voice stuff is not really digitized (a la PCM), rather it is just > pushed around somewhere else in the spectrum. The data is apparently > modulated using a variant on QAM, and the data rate varies dynamically > depending on whether or not you are saying anything. > > As I recall the block diagram is ... We had a discussion about this on this list a while back. I've been following the matter elsewhere and it is certainly true that some of the proprietary stuff and the proposed standard are fully digital packet interleaved digital CLEP coded voice. It would be possible to use the echo cancelling technology of modern modems (which subtract out the transmit signal to leave the receive) to subtract out both the transmit and receive digital signals (QAM by the way for v.32 and v.34) and leave just the residual noise which could be voice at a very low level. Whether one could get an adaquate bit error rate (even with the trellis coding) from the far end data signal given the worst case line loss if the signal was mixed with low level voice I do not know. In any case if the analog voice under QAM data trick was actually used, one could have a reasonable security analog masking type scrambler for free by sending random digital data down the line in both directions (such as data derived from Johnson noise or radioactive decay). There would be no easy way for a third party to filter out the digital data (unless of course the interloper had a four wire tap on the line with good enough directionality to demodulate the data in both directions with a reasonable BER). Dave Emery die at die.com From doug at openmind.com Wed Aug 16 14:57:38 1995 From: doug at openmind.com (Doug Cutrell) Date: Wed, 16 Aug 95 14:57:38 PDT Subject: Question: DSA status and export requirements? Message-ID: Does anyone know if there have been any major developments in the DSA patent issue in the past year? I've read that some large companies have used DSA in products without paying royalties to Bizdos, but they also have separate licensing deals for RSA itself. On another note, I would much appreciate advice on whether a product which does only signature verification using, say, DSA and SHA, would require ITAR export approval? I've read that the NSA has specifically stated that they are not concerned with products that cannot be easily used for privacy -- so would such a product (which can verify but not generate signatures) even be required to apply for an export license? Doug Cutrell doug at OpenMind.com ________________________________________________ fuck the Exxon Communications Decency ammendment From rah at shipwright.com Wed Aug 16 15:20:50 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 16 Aug 95 15:20:50 PDT Subject: Erroneous HPCwire phone # Message-ID: Whoops... Hope this helps! Cheers, Bob Hettinga --- begin forwarded text Date: Sat, 12 Aug 95 04:22:08 PST From: "Alan Beck" X-Minuet-Version: Minuet1.0_Beta_4 Reply-To: X-Popmail-Charset: English To: rah at shipwright.com Subject: Erroneous HPCwire phone # Robert, I can't reach my managing editor, who's a cypherpunk subscriber, so I'm emailing you: HPCwire's telephone number was posted incorrectly. Our real number is: 619-625-0070. I'd appreciate it if you could revise the post. Thanks much! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Alan Beck HPCwire Associate Editor 8445 Camino Santa Fe HPCwire Suite 204 alan at hpcwire.tgc.com San Diego, Calif. 92121 Voice: 619/625-0070 Fax: 619/625-0088 For a free trial subscription, email: ~~ Diagonally parked in a parallel universe. ~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From jbuck at Synopsys.COM Wed Aug 16 16:15:55 1995 From: jbuck at Synopsys.COM (Joe Buck) Date: Wed, 16 Aug 95 16:15:55 PDT Subject: SSL challenge -- broken ! Message-ID: <199508162315.QAA04306@deerslayer.synopsys.com> Congratulations on demonstrating the effort required to break SSL with a 40-bit key. It seems clear demonstrated that this is not adequate to store, say, company-confidential information for communication over insecure networks, since it seems the average grad student at a large university could get access to similar computing power that you used (spare cycles on a hundred workstations or more). However, I disagree with your conclusion: > Many people have access to the amount of computing power that I used. > The exportable SSL protocol is supposed to be weak enough to be > easily broken by governments, yet strong enough to resist the attempts > of amateurs. It fails on the second count. Don't trust your credit > card number to this protocol. Your credit card number, expiration date, etc, are continually being revealed to minimum-wage clerks all the time, unless you never use the card. A chain is only as strong as its weakest link; it makes no sense to buy an expensive lock when your door has a big enough opening to climb through. Should some bad person get hold of your card number and misuse it, you're not out any money: you just tell the card company "I didn't buy that". Since there's so much tracing in the system, if you buy a physical something with a stolen credit card number it can usually be traced to you (who'd they ship the package to?). It's not clear to me that *any* encryption is really essential if the only purpose is to protect credit card #'s from snoopers. There's plenty of stuff that *does* need protection, but I'm not sure credit card #'s head the list. Q: Of the 20,000 credit card #'s stolen from Netcom's computer, how many were used to buy things? Answer: not sure, but expect the answer is "zero". From perry at piermont.com Wed Aug 16 16:25:22 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 16 Aug 95 16:25:22 PDT Subject: SSL challenge -- broken ! In-Reply-To: <199508162315.QAA04306@deerslayer.synopsys.com> Message-ID: <199508162324.TAA00306@frankenstein.piermont.com> Joe Buck writes: > However, I disagree with your conclusion: > > > Don't trust your credit card number to this protocol. > > Your credit card number, expiration date, etc, are continually being > revealed to minimum-wage clerks all the time, unless you never use the > card. On the other hand, those clerks can be traced down in most cases and have fairly limited numbers of cards they get. It might be very profitable to run a vacuum cleaner operation on the net slurping down credit card number or other confidential information and then selling it in bulk to people who could exploit it. .pm From goedel at tezcat.com Wed Aug 16 16:53:54 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Wed, 16 Aug 95 16:53:54 PDT Subject: SSL challenge -- broken ! Message-ID: Perry E. Metzger writes: >Joe Buck writes: >> However, I disagree with your conclusion: >> >> > Don't trust your credit card number to this protocol. >> >> Your credit card number, expiration date, etc, are continually being >> revealed to minimum-wage clerks all the time, unless you never use the >> card. > >On the other hand, those clerks can be traced down in most cases and >have fairly limited numbers of cards they get. It might be very >profitable to run a vacuum cleaner operation on the net slurping down >credit card number or other confidential information and then selling >it in bulk to people who could exploit it. Most credit card companies ship their registration information off shore to low tech developing countries. The idea is that the people entering the information are unlikely to be able to exploit the information they are exposed to. Capturing a set of credit card tapes is certainly profitable, as would be capturing large volumes of numbers, as you suggest. Now, are those West African credit fraud rings dialing up DEC, SUN, and SGI? :-) DJK P.S. There could be an article in tomorrows WSJ about the SSL Challenge. The technical details and facts will surely be mangled. :-( From futplex at pseudonym.com Wed Aug 16 17:22:17 1995 From: futplex at pseudonym.com (Futplex) Date: Wed, 16 Aug 95 17:22:17 PDT Subject: FBI Files on Clipper Release In-Reply-To: Message-ID: <9508170022.AA19096@cs.umass.edu> Dave Banisar quotes FBI documents obtained via the FOIA: > Technical solutions, such as they are, will only work if > they are incorporated into *all* encryption products. > To ensure that this occurs, legislation mandating the > use of Government-approved encryption products or > adherence to Government encryption criteria is required. ...meanwhile... > Testifying before a Senate Judiciary > Subcommittee on May 3, 1994, Assistant Attorney General Jo Ann > Harris asserted that: > > As the Administration has made clear on a number of > occasions, the key-escrow encryption initiative is a > voluntary one; we have absolutely no intention of > mandating private use of a particular kind of > cryptography, nor of criminalizing the private use of > certain kinds of cryptography. By exactly what mechanism are appointed (hired ?) officials such as AAG Harris supposedly accountable to the public ? Can they be brought up on perjury charges ? Just what real legal recourse do we have against lying scum in the bureaucracy ? Are we stuck unless we can get some Congresscritter to cry foul on the floor of the House or Senate ? -Futplex "you said too much; and what you said, it was a lie" -EMF From monty.harder at famend.com Wed Aug 16 17:39:25 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Wed, 16 Aug 95 17:39:25 PDT Subject: Object Oriented Crypto API Message-ID: <8AF4269.000300032B.uuout@famend.com> RC> anything without having to know anything about those formats at all. Yes. We need to be able to drop in new algorithms, because nobody knows what new attacks will be developed. RC> a Universal Resource Name (URN) for key identification. Perhaps RC> "key://keyserver.domain/keyid" would be better. Need to expand the concept of a key just a bit here. Your URL for keys needs to map to a hierarchy of keys that apply to different facets of a person's life, (casual vs. sensitive, personal vs. business) as well as to different encryption engines. The pubkey I have in the keyserver for the RSA algorithm will not work if you want to use the FOO algorithm instead. Rather than replicating the entire structure of keys for each new algorithm that comes along, there should be a standard protocol for requesting these various key types from the same "place". * I can't find where to put the milk in my "cereal" port. --- * Monster at FAmend.Com * From bdolan at use.usit.net Wed Aug 16 18:33:35 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Wed, 16 Aug 95 18:33:35 PDT Subject: genetic software patents (fwd) Message-ID: ---------- Forwarded message ---------- Sometime ago, I reported on a recent discovery of how gene sequences can be used for mathematical optimization calculations. The method, developed by Leonard Adelman (the "A" of RSA) provided a way of solving the Traveling Salesman Problem using gene sequences (interestingly, the paper by Hopfield that kicked off the neural network revival also solved the TSP). Computable genes blurs even more hardware and software (along with hardware/software codesign tools), but has yet to sink into PTO statutory and prior art thinking. In any event, the August 1995 issue of Dr. Dobb's Journal, page 127, has a nicely illustrated article titled "Biochemical techniques take on combinatorial problems". If you or your clients are interested in this new form of computing, get a copy of the article. Adelman's original paper titled "Molecular Computation of Solutions to Combinatorial Problems" and was in the November 11, 1994 issue of Science. While you are at it, get a copy of an article that appeared in the July 27, 1995 issue of Nature, page 307, titled "Protein molecules as computational elements in living cells". It starts out "Many proteins in living cells appear to have as their primary function the transfer and processing of information, rather than chemical transformation of metabolic intermediates or the building of cellular structures". Yet one more blur or "hardware" and "software". Geneware? A final article to get is "Circuit simulation of genetic networks", appearing in the August 4, 1995 issue of Science, page 650. It proposes to simulate genetic networks (such as the bacteriophage lambda lysislysogeny decision circuit) using the tools found in hardware/software codesign tools. With VHDL as a digital circuit language, and AHDL as a analog circuit language, are we going to need GHDL as a genetic circuit language? It is not hard to imagine in the future some VHDL code being mapped into software with standard translators, into hardware using cell libraries, and into gene sequences using sequence libraries interface to EDA design tools. Properly structured sets of claims under the Doctrine of Equivalents could claim coverage in all types of domains (in fact, the claims could be generated by the design tool itself using a "cell" library of claim clauses). Alternatively entire libraries of medical journals suddenly become potential software/hardware prior art. While practical use of the gene technique is years off, it does raise the issue of how the PTO is going to handle the prior art aspects, when gene technology now becomes software and hardware prior art (as soon as, if ever, the PTO first solves the software-software prior art problem, and then the software/hardware codesign prior art problem). Scientists are blurring the lines of computing much faster than the PTO can respond; for example, the proposed software patent guidelines reflect none of the above developments. Together these three papers represent the cutting cutting edge of issues that will be affecting the patenting world in the years to come. Read them now to get a jump. From liberty at gate.net Wed Aug 16 18:42:29 1995 From: liberty at gate.net (Jim Ray) Date: Wed, 16 Aug 95 18:42:29 PDT Subject: FBI Files on Clipper Release Message-ID: <199508170140.VAA22967@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Futplex writes: >...meanwhile... >By exactly what mechanism are appointed (hired ?) officials such >as AAG Harris supposedly accountable to the public ? Supposedly, the congressional pur$e-$trings... [I doubt the "reformers" will exercise this power.] >Can they be brought up on perjury charges ? [I *wish* but...] doubtful, our best hope is the media. >Just what real legal recourse do we have against lying >scum in the bureaucracy ? I have mass-forwarded Dave Banisar's post to all the media e-mail addresses I have. I suggest that everyone on the list do this too. [Isn't e-mail wonderful? :) ] I also e-mailed the government asking which position was the lie, but I don't expect a response. >Are we stuck unless we can get some Congresscritter to cry >foul on the floor of the House or Senate ? Yup. I'm afraid our best hope [aside from the media] is Congressman Trafficant and his ilk. ;-) >"you said too much; and what you said, it was a lie" -EMF When combined with PRZ's award today, I feel this obvious lie could be a blessing in disguise for us privacy lovers. I say this in view of the timing of the upcoming political season, but everyone here already knows that I only trust one kind of candidate to tell us the truth. Now they know why... JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMDKYp21lp8bpvW01AQFVggP+PqD6KaxwTYLogOaPC4G7nEzqfnR7sfyc SXQx4rQFt+HoaDbo89k75jh8BcfCwmZNEXsmbIz7ilyiIcnwhLDLL+sL+ZPie25W autacym9+MXjrkQUu12qNxQ+XKH0y+TR/mMCGIUVxtpyT5QMPVtAptS1DScoJx0U 0LmFsuSM+Z8= =C1JX -----END PGP SIGNATURE----- Regards, Jim Ray Don't investigate Mena, Arkansas and contra-coke. Embarrassment is a threat to national security... ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ From liberty at gate.net Wed Aug 16 18:42:35 1995 From: liberty at gate.net (Jim Ray) Date: Wed, 16 Aug 95 18:42:35 PDT Subject: SSL challenge -- broken ! Message-ID: <199508170140.VAA40390@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Joe Buck writes: >Your credit card number, expiration date, etc, are continually being >revealed to minimum-wage clerks all the time, unless you never use the >card. A chain is only as strong as its weakest link; it makes no sense to >buy an expensive lock when your door has a big enough opening to climb >through. Should some bad person get hold of your card number and misuse >it, you're not out any money: I'm not so sure....Checked the fees/interest lately? "There ain't no such thing as a free credit card theft." [Apologies to Milton & Rose Friedman.] ;) >you just tell the card company "I didn't buy >that". Since there's so much tracing in the system, if you buy a physical >something with a stolen credit card number it can usually be traced to you >(who'd they ship the package to?). They only *sometimes* find the person/loot. >It's not clear to me that *any* >encryption is really essential if the only purpose is to protect credit >card #'s from snoopers. OK, but I had an idea a number of years ago. It's not too new, either, and considering the BILLION$ in credit-card fraud, I think the credit card companies could implement it with little trouble at every site the cards are used. Why not PIN numbers. Banks and their customers are already used to them, they could be entered over the phone (I know, not too secure) or in person, and considering the dollar ammount of the current fraud, they would be cheap (I think). [There is probably a flaw in my idea, but I haven't found it.] >Q: Of the 20,000 credit card #'s stolen from Netcom's computer, how many >were used to buy things? Answer: not sure, but expect the answer is "zero". Probably so, but imagine being a Netcom customer (or a Netcom stockholder). Not all of the costs of crime are monetary. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMDKdH21lp8bpvW01AQGBTwP/VQ7BNPAAna6ba3avp+y9us0E5hhpUGdJ 6shHmZjPDWrSZz9aGzq5xhkQzSKdlLy/lFePt8acFBbDaGnK8wzAvoo1S69mr4bA AUJ+IsI5j/Ctvic0RGbiIlfy+thXna6iwTgDovBB7u311+UMCgMg0A89onIjWCQQ jKN2sSimEHg= =0TzV -----END PGP SIGNATURE----- Regards, Jim Ray Don't investigate Mena, Arkansas and contra-coke. Embarrassment is a threat to national security... ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ From jbuck at Synopsys.COM Wed Aug 16 19:25:19 1995 From: jbuck at Synopsys.COM (Joe Buck) Date: Wed, 16 Aug 95 19:25:19 PDT Subject: SSL challenge -- broken ! In-Reply-To: <199508170140.VAA40390@tequesta.gate.net> Message-ID: <199508170224.TAA05372@deerslayer.synopsys.com> > >Your credit card number, expiration date, etc, are continually being > >revealed to minimum-wage clerks all the time, unless you never use the > >card. A chain is only as strong as its weakest link; it makes no sense to > >buy an expensive lock when your door has a big enough opening to climb > >through. Should some bad person get hold of your card number and misuse > >it, you're not out any money: > > I'm not so sure....Checked the fees/interest lately? > "There ain't no such thing as a free credit card theft." Yes, it's true that this contributes to high interest rates (though defaults cost more than fraud). > >you just tell the card company "I didn't buy > >that". Since there's so much tracing in the system, if you buy a physical > >something with a stolen credit card number it can usually be traced to you > >(who'd they ship the package to?). > > They only *sometimes* find the person/loot. Doesn't matter, this is a disincentive to theft and you are never liable unless you lost your physical card. > OK, but I had an idea a number of years ago. It's not too new, > either, and considering the BILLION$ in credit-card fraud, I think > the credit card companies could implement it with little trouble at > every site the cards are used. It would cost billions to get every single merchant that accepts credit cards set up with PIN equipment. > Why not PIN numbers. Banks and their > customers are already used to them, they could be entered over the > phone (I know, not too secure) or in person, and considering the > dollar ammount of the current fraud, they would be cheap (I think). > [There is probably a flaw in my idea, but I haven't found it.] You have to make sure the clerk that gets your order doesn't see the PIN (so you need a secure path between you and your credit card co. that avoids the merchant). And what about the tellers? Do you know how badly they are treated? They can get all those #'s. Yes, it can be done: ATMs are set up that way. But as long as it's not done, those who scream at the horrors of sending credit card #'s over the net aren't thinking clearly. Never forget that social engineering is the easiest hack. Technical solutions that ignore wide-open social engineering paths are worse than useless (worse because they give an illusion of security). From liberty at gate.net Wed Aug 16 20:14:26 1995 From: liberty at gate.net (Jim Ray) Date: Wed, 16 Aug 95 20:14:26 PDT Subject: SSL challenge -- broken ! Message-ID: <199508170312.XAA45301@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Joe Buck wrote: >Yes, it's true that {fraud} contributes to high interest rates (though >defaults cost more than fraud). Sometimes there's little difference. >> They only *sometimes* find the person/loot. > >Doesn't matter, this is a disincentive to theft and you are never liable >unless you lost your physical card. I was referring to my previous point, whether or not you're *individually* liable, "somebody" always pays. >It would cost billions to get every single merchant that accepts credit >cards set up with PIN equipment. Agreed. Fraud/defaults cost billions too, the billions I propose spending would be a one-time, rather than yearly, cost. > >> Why not PIN numbers. > >You have to make sure the clerk that gets your order doesn't see the >PIN (so you need a secure path between you and your credit card co. >that avoids the merchant). I was thinking of some piece of hardware the clerk could hand you, but "shoulder surfing," by the clerk or by other customers, will always be possible, just as with ATMs or phonecards. My idea isn't perfect, just better than the present reality, IMO. >And what about the tellers? Do you know >how badly they are treated? They can get all those #'s. Yes, it >can be done: ATMs are set up that way. But as long as it's not done, >those who scream at the horrors of sending credit card #'s over the >net aren't thinking clearly. > >Never forget that social engineering is the easiest hack. Technical >solutions that ignore wide-open social engineering paths are worse >than useless (worse because they give an illusion of security). Agreed. My idea *is* imperfect. Social engineering works well. I just don't want to let the great be the enemy of the good, and the credit card fraud situation now is intolerable. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMDKxtm1lp8bpvW01AQFiCQQArDkX2OS/9FitoMYfKHa2K5O9UsAw+Yv9 yVrp1T8NtvieQkVMEpAbhAq3ISEcam2WsVOAOUPT7goK4yyzSz2UURaDsAru8kRO 66A9p0QSmS7sciNV4N2tGz/KlM44wV8axNs/9R9AAktnHhD/YbhtF0ONXTUXzrDi FwTSwgVD71o= =a9+Y -----END PGP SIGNATURE----- Regards, Jim Ray "The important thing is not to stop questioning. Curiosity has its own reason for existing. One cannot help but be in awe when he contemplates the mysteries of eternity, of life, of the marvelous structures of reality. It is enough if one merely tries to comprehend a little of this mystery every day. Never lose a holy curiosity." -- Albert Einstein ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ From hayden at krypton.mankato.msus.edu Wed Aug 16 20:38:10 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Wed, 16 Aug 95 20:38:10 PDT Subject: Randal Schwartz Petition Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I hate to do this, but for any of you that have been following the Randall Schwartz (or Perl fame) fiasco, there is now a URL with information about collecting petition signatures and letters of support for the sentencing judge. The URL is found at http://www.ugcs.caltech.edu/~kluster/petition.html/ Personally, I think it's rediculous all the crap that went into this conviction, but that's just my personal opinion. This probably isn't the correct place to discuss it, but misc.legal.computing has taken it up. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMDKdnDokqlyVGmCFAQGUNgP+NgqXU3p7Pb0vXYMb9gBiqDzGcIYeXdLG KfhmbTG0mOaVvcWzrrD7oEkdTXiPUhtzOknWH4C6OalSV54JwYGVEueOPfpeztBG 2u0izzyTX1UB2cCb352PxstpwSkrFoQHUqVCDRpHZcSNcTwfrS3vmYK5fLE5VY6n 203SEqfYupA= =Q4x2 -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++) ULU++ P+ L++ E---- W+(-) N++++ o+ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++ e++ h r-- y++** ------END GEEK CODE BLOCK------ From cmcmanis at scndprsn.Eng.Sun.COM Wed Aug 16 21:04:04 1995 From: cmcmanis at scndprsn.Eng.Sun.COM (Chuck McManis) Date: Wed, 16 Aug 95 21:04:04 PDT Subject: Phone call for Mr. Doligez, was Re: SSL challenge -- broken ! Message-ID: <9508170403.AA20845@pepper.Eng.Sun.COM> jweis wrote: > I have to agree, Netscape may spend some energy to upgrade their > encryption, but it really won't buy them all that much. SSL, to me, is > like using a "security envelope" to mail cash or putting the club on your > car. It presents just enough of an obstacle to keep honest people honest. This is the problem of using "physical" world analogies with the network. A similar argument that is posited is that "Sure its not 100% secure but its better than the carbons from a receipt (now gone) or people who don't shred their garbage." I respond that the network isn't the "real" world so the laws of physics don't apply. Someone in Boston MA is unlikely to fly into Sunnyvale to paw through my garbage, but it would be "trivial" for them to see my receipt go flashing by can throw some spare compute cycles at breaking it. A snooper/cracker program on a "spare" machine might yield a half dozen credit cards a week. I prefer the attitude of better vigilance through layered encryption. That is the transaction might be 40bit RC4 but the "jewels" (otherwise known as the credit authorization information) should be DES3. --Chuck Just my opinion of course. From tcmay at got.net Wed Aug 16 21:51:45 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 16 Aug 95 21:51:45 PDT Subject: ELINT easier than HUMINT Message-ID: (I've deleted the other list that was cc:ed here....) At 4:03 AM 8/17/95, Chuck McManis wrote: >This is the problem of using "physical" world analogies with the network. >A similar argument that is posited is that "Sure its not 100% secure but >its better than the carbons from a receipt (now gone) or people who >don't shred their garbage." I respond that the network isn't the "real" >world so the laws of physics don't apply. Someone in Boston MA is unlikely >to fly into Sunnyvale to paw through my garbage, but it would be "trivial" >for them to see my receipt go flashing by can throw some spare compute >cycles at breaking it. A snooper/cracker program on a "spare" machine >might yield a half dozen credit cards a week. I agree. This has direct parallels to "physical eavesdropping" vs. "electronic eavesdropping." After all, one might argue, why bother with encrypting phone conversations when a physical bug could pick up the audio? As Whit Diffie has noted, the difference is one of ease of use. It is hard to plant physical bugs...and expensive, prone to error, etc. It would also be pretty obvious, eventually, if every office in a building were physically bugged, but it would be almost undetectable if the Northern Telecom PBX box in the basement was being tapped on the way out. Crypto with back doors is even easier for the wiretapper. Electronic surveillance and related technologies (packet sniffers are a form of surveillance) are cheap by comparison to physical surveillance. And the concentration of communication lines and systems makes ELINT and COMINT much cheaper _per target_ than HUMINT. Now I don't personally worry too much at this time about giving my VISA number over the phone, or even over the Net...I can always deny making an authorization and the CC companies will not charge me (assuming the goods ordered were not also shipped to my address). But the future lies with protecting electronic transactions against surveillance. The breaking of SSL in Netscape is not terribly important in and of itself, given the government-imposed limits on key size, and given the sorts of things now being encrypted (like VISA numbers). It gets more important as the types of things encrypted become more serious. At least now we know how people were "vanished" in that recent movie. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From nobody at REPLAY.COM Wed Aug 16 22:14:16 1995 From: nobody at REPLAY.COM (Anonymous) Date: Wed, 16 Aug 95 22:14:16 PDT Subject: SmartCash (NewsClip) Message-ID: <199508170514.HAA29043@utopia.hacktic.nl> Alliance formed to develop first nationwide smart card company New York, Aug. 16 (Reuters) - The United States is a step closer to cashless commerce. Fourteen banks and financial instutions said Wednesday that they will form a company to develop and issue the first debit card that can be used nationwide instead of cash for purchases under $20. The new company, to be called SmartCash, will help speed the implementation of so-called "smart card" technology that uses a micro-processor chip embedded in the card to store vast amounts of information, including improved security features. "The chip gives the card an amazing abitity to contain stored information," said Nancy Elder, a spokeswoman for MasterCard International Inc., one of the companies participating in the creation of SmartCash. In addition to Mastercard International, other founding companies include Banc One Corp., Bank of America, Chemical Bank Corp., CoreStates Financial Corp., NationsBank Corp. and Wachovia Corp. However, participation in SmartCash will be open to all U.S. financial institutions and card providers, the companies said. "SmartCash represents a shared vision and a shared commitment to deliver the increased convenience, flexibility and efficiency of electronic cash to U.S. consumers, merchants and banks," said Hatim Tyabji, chairman of VeriFone Inc., a pioneer in stored value technology and another founder of SmartCash. The SmartCash card also will be standardised with similar efforts already underway for smart cards developed by credit card companies Europay, MasterCard and Visa. "Standardized specifications are all woven into the process. If you use your card in New York, it will be the same as if you use it on the West Coast," Elder said. The stored value application, one of the many uses of the card's embedded chip, enables funds from the cardholder's bank or credit-card account to be loaded into the card from an automated teller machine or from one of the terminals now under developement specifically for the SmartCash card. Elder said the companies have not identified what the cost to the consumer would be, but noted, "the consumer is going to have to see the value in it for them to want to use it." She also said there was a potential for the card to be expanded for use by those without bank accounts, who could credit the card in person at various locations. Elder added that the demand for such a versatile card was the driving force behind the broad alliance of companies already signed on to the SmartCash plan. "Sixty percent of consumers surveyed in the U.S. said they would be willing to switch banks to get the use of stored value (cards)," Elder said. Amy Brinkley, executive vice president at NationsBank, said the venture showed "unprecedented industry cooperation to develop an innovative financial product." SmartCash will combine assets and staff of the founding companies and pursue technology being developed by MasterCard, VeriFone, Electronic Payment Services Inc., and privately held Gemplus. A pilot programme is already under development in Delaware that will be overseen by Wilmington Trust and Electronic Payment and other regional pilot programmes were likely to spring up around the country next year, Elder said. ----- From dcrocker at brandenburg.com Wed Aug 16 22:18:01 1995 From: dcrocker at brandenburg.com (Dave Crocker) Date: Wed, 16 Aug 95 22:18:01 PDT Subject: Phone call for Mr. Doligez, was Re: SSL challenge -- broken ! Message-ID: At 11:32 AM 8/16/95, Jason Weisberger wrote: >like using a "security envelope" to mail cash or putting the club on your >car. It presents just enough of an obstacle to keep honest people honest. As the Mitnick experience shows, the vulnerability of the providers' host systems is a concern not addressed by link-oriented schemes such as SSL. Longer keys for SSL would not have improved the protection on the 30,000 credit card numbers he stole. d/ -------------------- Dave Crocker +1 408 246 8253 Brandenburg Consulting fax: +1 408 249 6205 675 Spruce Dr. page: +1 408 581 1174 Sunnyvale, CA 94086 USA dcrocker at brandenburg.com From goedel at tezcat.com Wed Aug 16 22:28:32 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Wed, 16 Aug 95 22:28:32 PDT Subject: SSL Challenge - Some thoughts Message-ID: 1. What kind of pseudo random number generator does Netscape use? 2. If it is a cryptographically secure sequence, doesn't that run up against ITAR restrictions? 3. Can we improve upon the brute force algorithm in a non-probabilistic way? 4. If we are happy with a 5% yield, we can restrict ourselves to the same 5% of the key space for each message. DJK From rittle at comm.mot.com Wed Aug 16 22:57:09 1995 From: rittle at comm.mot.com (Loren James Rittle) Date: Wed, 16 Aug 95 22:57:09 PDT Subject: Phone call for Mr. Doligez, was Re: SSL challenge -- broken ! In-Reply-To: Message-ID: <9508170554.AA17364@supra.comm.mot.com> >From: rah at shipwright.com (Robert Hettinga) >I can see the headlines now: "Netscape Security Broken, Stock Falls". Bob, So can I... :-( Too bad Damien didn't wait until after the date one could legally short the stock. That would have been the perfect time for a media frenzy on the issue. The announcement of SSL having been broken is occuring too soon to be at all useful in the financial sense. The media frenzy, if it happens, will now occur well before the 30-day lock-out on shorting a new issue. What a shame. ! Loren From bdavis at thepoint.net Thu Aug 17 00:53:42 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 17 Aug 95 00:53:42 PDT Subject: FBI Files on Clipper Release In-Reply-To: <9508170022.AA19096@cs.umass.edu> Message-ID: On Wed, 16 Aug 1995, Futplex wrote: > Dave Banisar quotes FBI documents obtained via the FOIA: > > Technical solutions, such as they are, will only work if > > they are incorporated into *all* encryption products. > > To ensure that this occurs, legislation mandating the > > use of Government-approved encryption products or > > adherence to Government encryption criteria is required. > > ...meanwhile... > > Testifying before a Senate Judiciary > > Subcommittee on May 3, 1994, Assistant Attorney General Jo Ann > > Harris asserted that: > > > > As the Administration has made clear on a number of > > occasions, the key-escrow encryption initiative is a > > voluntary one; we have absolutely no intention of > > mandating private use of a particular kind of > > cryptography, nor of criminalizing the private use of > > certain kinds of cryptography. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > By exactly what mechanism are appointed (hired ?) officials such as AAG Harris > supposedly accountable to the public ? Can they be brought up on perjury > charges ? Just what real legal recourse do we have against lying scum in the > bureaucracy ? Are we stuck unless we can get some Congresscritter to cry > foul on the floor of the House or Senate ? You sure are anxious to prosecute government officials. What is untrue about her statement. Maybe she meant it's OK to use ROT-13 but nothing else ... And you guys complained about the Jake Baker prosecution! BTW, Harris is no longer AAG-Criminal Division. She went back to teaching, keeping a commitment she made to her family. And yes, she was appointed by the President and confirmed by the Senate. > -Futplex > "you said too much; and what you said, it was a lie" -EMF > EBD From nobody at valhalla.phoenix.net Thu Aug 17 01:25:20 1995 From: nobody at valhalla.phoenix.net (Anonymous) Date: Thu, 17 Aug 95 01:25:20 PDT Subject: SmartCash Message-ID: <199508170825.DAA16917@ valhalla.phoenix.net> Alliance formed to develop first nationwide smart card company New York, Aug. 16 (Reuters) - The United States is a step closer to cashless commerce. Fourteen banks and financial instutions said Wednesday that they will form a company to develop and issue the first debit card that can be used nationwide instead of cash for purchases under $20. The new company, to be called SmartCash, will help speed the implementation of so-called "smart card" technology that uses a micro-processor chip embedded in the card to store vast amounts of information, including improved security features. "The chip gives the card an amazing abitity to contain stored information," said Nancy Elder, a spokeswoman for MasterCard International Inc., one of the companies participating in the creation of SmartCash. In addition to Mastercard International, other founding companies include Banc One Corp., Bank of America, Chemical Bank Corp., CoreStates Financial Corp., NationsBank Corp. and Wachovia Corp. However, participation in SmartCash will be open to all U.S. financial institutions and card providers, the companies said. "SmartCash represents a shared vision and a shared commitment to deliver the increased convenience, flexibility and efficiency of electronic cash to U.S. consumers, merchants and banks," said Hatim Tyabji, chairman of VeriFone Inc., a pioneer in stored value technology and another founder of SmartCash. The SmartCash card also will be standardised with similar efforts already underway for smart cards developed by credit card companies Europay, MasterCard and Visa. "Standardized specifications are all woven into the process. If you use your card in New York, it will be the same as if you use it on the West Coast," Elder said. The stored value application, one of the many uses of the card's embedded chip, enables funds from the cardholder's bank or credit-card account to be loaded into the card from an automated teller machine or from one of the terminals now under developement specifically for the SmartCash card. Elder said the companies have not identified what the cost to the consumer would be, but noted, "the consumer is going to have to see the value in it for them to want to use it." She also said there was a potential for the card to be expanded for use by those without bank accounts, who could credit the card in person at various locations. Elder added that the demand for such a versatile card was the driving force behind the broad alliance of companies already signed on to the SmartCash plan. "Sixty percent of consumers surveyed in the U.S. said they would be willing to switch banks to get the use of stored value (cards)," Elder said. Amy Brinkley, executive vice president at NationsBank, said the venture showed "unprecedented industry cooperation to develop an innovative financial product." SmartCash will combine assets and staff of the founding companies and pursue technology being developed by MasterCard, VeriFone, Electronic Payment Services Inc., and privately held Gemplus. A pilot programme is already under development in Delaware that will be overseen by Wilmington Trust and Electronic Payment and other regional pilot programmes were likely to spring up around the country next year, Elder said. ----- From asb at nexor.co.uk Thu Aug 17 01:26:37 1995 From: asb at nexor.co.uk (Andy Brown) Date: Thu, 17 Aug 95 01:26:37 PDT Subject: SSL challenge -- broken ! In-Reply-To: <199508161745.KAA08481@jobe.shell.portal.com> Message-ID: On Wed, 16 Aug 1995, Hal wrote: > Ironically, I understand that an independent effort coordinated by Adam > Back also discovered the key at approximately the same time. In > addition, Eric Young had done a search starting at 8000000000 and > upwards; unfortunately the key value of 7ef0961fa6 was only about one > percent below his starting point. Hopefully Adam will supply more > information. Dave Byers found it with his MasPar while searching the space that Eric had left out. The MasPar was getting 1.4M keys per second and hence could search the entire 40 bit keyspace in about 9 days anyway. - Andy +-------------------------------------------------------------------------+ | Andrew Brown Internet Telephone +44 115 952 0585 | | PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A C0 1F 9F 66 64 02 4C 88 | +-------------------------------------------------------------------------+ From stewarts at ix.netcom.com Thu Aug 17 02:49:05 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 17 Aug 95 02:49:05 PDT Subject: SSL challenge -- broken ! Message-ID: <199508170946.CAA26868@ix5.ix.netcom.com> At 04:39 PM 8/16/95 -0500, you wrote: >> I haven't seen any news stories about this on the wire >> services. Someone would have to write a story about it first before >> people would know... > >I've suggested this to a few reporters I know.. It's worth suggesting this _carefully_ so the spin's right. For instance "Oh, no, Netscape lets Hackers suck all the money out of your credit cards" would be bad :-) On the other hand, "The US Government's Evil Plans to block encryption are limiting Netscape's export products to an encryption system already broken by a French university. This means you can send credit card numbers safely to American web sites, but not to foreign ones - like the airline or hotel reservations you were making for your vacation, or those Irish handcrafts or bottle of Scotch you were ordering, or that Hong Kong magazine you were subscribing to, or the CD from that band in Budapest that had the great sound samples out there. And when you were donating to that Amazon rainforest conservation group, the NSA's arbitrary export rules may have just helped the Colombian drug cartels rip off your credit card." #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- "The fat man rocks out Hinges fall off Heaven's door "Come on in," says Bill" Wavy Gravy's haiku for Jerry From nobody at flame.alias.net Thu Aug 17 03:02:33 1995 From: nobody at flame.alias.net (Anonymous) Date: Thu, 17 Aug 95 03:02:33 PDT Subject: Out of state gambling Message-ID: <199508171002.MAA01952@utopia.hacktic.nl> Hello C-Punks: (nb This is posted anonymously because I had this idea the implementation of which would be (probably) illegal. I'm not sure whether putting my name to the idea would be a good idea for the reason that I can't be sure that I wouldn't be implicated under the overbroad "conspiracy" or "Rico" powers which are oh so popular as a way of putting people away for thought crimes. This message will in any case have appeared via a couple of foreign remailers on it's way. I am proud of the idea, but I appreciate those of you who know who I am keeping quiet about it, as I'm just being prudent, and extra cautious. The idea.....Out of state gambling, Internet style - lets give them a taste of whats to come. You may recall that a short time before Pres. Clinton got elected, the Wall Street Journal had an article about gambling taking place in Moscow and London on the outcome of the election. The story told by the article was that the bookmakers in London had more up to date and better info. than Gallup and Roper obtained with all their phone polls. The London bookie's accuracy was vindicated by the outcome, as Clinton won, and by the predicted margin. Ahhh...The power of the free market. Makes sense too, if it's your own money on the line rather than someone else's phone call (during a meal, of course) I wander how many US bets were placed in England (covertly, via friends etc.). The internet casino, which will soon be open for business - - adds a new Internet related twist to this. Could someone, perhaps a furriner, perhaps talk to the folks at casino.org and see if they would be willing to open a book on presidential election outcomes. Or perhaps organize something with an enterprising London/Moscow gambling house, preferably with fast IP feed, and constantly updated odds on the web. The Internet Casino is advertising that they will be having their "Grand Opening" on August 18. My aim is to make cheap, timely & accurate poll predictions, not to encourage contravention of the gambling laws, which are, after all, oh so important to protecting life as we know it. If some people choose to avoid these laws I disclaim all resposibility, but the anon. remailer is insurance that all of you will feel the same way. The aim in writing this short missive to cpunks is to encourage someone who is more able legally to help this idea happen. Just attempting to add some substance to Tim's sig. quote, about national borders being merely "speed bumps", my ideal implementation would see lots of e$ bets, cpunk-remailers, and (for US citizens) strong encryption. Any suggestions for books? I've got a few (besides the obvious, "Who Wins"?) such as: Which Republican will win the nomination? Will "Speaker Newt" run. Will "Moneybag$" enter the race? If so, will he drop out and enter again? Any comments on the practical and legal issues (such as exactly what laws I'm violating) or on getting publicity for such a scheme? This might be easier than we think, as the media [at least the WSJ] is well aware of the bookie's superior accuracy & lower cost. Thank you. From frissell at panix.com Thu Aug 17 03:40:34 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 17 Aug 95 03:40:34 PDT Subject: SmartCash (NewsClip) Message-ID: <199508171040.GAA15464@panix.com> >She also said there was a potential for the card to be >expanded for use by those without bank accounts, who >could credit the card in person at various locations. Or even those who don't exist. Sounds like real cash to me. Note that 20% of the population have no bank accounts. DCF "Coercion-based systems only work if the person coerced is immobile, stupid, or weak." From jya at pipeline.com Thu Aug 17 05:07:50 1995 From: jya at pipeline.com (John Young) Date: Thu, 17 Aug 95 05:07:50 PDT Subject: WSJ on SSL Crack Message-ID: <199508171207.IAA15512@pipe4.nyc.pipeline.com> The Wall Street Journal, August 17, 1995, p. B3. French Hacker Cracks Netscape Code, Shrugging Off U.S. Encryption Scheme By Jared Sandberg A computer hacker in France has breached the encryption scheme of new Netscape software for navigating the Internet, the global computer network. The breach underscores flaws in U.S. rules restricting the export of more-sophisticated security measures. The hacker, a French student at the Ecole Polytechnique, cracked the weaker encryption scheme that U.S. government policy forces Netscape Communications Corp. to use in a foreign version of its Navigator software. Yesterday, he posted the results of his efforts on the Internet's Cypherpunks discussion group. The student took up a challenge issued on July 14 in the Cypherpunks group, which is frequented by cryptography experts and hackers and mathematicians. He used 120 powerful computer workstations and two supercomputers to crack a piece of information encrypted in Netscape's "browser" software. The security is aimed at scrambling sensitive financial data to keep credit-card numbers, sales transactions and other material safe from breakms. The highly sophisticated computers took eight days to break the code -- far more power and time than the typical illegal hacker would be able to muster for criminal pursuits. But the chore nonetheless highlights the vulnerabilities that could make customers shy away from conducting commerce on the Internet, particularly international users who can't get hold of the tougher security measures allowed within the U.S. The French hacker was able to crack the so-called 40-bit encryption scheme in Netscape's overseas version of its software. In the U.S., Netscape employs a far more powerful design -- 128 bits, a number that refers to length of the encoding "key," which is used to scramble data. U.S. rules limit Netscape to exporting only 40-bit encryption overseas. Yet the 128-bit version takes exponentially more power to crack: Compared with violating the 40-bit scheme, the 128-bit key would take 10-to-the-26th-power more time to breach, experts say. That's a 1 followed by 26 zeroes, a factor of time that makes it all but impossible for hackers to break in. Netscape wasn't surprised at the findings. The company said it has always known and stated that 40-bit security could be breached by "brute force," the use of massive computing power to descramble the information. "This is a good indication of why the government should allow us to ship more secure software," said Mike Homer, Netscape's vice president of marketing. "The laws are archaic." Clinton administration officials have viewed strong encryption as a weapon for foreign terrorists, who could exchange communications without fear of eavesdropping by law enforcement officials. That policy, however, has raised the hackles of industry executives, who say that without strong encryption abroad, the growth of electronic commerce could be significantly stunted. Last week, a group of software executives told the White House that restrictive export regulations might blunt American competitiveness in foreign markets. "Netscape security is fine," said Dietrich Cappe, a senior partner at Red Planet LLC, an Internet consulting company. "As long as the government's export restriction exists, commerce is going to be severely hampered." Netscape licenses the encryption algorithm from RSA Data Security Inc., one of the most prominent software security firms that licenses its software to most major software companies. "We've warned the government that the level of security they allow our customers to export is too weak," said James Bidzos, president of RSA. "Maybe they'll listen now." Netscape's Mr. Homer noted, however, that the amount of effort and computing power, which could cost as much as $10,000 in addition to the cost of the machines, don't make even breaches of 40-bit security practical from a thief's perspective. "You'd be better off working in a shoe store, stealing credit card numbers for a week." Mr. Homer said. [End] From perry at piermont.com Thu Aug 17 05:33:52 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 17 Aug 95 05:33:52 PDT Subject: SSL challenge -- broken ! Message-ID: <199508171232.IAA02057@frankenstein.piermont.com> It has occured to me that, because the RC4 key crackers spend most of their time in key setup, you can crack N SSL sessions that you captured in not substantially more time than it took to crack 1. This is analagous to the way brute force Unix password file hacking operates. Perry From aba at dcs.exeter.ac.uk Thu Aug 17 06:42:41 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 17 Aug 95 06:42:41 PDT Subject: SSL challenge -- broken ! Message-ID: <7033.9508171341@exe.dcs.exeter.ac.uk> > It has occured to me that, because the RC4 key crackers spend most > of their time in key setup, you can crack N SSL sessions that you > captured in not substantially more time than it took to crack > 1. This is analagous to the way brute force Unix password file > hacking operates. This occurred to me a whila ago too, and I thought it a very cool idea, as it would mean you could do loads of keys at once with little additional compute time. Then I changed my mind, there's a reason this doesn't work with 40 + 88 SSL, I think. It works well enough for straight RC4, as you just compare lots of keys at once, the RC4 output which will be XORed just gets compared against lots of sample plain text / cipher texts simulataneously. The actual key used is the 40 bit key you're bruting, plus what is effectively an 88 bit salt (in unix password nomenclature, only unix password salts are typically 12 bits). The actual 128 bit RC4 key is generated by taking the MD5 of the known and unknown key bits, plus a couple of other things. As the 88 known bits are randomly generated you can't combine work. If I have misunderstood something, or there is a way to work around this, please explain, because being able to do this would be a huge boon to the key breaker. It would allow you to break keys at a ferocious rate if you had lots of keys to break. Adam From perry at piermont.com Thu Aug 17 06:46:00 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 17 Aug 95 06:46:00 PDT Subject: SSL challenge -- broken ! In-Reply-To: <7033.9508171341@exe.dcs.exeter.ac.uk> Message-ID: <199508171344.JAA02573@frankenstein.piermont.com> aba at atlas.ex.ac.uk writes: > The actual key used is the 40 bit key you're bruting, plus what is > effectively an 88 bit salt (in unix password nomenclature, only unix > password salts are typically 12 bits). Yup, you are right. Slipped my mind. (A mind is a terrible thing to slip...) .pm From Damien.Doligez at inria.fr Thu Aug 17 06:52:59 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Thu, 17 Aug 95 06:52:59 PDT Subject: Phone call for Mr. Doligez, was Re: SSL challenge -- broken ! Message-ID: <9508171352.AA02309@couchey.inria.fr> >In general, it just adds more flames to the fire started by the >letter written by Microsoft, IBM and Lotus. Their point is bolstered >by this easy attack. Well, that was the whole point of the challenge, wasn't it ? Why didn't the journalists didn't write their articles one month ago when Hal posted his challenge ? What I find surprising is that it took as long as one month. I was even surprised when it wasn't done after two weeks, and that's when I started working on it. -- Damien P.S. check out From rah at shipwright.com Thu Aug 17 06:56:00 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 17 Aug 95 06:56:00 PDT Subject: (fwd>>)309,485,009,821,345,068,724,781,056 Message-ID: --- begin forwarded text From: "John Hemming - CEO MarketNet" Date: Thu, 17 Aug 1995 08:39:37 AM PDT To: www-buyinfo at allegra.att.com Mime-Version: 1.0 Subject: 309,485,009,821,345,068,724,781,056 Like .. er ... a big number maan. "SSL" has not been cracked "EXPORT SSL" has been cracked. Then if someone in the next few years can crack SSL with a confidential master key of 128 bits with 2^88 as many required key checks (say half the keyspace at 2^87 as our mate Damien did) then that will be a much bigger story. Then again it was not me floating last week .... In the mean time we encounter the usual inane US government's export restrictions. Can someone put in a word for me please ... Please Please Please Mr Clinton .... keep those export regulations It gives people like myself a major commercial lead in provision of encryption software. So what can we do. Well not being a very trusting soul at times I tried out sending the 01 (SSL 128 bit confidential) message to an export Netscape browser and lo and behold it came up with a cipher conflict. Well that would have been an easy way out. Realistically my internal browser is almost at beta test level and we will put cipher 01 in our selection of ciphers as well as cipher 2. We will also make available our browser to link securely to our servers. If anyone outside US/CA wants work done to bring their systems up to 128 bit confidential ciphers please email jane at jhc.co.uk (JHC plc - JHC Internet Services - yes it does mean John Hemming & Co) In the mean time: My credit card number is 5434 8012 0900 2563 expires 3/97 My name is John A M Hemming My address is 15, Chantry Road, Moseley, Birmingham B13 8DL Who loses if you use that: Firstly, I now have to check my credit card statements for items that are not mine. This will be a pain, but it makes a point clear. Secondly, if you use it you will be breaking the law. Thirdly, when the merchant has to refund up to 6 months of trading turnover on any duff orders the merchant will be seriously upset. My name and address are a matter of public record in the UK. I have only made the job easier by putting all of the information in one place. The card number and expiry date are available in any one of a number of places. (As a City Councillor in Birmingham my address has to be available to the public). 1. Export SSL is good enough for credit card numbers. 2. My bank account is protected by export SSL (I mean that you need to crack export SSL to look at the balances) Alternatively you can phone up the bank and pretend to be the police/head office/inland revenue and ask them. 3. Export SSL or even import SSL is not good enough for entering into contracts. Digital signatures are needed for that. In the mean time ..... I have managed to implement PGP into my workhorse program (which is gradually coming up to beta standard). It seems interoperable with the PGP.exe file in Europe. (As long as you keep the message reasonably short) This allows two interesting additions has been extended to When you click on that it does a mailto, but also loads the PGP key (public key and userid packets). The program saves both the plaintext and encrypted version and then mails out the encrypted version. The PGP key packet has to have the same email address as that in the mailto otherwise the program will freak. see http://mkn.co.uk/ Which uses that. Similarly
allows the encryption of a form before it is mailed. I do have a test form somewhere try the pages in http://mkn.co.uk/help+dir+test\*.* This is quite a nice solid way of ensuring high level encryption for passing around confidential information from forms. Sadly the program that does it ftp://193.119.26.70/mktnet/pub/horse.zip is still a little flaky. Once I have finished off getting 128 bit confidential SSL built into my program I shall be putting in the extensions for electronic cheques (probably today or tomorrow, but I won't be putting that on release even as alpha for the moment). see http://mkn.co.uk/help/policy/htmlext for more details. John --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From Damien.Doligez at inria.fr Thu Aug 17 07:04:41 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Thu, 17 Aug 95 07:04:41 PDT Subject: SSL challenge -- broken ! Message-ID: <9508171404.AA02355@couchey.inria.fr> >From: Joe Buck >However, I disagree with your conclusion: [...] >There's plenty of stuff that *does* need protection, but I'm not sure >credit card #'s head the list. You're right, of course, if you discount the hassle of getting the transactions cancelled whenever your credit card number is used fraudulently. I have much a better example (and a real one, too): I have an account at Wells Fargo Bank near San Fransisco. They recently started offering web access to their customers. That would be great for me because banking by phone is pretty expensive when I'm in France, and it's not always easy for me to understand American accents. So they would give me a password that I can use for some set of operations. I don't know which one exactly, but I would expect it to include electronic transfers from my account to anywhere else. The password is protected by the SSL connection. That would be fine if I had the full SSL security, but in France I can only get the exportable version of Netscape. As a result, I won't be using this service. There's the beginning of a market for full-SSL clients and servers outside the US. Maybe Netscape should go multinational right now. -- Damien From anon-remailer at utopia.hacktic.nl Thu Aug 17 07:35:16 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Thu, 17 Aug 95 07:35:16 PDT Subject: UK Independent on SSL crack Message-ID: <199508171435.QAA05353@utopia.hacktic.nl> from the "ukpipeline" :-) >>>>>>>>>>>>>>>>>>>> UK Indpendent newspaper, 17/8/1995 Internet's 30bn Pound Secret Revealed Charles Arthur Technology Correspondent A French student has cracked the most commonly used encryption system used to pass financial transactions over the Internet, threatening a business forecast to be worth billions of pounds worldwide. Damien Doligez, 27, a PhD student at the Inria research centre near Paris, broke a software "key" used by the Netscape browsing program, which lets users navigate the World Wide Web. With Netscape, Internet users can visit shopping "sites" on the Web and order goods by sending their credit card and address over the network to the site. To prevent anyone picking up those confidential details as they pass through the network, they are encrypted first using a software "key". This is the system used for example by Barclays Bank's "BarclaySquare" project, launched in May, which offers access to eight major retailers. Market research companies forecast that money transmission over the Internet will be worth more than 30bn pounds by 2005. At the launch of BarclaySquare, Roger Alexander, managing director of the unit said: "The encryption method has been rigorously tested by us". But Mr. Doligez has compromised that security by decoding a test example of an encrypted transaction, posted on a number of Internet discussion groups in July. The transaction was scrambled using a digital key 40 bits long, which offers about 1,000 billion ( a million million) possible combinations. Mr Doligez harnessed spare time on 120 workstations and parallel computers. The computers turned up the answer after eight days. "I wouldn't trust my credit card number to Netscape," Mr Doligez told the Independent from Paris yesterday. Netscape Communications, whose flotation on the New York Stock Exchange raised more than $1bn, said "We have always said this would be theoretically possible." [end] From frissell at panix.com Thu Aug 17 07:54:43 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 17 Aug 95 07:54:43 PDT Subject: Predicament Again Message-ID: <199508171416.KAA12135@panix.com> Just because I love beating a dead horse... Back in June we had the argument over whether or not Phil Z should be worried because of the threat of prosecution hanging over him. And a prosecutor (?) by the name of Brian Davis as well as Tim and others thought that I was wrong to say that I would enjoy the process because of the opportunities for verbal abuse and point scoring that I would have were I under threat of prosecution in a case the government couldn't win. (Mostly pure 1st Amendment cases.) The reason that this is important is a big fat tactical fact. Defeat is a process that takes place in the mind of the enemy. It is well known to military types that it is possible for the weaker force to overcome the stronger force if the stronger force can be convinced that it has lost. People are rapidly becoming the stronger force in conflicts with governments because of technology, but governments are trying to use intimidation where they lack the capabilities. They are trying to psych us (and particularly the more credulous) out. We can fight this weapon by constant hammering at the fact of the government's weakness and its failure to intimidate us. Since most of what we do on the nets is speech and since speech enjoys a great deal of protection in the US, it is important to hit the opposition hard in speech cases where we have a strong hand. I certainly don't advocate abuse of prosecutors in other cases (taxes and drugs) where conviction is likely. But in pure speech cases, we should really heap on the derision. I happen to think that the prosecution of the award-winning Phil Zimmermann is one of those kinds of cases. Another similar case surfaced in Connecticut. The "Greenwich 5" had conspired so that nonsense syllables in their high school yearbook photo captions spelled out "Kill all the [African Americans]." (Note the cypherpunk significance of code use.) There was a bit of controversy of course and the young scholars volunteered to attend a "Civil Rights Boot Camp" run by the now neo-conservative CORE. Some weeks later, local and state prosecutors announced that they would not prosecute the 5 under CT's civil rights laws because of "lack of evidence." Calls to The Butcher of Waco for federal prosecution followed but have as yet had no results. This is the sort of case in which I would advocate that the "object of prosecutorial interest" be as aggressive and abusive as possible. The reason the prosecutors declined to prosecute was not lack of evidence but lack of law violation. The prosecutors were too cowardly to state that the Greenwich 5's action was perfectly legal. Since the public servants won't, it is up to those who are attacked to do so. The benefits of cutting through the exon in a case like this is that prosecutors are less likely to proceed in similar cases in the future and the public is educated as to the true state of the law. It is recreational as well. DCF "Few generals have ever been defeated because they had too many soldiers under their command." From aba at dcs.exeter.ac.uk Thu Aug 17 08:11:06 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 17 Aug 95 08:11:06 PDT Subject: Another SSL breakage... Message-ID: <7849.9508171510@exe.dcs.exeter.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- All hell seems to have broken loose whilst I was lazing on the beach yesterday. SSL breakings, big name newspaper newsreports (of varying degrees of accuracy), and much ITAR bashing (yay!) or perhaps that should be nooooh! 'cos I might be doing myself out of work as a UK crypto hacker (as John Hemming said in the article Robert Hettinga forwarded) if we loose the fun advantage of being in the free world, and not having to follow the ITAR nonsense. Anyway, congratulations Damien! As Hal said, another group was working on the SSL challenge (albiet just for software testing purposes). Here's the story.... on Tue, 15 Aug 1995 10:43:15 +0200 I recieved this from David Byers : > Eureka! > > Encrypted Master Key: 7ef0961fa6 > > [...] So who was first? David hit it Tue 10:43 GMT+2. Doesn't matter, the more the merrier, and the better to demonstrate the silly ITAR export restrictions. This was a trial run at breaking it which two people had done just to check if their respective software was working correctly. It appears that it was :-). This testing was some of the reason for the slowness in getting the group effort started, we were very keen to ensure it really would work, and that the software was working perfectly. Disappointment with the RC4 bruting demonstrated the importance of checking first. On with the story, Davids eureka arrived Tuesday, I tinkered with it some, but was interpreting it wrongly and left it for that day, then I was away yesterday (at the beach with wife and kids, nice weather over here), and figured out how to apply the key this morning (with a bit of prompting from Hal as to what I was doing wrong), just after reading Damien's announce on cpunks, where he independently bruted it on a farm of workstations. Here's the output, with the "Mr Cosmic Kumquat" from "SSL Trusters Inc": > PPOST /order2.cgi HTTP/1.0Referer: https://order.netscape.com/order2.cgi > User-Agent: Mozilla/1.1N (Macintosh; I; PPC) > Accept: */* > Accept: image/gif > Accept: image/x-xbitmap > Accept: image/jpeg > Content-type: application/x-www-form-urlencoded > Content-length: 472 > > source-form=order2-cust.html&order_number=31770&prod_80-01020-00_Mac=1&carrier_code=UM&ship_first=Cosmic&ship_last=Kumquat&ship_org=SSL+Trusters+Inc.&ship_addr1=1234+Squeamish+Ossifrage+Road&ship_addr2=&ship_city=Anywhere&ship_state=NY&ship_zip=12345&ship_country=USA&ship_phone=&ship_fax=&ship_email=&bill_first=&bill_last=&bill_org=&bill_addr1=&bill_addr2=&bill_city=&bill_state=&bill_zip=&bill_country=USA&bill_phone=&bill_fax=&bill_email=&submit=+Submit+Customer+Data+ (I won't bother formating it more cleanly as Damien has already done the honors). I think a group effort ought to be done now that we are confident of the software, just to see how darn fast we (cypherpunks as a group) can knock off SSL keys. (This one was done by 2 people for testing purposes, and independently by Damien (who we didn't know was working on it)). I'd really like to work up to a really meanly few hours breakage, as it looks that much more impresive. The next media release ought to be of a steady offer, of the form, cpunks break keys in x hours, where x is a very small number. And not just break one key, but will break lots of keys, as required, until something is done about it (ITAR) :-) Eric Young is currently away on holiday, but I have his machine stats from earlier email, where he explained the hardware he was testing on. Eric swept 8000 - FFFF, and David 0000 - 7ef0 (where he hit the key) Machine stats for this bruting: 1 x 16k processor MasPar MP-1 - 1.5M keys/sec 4 CPUs of R4400 200mhz - 24000 keys/sec 4 CPUs of sparc 60mhz - 17500 keys/sec 2 CPUs of sparc 50mhz - 14800 keys/sec 1 CPU of Pentium 75mhz - 10200 keys/sec 1 CPU of Alpha - 10000 keys/sec 2 CPUs of 88100 - 8000 keys/sec 1 CPU of 88000 - 3500 keys/sec 1 CPU of R3000 36mhz - 3800 keys/sec 49 CPUs of 486DX 50mhz - 3780 per src The workstations total: - 424,320 keys/sec, and the Maspar 1.5M keys/sec on it's own. The 0000 - 8000 sweep was finished Aug 11 (he might have finished a day or two earlier, that's when he replied to my question as to how he was getting on. He left for his holiday after that email. The MasPar sweepings were going fast, swept 0000 - 795d (this was sometime before the 11th Aug) but someone else wanted the machine, so a pause ... and then (presumably Tues morning) 795d - 7ef0 and bang he hit it. We were getting worried about the possibility of software failure by then as we'd already swept 8000 - FFFF and 0000 - 795D accounting for 97.4% of the key space. It was hiding away in the last bit of unswept keyspace. Luck of the draw... A few quick calculations: The maspar alone could do the entire keyspace in 8 1/2 days, or an expected average time of ~100 hours. I believe I'm right that there would be lots of organisations which would sell you idle maspar hours for a lot less than $100 / hr. Heck you could do it with PC's, if they (WSJ article) think it's worth $10k all I can say is "give me the $10k", and I'll do it and make a handsome profit. The workstation farm, at 424k keys/sec could do the job in 30 days, or 15 days average. The workstation farm was only used to sweep half the key space, and was used overnight (12 hours) and weekends (61 hours) only as people were using the machines during the day. Could it have been done with out anyone knowing? Hell, yes - it was in fact, no announce was made as it was just testing etc. Adam - -- HAVE *YOU* EXPORTED RSA TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ - --rsa--------------------------8<------------------------------- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 >At 04:39 PM 8/16/95 -0500, you wrote: >>> I haven't seen any news stories about this on the wire >>> services. Someone would have to write a story about it first before >>> people would know... >> >>I've suggested this to a few reporters I know.. > >It's worth suggesting this _carefully_ so the spin's right. >For instance "Oh, no, Netscape lets Hackers suck all the money >out of your credit cards" would be bad :-) On the other hand, >"The US Government's Evil Plans to block encryption are limiting >Netscape's export products to an encryption system already broken >by a French university. This means you can send credit card numbers >safely to American web sites, but not to foreign ones - like the >airline or hotel reservations you were making for your vacation, >or those Irish handcrafts or bottle of Scotch you were ordering, >or that Hong Kong magazine you were subscribing to, or the CD from >that band in Budapest that had the great sound samples out there. >And when you were donating to that Amazon rainforest conservation >group, the NSA's arbitrary export rules may have just helped the >Colombian drug cartels rip off your credit card." Thats pretty much the spin on page B3 of the WSJ. I'll type it in when I get the chance. Dietrich J. Kappe | Red Planet http://www.redweb.com/ Red Planet, L.L.C.| "Chess Space" /chess 1-800-RED 0 WEB | "MS Access Products" /cobre Web Publishing | E-mail: RedPlanet at redweb.com From Damien.Doligez at inria.fr Thu Aug 17 08:35:45 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Thu, 17 Aug 95 08:35:45 PDT Subject: Another SSL breakage... Message-ID: <9508171532.AA02772@couchey.inria.fr> >From: aba at atlas.ex.ac.uk >on Tue, 15 Aug 1995 10:43:15 +0200 I recieved this from David Byers >: > >> Eureka! >> >> Encrypted Master Key: 7ef0961fa6 Then David beat me by about two hours. My program found the result at 12:23 +0200 on the same day. I was not at work (aug 15 is a holiday in France), so I saw it a few hours later, and I wrote my announcement yesterday. I will happily redirect all the journalists to David... -- Damien From jim at acm.org Thu Aug 17 08:39:23 1995 From: jim at acm.org (Jim Gillogly) Date: Thu, 17 Aug 95 08:39:23 PDT Subject: SSL challenge -- broken ! In-Reply-To: <199508161832.OAA19556@frankenstein.piermont.com> Message-ID: <199508171539.IAA02929@mycroft.rand.org> > > > Hal writes: > > > I am a little alarmed by the suggestion that this news could have some > > > marked impact on the Netscape stock price. From our perspective this was > Jim Gillogly writes: > > So far it appears not to have had an effect. The two web pages I know abou > "Perry E. Metzger" writes: > I haven't seen any news stories about this on the wire > services. Someone would have to write a story about it first before > people would know... I note that Netscape is down 3 at the moment... cause and effect are hard to identify, of course, since the stock has been waving around a lot since its IPO a week ago. In any case, provisional full marks to Perry. Jim Gillogly Highday, 25 Wedmath S.R. 1995, 15:38 From jya at pipeline.com Thu Aug 17 08:45:59 1995 From: jya at pipeline.com (John Young) Date: Thu, 17 Aug 95 08:45:59 PDT Subject: RUB_han Message-ID: <199508171545.LAA10941@pipe1.nyc.pipeline.com> Hurray for PRZ and D.FR and the yet-untargeted DCF unconspiratorily, merrily, incites. Now, sordid lucre biz: 8-17-95. NYPaper: "A mystery bankers love: How do credit cards stay so profitable?" The profit on credit card operations is almost five times the overall profit rate in banking. Last year, eight of the top nine commercial banks ranked by return on assets specialized in credit card loans. In a free market, this isn't supposed to happen. If the business is immensely profitable -- and that profitability is no secret -- why hasn't wideopen competition forced banks, at best, to offer lower interest rates to consumers or, at worst, at least to dissipate their excess profits in ever greater spending for promotion? This is not a pretty picture of free markets at work. "Mastercard Joins Banks to Plan Card That Works Like Cash." [This amplifies a bit the anonymous post on SmartCash.] The venture, called Smartcash, plans to issue what are called "stored value" or "electronic purse" cards. Customers would be able to load money onto these cards, say $20 or $50, at automated teller machines or by calling their banks with specially equipped telephones. "We're in a state of chaos," said Stephan Seidman, the editor of Smart Card Monthly, a trade publication. "A year ago banks said there was no good reason to issue smart cards. Now they are in a headlong plunge to get something out fast." The result, he said, is shifting and competing alliances that may lead to incompatible systems and confusion for consumers. Deux: RUB_han (about 10kb) From gpowers at spectrum.bradley.edu Thu Aug 17 09:08:30 1995 From: gpowers at spectrum.bradley.edu (Glenn Powers) Date: Thu, 17 Aug 95 09:08:30 PDT Subject: Netsacpe's Offical Response Message-ID: <199508171711.MAA02559@spectrum.bradley.edu> Originally From shank at netscape.com Thu Aug 17 11:42:39 1995 Received: from lydia.bradley.edu (root at lydia.bradley.edu [136.176.5.15]) by spectrum.bradley.edu (8.6.12/8.6.9) with ESMTP id LAA02511 for ; Thu, 17 Aug 1995 11:42:36 -0500 Received: from bradley.bradley.edu (daemon at bradley.bradley.edu [136.176.5.10]) by lydia.bradley.edu (8.6.9/8.6.9) with ESMTP id KAA02851 for ; Thu, 17 Aug 1995 10:39:21 -0500 Received: (from daemon at localhost) by bradley.bradley.edu (8.6.12/8.6.12) id KAA01320 for gpowers at lydia.bradley.edu; Thu, 17 Aug 1995 10:39:18 -0500 Received: from neon.netscape.com (neon.netscape.com [198.93.92.10]) by bradley.bradley.edu (8.6.12/8.6.12) with ESMTP id KAA01310 for ; Thu, 17 Aug 1995 10:39:12 -0500 Received: from [198.93.94.118] (Shank.mcom.com [198.93.94.118]) by neon.netscape.com (950215.SGI.8.6.10/8.6.9) with SMTP id IAA26102 for ; Thu, 17 Aug 1995 08:38:34 -0700 X-Sender: shank at pop.mcom.com Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Thu, 17 Aug 1995 08:44:45 -0700 X-PH: V4.1 at bradley To: gpowers at bradley.edu From: shank at netscape.com (Peter Shank) Subject: Netscape security Glen, We're sending this response to the press and interested parties; it may also get posted on home.netscape.com. Best regards... -Peter Late Tuesday evening a person from France posted a news article to the hacker community claiming success at decrypting a single encrypted message that had been posted as a challenge on the Internet sometime on or before July 14, 1994. His response to the challenge is described in an email that has been forwarded widely across the Internet. What this person did is decrypt one encrypted message that used RC4-40 for encryption. He used 120 workstations and two parallel supercomputers for 8 days to do so. As many have documented, a single RC4-40 encrypted message takes 64 MIPS-years of processing power to break, and this roughly corresponds to the amount of computing power that was used to decrypt the message. Important points to understand: 1. He broke a single encrypted message. For him to break another message (even from the same client to the same server seconds later) would require *another* 8 days of 120 workstations and a few parallel supercomputers. The work that goes into breaking a single message can't be leveraged against other messages encrypted with other encryption keys. 2. The standard way to determine the level of security of any encryption scheme is to compare the cost of breaking it versus the value of the information that can be gained. In this case he had to use roughly $10,000 worth of computing power (ballpark figure for having access to 120 workstations and a few parallel supecomputers for 8 days) to break a single message. Assuming the message is protecting something of less value than $10,000, then this information can be protected with only RC4-40 security. For information of greater value, currently available RC4-128 security should be used. 3. Inside the US, software can support a range of stronger encryption options, including RC4-128, which is 2^88 times harder to break. Meaning that the compute power required to decrypt such a message would be more than 1,000,000,000,000 (trillion) times greater than that which was used to decrypt the RC4-40 message. This means that with forseeable computer technology this is practically impossible. So in conclusion, we think RC4-40 is strong enough to protect consumer-level credit-card transactions -- since the cost of breaking the message is sufficiently high to make it not worth the computer time required to do so -- and that our customers should use higher levels of security, particularly RC4-128, whenever possible. This level of security has been available in the U.S. versions of our products since last April. Because of export controls it has not been available outside the U.S. We would appreciate your support in lobbying the U.S. government to lift the export controls on encryption. If you'd like to help us lobby the government send email to export at netscape.com. Finally, we'd like to reiterate that all this person has done is decrypt one single RC4-40 message. RC4 the algorithm and products which use the algorithm remain as secure as always. From tcmay at got.net Thu Aug 17 09:14:29 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 17 Aug 95 09:14:29 PDT Subject: Out of state gambling Message-ID: At 10:02 AM 8/17/95, Anonymous wrote: >Hello C-Punks: > >(nb This is posted anonymously because I had this idea the implementation >of which would be (probably) illegal. I'm not sure whether putting my It's being done. Many of us have talked about the implications of this. Writing about it is not against the law in the U.S., at this time. A little matter of the First Amendment, don't you know. See for example the Cypherpunks Web site archives, http://www.hks.net/cpunks/index.html, or grep/search for "gambling" in my Cyphernomicon FAQ (in my ftp directory at Netcom: ftp.netcom.com, /pub/tc/tcmay/CP-FAQ, and in a couple of Web sites, including http://www.swiss.ai.mit.edu/6095/articles/cyphernomicon/CP-FAQ). My point? Not a bad idea, but also not one you should have any fear of discussing publically (unless you believe certain conspiracy theories!). I've been talking and writing about the implications of this stuff since late 1987, and have not yet been "disappeared." I don't happen to like a lot of what's going on in Washington, but I doubt that Louis Freeh or Dorothy Denning are going to silence or threaten me! >name to the idea would be a good idea for the reason that I can't be >sure that I wouldn't be implicated under the overbroad "conspiracy" or >"Rico" powers which are oh so popular as a way of putting people away >for thought crimes. This message will in any case have appeared via I'm not a fan of RICO either, but we need to be careful not to impute to RICO things which just don't happen. So far as I know, no "thought crimes" have been prosecuted under RICO. Prosecutors--and I am not one, but I watch them all day on t.v.!--have certain procedures they have to follow. They just don't have the time, budget, and mandate to try to prosecute writers and speakers, especially when the words and speech are clearly protected under the First Amendment. The _potential_ prosecution of Phil Zimmermann--and I say "potential" because at the time I'm writing this, no indictment has been made--is not because Phil was writing inflammatory stuff, but is related to the circumstances surrounding the appearance of PGP 1.0 in foreign countries. These would be ITAR issues, not "thoughtcrime." Or at least this is what most people believe is the issue, as the Grand Jury has not said anything publically. (By the way, I'm not being critical of Anonymous here. I, too, have used the term "thoughtcrime," as shorthand for what I think are the implications of certain trends in the U.S. and elsewhere. Criminalizing "hate speech" fits the Orwellian definition, in my opinion. But we all have to be careful not to use this metaphor too broadly.) >a couple of foreign remailers on it's way. I am proud of the idea, but >I appreciate those of you who know who I am keeping quiet about it, as >I'm just being prudent, and extra cautious. > >The idea.....Out of state gambling, Internet style - lets give them a >taste of whats to come. As you note, the Internet Casino does this (they claim), becoming operational "soon." Also, various sports books are accessible in offshore locations, such as Costa Rica. Phone calls. And the idea of betting on events and outcomes is already extant. Lloyd's of London used to take such bets. But more germane to the Internet, there are several groups working on "idea futures." Robin Hanson, at Caltech, is working on this. And a Web page exists with various odds on different situations, such as "Windows '95 will be delayed 3 months" and "Strong crypto will be banned by April 1996." Try a Web search on "bet" and "gambling." I did one on "bet" and got a hit on "Proposition Wagering": http://www.netaxs.com/people/sportbet/prop.htm. (I couldn't get into it, so your mileage may vary.) >The aim in writing this short missive to cpunks is to encourage >someone who is more able legally to help this idea happen. It'll only happen when someone makes it happen. Thinking about it can also be useful, as the actual programmers may not have the same focus, but actual examples carry more weight. We saw betting schemes on the Extropians list, a couple of years ago. Fairly primitive, but an example. >Any comments on the practical and legal issues (such as exactly what >laws I'm violating) or on getting publicity for such a scheme? This >might be easier than we think, as the media [at least the WSJ] is well >aware of the bookie's superior accuracy & lower cost. First, don't worry too much about remaining anonymous. Discussing an idea, even building a system, is not the same as operating it. Folks publically discuss and build remailers, but operating them is another matter. (Yes, folks here also operate remailers....). Second, check out the "idea futures," "proposition wagering," and "betting" references. Third, build on what these folks are doing. Or do it differently, but only if your approach is superior. Good luck! --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From BFERREIR at pchardy.petro-canada.ca Thu Aug 17 09:16:28 1995 From: BFERREIR at pchardy.petro-canada.ca (Ferreira, Ben 296-4158) Date: Thu, 17 Aug 95 09:16:28 PDT Subject: Over 350 RSA/Perl 'Munitions T-shirts' Shipped Message-ID: <30337C02@smtpgw.pccw.petro-canada.ca> ---------- Forwarded message ---------- Date: Tue, 15 Aug 1995 14:17:36 -0600 From: Don Henson To: libernet at Dartmouth.EDU Subject: Over 350 'Munitions T-shirts' Shipped We have thus far shipped over 350 of the RSA/Perl Munition T-shirts. Orders are still pouring in. Don't be left out. Order your's today. Now you can wear a TSHIRT that has been classified as a MUNITION by the US Goverment. That's right! The US International Traffic in Arms Regulations (ITAR) makes exporting cyrptographic materials illegal. ITAR further defines export as providing cryptographic information to a non-US/Canadian citizen even if you are inside the US at the time. Providing information is further defined as telling or showing information to a non-US/Canadian citizen. The Munitions Tshirt has a Perl implementation of the RSA algorithm (the one used by PGP) printed on the front along with a bar-code of the same algorithm. What all the above means is that if you wear the Munitions Tshirt where a non-US/Canadian citizen can see it, even if it is inside the US, you have just exported cryptographic material (which is already freely available outside the US) and have become a criminal in the eyes of the US Government. Now you too can become an international arms dealer for the price of a tshirt (US$15.95 - US$19.95, depending on size) and the guts to wear it. If you are a non-US/Canadian citizen, you can still own a Munitons Tshirt by ordering the tshirt from a source that is outside the US. The email response to a request for info (see next paragraph) includes full instructions for ordering the tshirt no matter where you live. For more information on how to own this classic example of civil disobedience, just send email to dhenson at itsnet.com with the subject of 'SHIRT'. (You don't have to be a US/Canadian citizen to request the info.) Or, if you have WWW access, just point your Web browser to: http://colossus.net/wepinsto/wshome.html By the way, 25% of the profits from the sale of the tshirt (in the US/Canada) goes to the PHIL ZIMMERMANN LEGAL DEFENSE FUND to help defend the author of PGP from harassment and possible prosecution by the Fedgoons. And if you get arrested for wearing the Munitions Tshirt, we'll refund your purchase price. :-) Get your Munitions Tshirt now. Who knows how long they'll stay in production! Don Henson, Managing Director (PGP Key ID = 0X03002DC9) West El Paso Information Network (WEPIN) Check out The WEPIN Store at URL: http://colossus.net/wepinsto/wshome.html -- ------------------------------------------------------ | A L B E R T A Advanced Computing | | R E S E A R C H & Engineering Dept. | | C O U N C I L | | | | Mailing Address J u l i a n B r o m w i c h | | 3rd Floor Junior Research Officer | | 6815 - 8th Street NE bromwich at skyler.arc.ab.ca | | Calgary, Alberta | | Canada T2E 7H7 | ------------------------------------------------------ ------------------------------------------------------ | R A D S S | | Technologies | | | | Mailing Address J u l i a n B r o m w i c h | | Alberta Pool Software Specialist | | Box 2700 JBromwich at awp.com | | 505 Second Street SW | | Calgary, Alberta Ph: (403) 290-5491 | | Canada T2P 2P5 Fax: (403) 290-5550 | ------------------------------------------------------ From asb at nexor.co.uk Thu Aug 17 09:29:37 1995 From: asb at nexor.co.uk (Andy Brown) Date: Thu, 17 Aug 95 09:29:37 PDT Subject: Netsacpe's Offical Response In-Reply-To: <199508171711.MAA02559@spectrum.bradley.edu> Message-ID: On Thu, 17 Aug 1995, Glenn Powers forwarded Netscape's official response: > So in conclusion, we think RC4-40 is strong enough to protect consumer-level > credit-card transactions -- since the cost of breaking the message is > sufficiently high to make it not worth the computer time required to do so That was a rather silly thing to say. - Andy From fc at all.net Thu Aug 17 09:40:53 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Thu, 17 Aug 95 09:40:53 PDT Subject: Breaking RC4-40 for less Message-ID: <9508171639.AA22016@all.net> Since messages sent with netscape are fairly standard for the first so many bytes, why not make a 2^30 element table, store it on a few gigabytes of disk space, use a hash table on the message, and find the keys to one in every 1,000 messages about 1 time per second. If this code is being used to send millions of credit transactions per day, we should be able decode thousands of credit card numbers per day for a one-time cost of about $5,00. The $10,000 estimate of the cost of computing time is far too high for a production-based attack on the netscape codes. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From mark at unicorn.com Thu Aug 17 09:44:51 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Thu, 17 Aug 95 09:44:51 PDT Subject: Netsacpe's Offical Response Message-ID: > In this case he had to use roughly > $10,000 worth of computing power (ballpark figure for having access to > 120 workstations and a few parallel supecomputers for 8 days) to break > a single message. Hmm, I don't know about anyone else around here, but my workstation is idle 99% of the time. I could almost certainly get access to all the spare CPU cycles on 120 workstations for free, and I suspect that a lot of people (particularly hackers) could do so as well. There's no need to spend $ 10,000 on renting them. Mark From mark at unicorn.com Thu Aug 17 10:02:57 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Thu, 17 Aug 95 10:02:57 PDT Subject: First known purchase of physical goods with cyberbucks Message-ID: [Feel free to forward to anywhere you feel is appropriate] -----BEGIN PGP SIGNED MESSAGE----- For some time now, Adam Back has been offering to sell RSA T-shirts for cyberbucks (DigiCash's experimental anonymous digital cash system), but no-one has had enough available to take him up on it. However, thanks to the success of the ecm mailing list (ecm at ai.mit.edu) and WWW site (http://www.c2.org/~mark/ecash/ecash.html), today I finally managed to collect enough c$ to buy one. It was something of a feat to gather that many c$ in one place, as the number of sellers is limited. There are many more buyers than sellers, everyone wants c$, but few people are selling at a realistic price. As it stands, we have managed to take a worthless currency (c$ are not backed with anything) and give it value based solely on what the market is willing to pay for it, due to its security, anonymity and ease of use advantages compared to the other digital payment systems on the Net. Once a DigiCash licensee starts offering to sell (and buy) ecash via VISA/MasterCard and chequing account, I could see ecash getting very popular very quickly. Using ecash once you've got the c$ in your ewallet/DigiCash bank account is near instant. If used through the WWW forms interface as provided by the Windows and X-windows user interface, the transaction is as easy as clicking on a button. Instant buy, much more convenient than filling in credit card forms, talking to people on the phone, sending things in snail mail, etc, and anonymous too. Now you can even use the beta-test currency to buy and sell physical goods as well. Anyway, if anyone knows of an earlier transaction of cyberbucks for physical goods than this (at 15:00 GMT 17th August 1995), then please let me know. Also, if you have c$ that you wish to sell, or have run out and want to buy some more, come along and join in the fun on the WWW site or mailing list... Mark P.S. If anyone in the UK wants to buy a rusty but reliable FIAT X1/9 convertible, it's yours for only 5,000 cyberbucks... (For the record, I have no connection to DigiCash other than as an ecash beta tester, and the ecash market is not supported by them in any way.) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQEVAgUBMDN1YFVvaTo9kEQVAQE4Bwf/WYTlYShkIyP0jOLyDmOpG/Bzdya5q+Xp QY60CS8Po/cSIEPy26cDs62Yn5HIEq0g+afw0NZS4BiH2xanqDFnwrumNE78q2iW 03AlX/RuDkGFabpxUfFoYRkf2qgsDI1wnt7vzryKlxgBSGzoEGS7j7UKesEtASIl 3iw3EgINnX+BN7nSWsLcpyN3BHUPKxLSKWUg/hduS7D8AlVqMFq8JUu2wDKxJwJV 1FJ5oN8dF5bSa+VQINA4LXK9Nx/DVqMGAedg37E3/CGuassGBfW1YtTiRwauaj6q cV7D2zg52hvoq7qeQdesWHLUeqBbK9U/7Xbb80SP87eny+1XkIsgig== =M1jD -----END PGP SIGNATURE----- From pjm at ionia.engr.sgi.com Thu Aug 17 10:05:32 1995 From: pjm at ionia.engr.sgi.com (Patrick May) Date: Thu, 17 Aug 95 10:05:32 PDT Subject: SSL challenge -- broken ! In-Reply-To: <199508161806.LAA29214@mycroft.rand.org> Message-ID: <199508171705.KAA15070@ionia.engr.sgi.com> -----BEGIN PGP SIGNED MESSAGE----- Perry E. Metzger writes: > Jim Gillogly writes: > > > Hal writes: > > > I am a little alarmed by the suggestion that this news could > > > have some marked impact on the Netscape stock price. From our > > > perspective this was certainly an unsurprising result (not to > > > take anything away from Damien > > > > So far it appears not to have had an effect. The two web pages I > > know about that track Netscape show it holding steady a point and > > a half above where it opened. Even the IF market on SSLW doesn't > > seem to be taking much notice of it, despite my attempts at > > manipulating that market. > > I haven't seen any news stories about this on the wire > services. Someone would have to write a story about it first before > people would know... Expect to see something in the San Jose Mercury News in the near future. I contacted them to pitch the story, hoping to point out as clearly and frequently as possible that the cracking was possible only because of ITAR restrictions on key length. They already have someone working on it. Regards, Patrick May -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDN2ze5Yg08fDKehAQE7KAP/ZxesrP1D209BOSJV187fPwfNw5UfnpLB W6VixTFg+1cWfpk7/kZeXd0uSjY4JiCpQnbiyvA0FJ+R+4HLRAXb28TVbQ55hCSn Bf7MWKHis8QNU4V52jMlzRZsPlMinYNeWgGlHCEAU1CS9BVV2dKED4tpOrRVH90b Rlz3FxXXHG4= =KvoK -----END PGP SIGNATURE----- From jim at acm.org Thu Aug 17 10:11:38 1995 From: jim at acm.org (Jim Gillogly) Date: Thu, 17 Aug 95 10:11:38 PDT Subject: Idle compute cycles [Re: Netscape's Offical Response] In-Reply-To: <199508171711.MAA02559@spectrum.bradley.edu> Message-ID: <199508171711.KAA03255@mycroft.rand.org> Peter Shank said a lot of things I agree with in his response to Damien Doligez' break of an SSL/RC4-40 transaction, and one thing that seems to miss the point. > From: shank at netscape.com (Peter Shank) > Subject: Netscape security > 2. The standard way to determine the level of security of any encryption > scheme is to compare the cost of breaking it versus the value of the > information that can be gained. In this case he had to use roughly Agreed. > $10,000 worth of computing power (ballpark figure for having access to > 120 workstations and a few parallel supecomputers for 8 days) to break > a single message. Assuming the message is protecting something of less > value than $10,000, then this information can be protected with only > RC4-40 security. For information of greater value, currently available > RC4-128 security should be used. However, the cost of breaking it to Doligez was essentially nil. The machines to which he had access were otherwise idle, and no other users were competing for them. The virtually simultaneous break by David Byers in the team led by Adam Back was the same: idle cycles. In fact, Byers was delayed because a real project needed cycles on that machine. I would hazard a guess that 90% of the compute cycles in the world are used running screen savers... this gives a of slack for people who would like to harness them to perform productive work like making points about the strength of security. I would have to say the marginal value of compute cycles is approximately $0 until enough compute hogs come along to eat from the idle cycle trough. > 3. Inside the US, software can support a range of stronger encryption > options, including RC4-128, which is 2^88 times harder to break. Absolutely. It's incredibly annoying that companies like Netscape who understand how to get good transaction security have to settle for "almost good enough" -- the computing cost of the extra security is almost nil. > We would appreciate your support > in lobbying the U.S. government to lift the export controls on encryption. > If you'd like to help us lobby the government send email to > export at netscape.com. Yes! > Finally, we'd like to reiterate that all this person has done is decrypt > one single RC4-40 message. RC4 the algorithm and products which use the > algorithm remain as secure as always. Yes, but with idle cycles contributed by volunteers the decryption time on a single RC4-40 message can very likely be reduced to a day or so at no marginal cost to owners of existing machines... which is the whole point. Cracking weak crypto is free, and can be combatted only by implementing strong crypto. Jim Gillogly Highday, 25 Wedmath S.R. 1995, 17:08 From bigmac at digicash.com Thu Aug 17 10:43:39 1995 From: bigmac at digicash.com (Marcel van der Peijl) Date: Thu, 17 Aug 95 10:43:39 PDT Subject: First known purchase of physical goods with cyberbucks Message-ID: <199508171742.TAA15830@digicash.com> > Anyway, if anyone knows of an earlier transaction of cyberbucks for physical > goods than this (at 15:00 GMT 17th August 1995), then please let me know. As far as I know, the first transaction took place when I (while testing) bought a postcard from GlobalX, the first ecash store to open besides our own (and mine). It is stored in the 'DigiCash museum' next to early prototypes of all kinds of smartcards, emulators, wallets etc. This must have been around October last year (or August? Can't make out the postmark). Hundreds of cards were shipped by several shops, and stickers, lotteries, etc. Check the 'physical objects' section on http://www.digicash.com/shops/categorical.html Maybe you should restrict the 'first known' claim to 'first known purchase of physical goods with cyberbucks traded at the ECM'. Sorry! // Marcel van der Peijl, DigiCash bv, http://www.digicash.com/~bigmac/ // The hottest instruction on a P90? JMP $ @ 2.633A or 52C (with fan) From mark at unicorn.com Thu Aug 17 10:51:13 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Thu, 17 Aug 95 10:51:13 PDT Subject: First known purchase of physical goods with cyberbucks In-Reply-To: <199508171742.TAA15830@digicash.com> Message-ID: On Thu, 17 Aug 1995, Marcel van der Peijl wrote: > As far as I know, the first transaction took place when I (while > testing) bought a postcard from GlobalX, the first ecash store to > open besides our own (and mine). Oh pooh ;-).. > Maybe you should restrict the 'first known' claim to 'first known > purchase of physical goods with cyberbucks traded at the ECM'. Hee.. Ok.. "first known purchase of physical goods with cyberbucks traded at the ECM" it is 8-).. Mark From adwestro at ouray.cudenver.edu Thu Aug 17 10:58:01 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Thu, 17 Aug 95 10:58:01 PDT Subject: Denver area meeting, SUNDAY, 8/20, 2 pm Message-ID: -----BEGIN PGP SIGNED MESSAGE----- This one is on SUNDAY, 2 pm, at the Tivoli Food Court (at least initially). Send email for directions, etc. Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Exon blows goats...but I suspect you already knew that. iQCVAwUBMDOBpVRRFMq4NZY5AQEnVAP8CLg9z5AwjIw0ouJtxPPr6CUytFOeVPrt cMrEm8MRUt0ay0S4F+TGMq1npcF8pxdU0jwWk9EBj+1XvTOKVpEED+kp8shafsVj qlWGplAVUHMTF19H1VAByoz7j3VGMB2zmdNDm2ifDMNzR5Di81o7CeyvQT0sZ6zt 5XGWmHkoX3g= =GD3W -----END PGP SIGNATURE----- From Damien.Doligez at inria.fr Thu Aug 17 11:02:01 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Thu, 17 Aug 95 11:02:01 PDT Subject: Idle compute cycles [Re: Netscape's Offical Response] Message-ID: <9508171801.AA03537@couchey.inria.fr> >From: Jim Gillogly >and one thing that seems to miss the point. As usual, I agree with all Jim has to say, but there's another problem with Netscape's response: they UNDERestimate the cost of breaking RC4-128 (by brute force) by a factor of about 300 trillion. If someone know of an URL for Netscape's response, I'll be glad to include a pointer in my virtual press conference. I would have to ask for permission before I put a copy on my disks. Copyrights, you know... -- Damien From aba at dcs.exeter.ac.uk Thu Aug 17 11:13:19 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 17 Aug 95 11:13:19 PDT Subject: Breaking DES anyone? (was: Breaking RC4-40 for less) Message-ID: <8875.9508171811@exe.dcs.exeter.ac.uk> Fred Cohen wrote on cpunks: > Since messages sent with netscape are fairly standard for the first > so many bytes, why not make a 2^30 element table, store it on a few > gigabytes of disk space, use a hash table on the message, and find > the keys to one in every 1,000 messages about 1 time per second. If > this code is being used to send millions of credit transactions per > day, we should be able decode thousands of credit card numbers per > day for a one-time cost of about $5,00. Nice idea and one which works for pure RC4, but unfortunately not for 128 bit, 88 bit known + 40 bit unknown "export" SSL. Netscape's SSL uses "40 bit keys" that are composed in a strange way: you are given 88 bits of known key, and this is combined with the 40 bit key, to give a 128 bit key. That key is used to do the encryption. The problem is that this has a unix password salt like effect, only this time there are 88 bits of salt rather than 12 bits. So this means that you can't precompute anything on the 40 bits as the 88 bits are randomly generated, and likely vary with each session. > The $10,000 estimate of the cost of computing time is far too high > for a production-based attack on the netscape codes. Agreed, it's too high for the other reason that lots of people have spare compute cycles. Idle cycles have low to non-existant incremental cost, and there are plenty of them around in the world. Back to breaking crypto systems. There are a couple of things you can do, there is your pre-compute some proportion of the key space - so that you get some of them, this would work well for straight 40 bit RC4 - and there are quite probably such products around - microsoft has a number of "secure" [sic] things around the Microsoft Access we were looking at earlier, another system for doing remote access (modem) and having the sessions encrypted. The problem with micro$oft is they are a darn closed system, and no-one so far has invested the time to decode what they're doing with a debugger. That was the reason for the failed brute RC4 a while back - no specs. So precompute regions of keys would work on pure RC4-40 as you describe. It would be fast too - a disk seek time being the bounding factor - per key! Another approach is to do lots of keys simultaneously - so you set up this distributed effort which is continually re-sweeping the 40 bit keyspace, say every couple of days or whatever. You can sweep for more than one key at once at very low incremental cost, an extra key costs close to nothing. So say you are searching for 1000 keys at once - a dragnet approach - well keys just pop out at random as they are hit, maybe straight away maybe at worst case the sweeping roll-over time, but on average a key will fall out every 3 minutes. The same approach is applicable to 1 guy with 1 humble PC, it'll sweep the full keyspace it in a year or two, but what does he care if he gets a couple of keys a day, and they're all nice transactions he can pilfer / make nefarious use of. DES breaking schemes... Something similar applies to DES, I mean what's a piffling 56 bit keyspace if you don't really care *which* key of several thousand that you actually want. There are bound to be a large enough supply of DES encrypted banking transactions flowing around the various financial networks in the US to make a nefarious breaking of them emminently possible. It moves on the time for a complete sweep as you now have 56 bits to contend with - but I think with a team of say 1024 workstations like the one I am typing on (an SGI Indy ~$5k workstation) in a distributed effort, and a large supply of DES keys, you could get a workable break on *one* of those keys in a shortish time how long? Well I'm not sure how fast DES can be made to go for these purposes, but 60k keys/sec is a figure I have for DES set_key (Eric Youngs code on a Sparc 20) I'm not too sure of the details of what you'd need to brute a DES key, but setting up the key, and presumably a small additional cost to test the first byte and every 256 tries to test 2 bytes etc. Anyone know if 60k keys/sec sounds reasonable for a DES brute? Anyway working on that, 1024 workstations, 60k keys/sec = 60 M keys/sec = 37 years! But (here's the saving bit) if you try say 64k keys *at once* so you've hoovered up a stack of keys (hypothetically - technically plausible too a tap on a banking network should yield you a whole load of them) *then* you can get much nicer figures: A DES key every 5 hours! I'm thinking 1024 workstation equivalents shouldn't be insurmountable to organise - lots of people have faster / multiprocessor machines, and farms of workstations / PCs etc. Perhaps 64k keys is a bit generous, and 1024 keys would be a more sensible figure, even then that translates to 13 days expected. As some one said a while ago (breaking) Netscape is the big win! Breaking DES is *the* big win! Adam -- HAVE *YOU* EXPORTED RSA TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ --rsa--------------------------8<------------------------------- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 Message-ID: <9508171825.AA26001@all.net> > Nice idea and one which works for pure RC4, but unfortunately not for > 128 bit, 88 bit known + 40 bit unknown "export" SSL. > > Netscape's SSL uses "40 bit keys" that are composed in a strange way: > you are given 88 bits of known key, and this is combined with the 40 > bit key, to give a 128 bit key. That key is used to do the > encryption. The problem is that this has a unix password salt like > effect, only this time there are 88 bits of salt rather than 12 bits. > So this means that you can't precompute anything on the 40 bits as the > 88 bits are randomly generated, and likely vary with each session. Ah!!! Then here's my next alternative attack. By a 100x100 Transputer (about \$120,000 to make one) and program it to crack the SSL running 10,000 parallel computations. If it takes 2 years for the whole keyspace for each computer, it takes 1.75 hours to span the whole key space. Taking a 3 year write-off time and spending $30,000 per year for maintenance, this comes to $70,000 per year, or $14.08 per cracked key. If I do 1,000 keys in parallel, that reduces the cost to 1.4 cents per key. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From Doug.Hughes at Eng.Auburn.EDU Thu Aug 17 11:27:25 1995 From: Doug.Hughes at Eng.Auburn.EDU (Doug Hughes) Date: Thu, 17 Aug 95 11:27:25 PDT Subject: Netsacpe's Offical Response Message-ID: <199508171825.NAA16520@edison.eng.auburn.edu> >So in conclusion, we think RC4-40 is strong enough to protect consumer-level >credit-card transactions -- since the cost of breaking the message is >sufficiently high to make it not worth the computer time required to do so .... .... >Finally, we'd like to reiterate that all this person has done is decrypt >one single RC4-40 message. RC4 the algorithm and products which use the >algorithm remain as secure as always. > > > I disagree with the cost assumptions that it costs $10K. These are "relatively" imaginary costs. If you already have the machines (like a lot of universities and corporations) then the marginal cost of breaking the key is practically nil. The person doing the cracking certainly doesn't incur any costs. So what if it takes 2 weeks. An evil student/hacker/whatever would be willing to wait two weeks for a credit card with a $5-$oo limit if he could just use the machines at night when people might not notice. Just my $.02 Re: security of RC4 - agreed completely. From tcmay at got.net Thu Aug 17 11:32:44 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 17 Aug 95 11:32:44 PDT Subject: Cost to Crack Keys Message-ID: At 4:45 PM 8/17/95, Rev. Mark Grant wrote: >> In this case he had to use roughly >> $10,000 worth of computing power (ballpark figure for having access to >> 120 workstations and a few parallel supecomputers for 8 days) to break >> a single message. > >Hmm, I don't know about anyone else around here, but my workstation is >idle 99% of the time. I could almost certainly get access to all the spare >CPU cycles on 120 workstations for free, and I suspect that a lot of >people (particularly hackers) could do so as well. There's no need to >spend $ 10,000 on renting them. But, Mark, estimates of the cost to crack a key _must_ be based on market prices, not on opportunistic access to machines. Such access is good for occasional, or one-shot, deals, but not for routine use. For example, one doesn't say "Hey, I don't see how Hertz can charge $40 a day to rent a car...my friend lets me use his for free." The technical issues of whether there are faster ways to break the keys, or how fast and far MIPS prices will drop, is a separate issue. "Standard accounting practices" dictate the way to estimate production costs. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hayden at krypton.mankato.msus.edu Thu Aug 17 11:38:27 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 17 Aug 95 11:38:27 PDT Subject: RC40 and what we still need to do Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have been watching the backlash of the cracking of RC40 and am quite impressed with the fact that it is being used as a positive reason for repealing ITAR. I expected the media to jump on the "hacker" bandwagon and denounce the efforts. However, I think there is still value in writing the software that will allow cooperation amoung hundreds or thousands of people. That way, we could harness the space CPU of machines all over the globe and make the cracking of this kind of stuff routine. So instead of taking 8 days, it takes only a day or so, further eliminating the idea that it "takes too long to be worthwhile". Maybe there would even be value in going at a 128-bit key (granted, it would take a year). I'd anticipate with proper advertising, easy-to-use software, and little programming knowledge require, we could easily harness 10,000+ machines and a few dozen parallel machines. I know we have a 99.9% idle MasPAR I can contribute to the effort, which should be able to do 1million+ keys/sec. It's just dying to have a purpose.... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMDNwmDokqlyVGmCFAQEzTQQAtkDhi0XD1L1PGJgSYA0XcxMXOIszjtB0 sQcHdSqeVHBpIn7K0/F4JE0tiIgXFhmaKsU8FaIaf/5sbDpRj/cTZXnvE/evt4G0 GKploXjcqXQ/dBpSWakCzsKLJvqvhKEyZyAnF/5VHgSI5WChMKYm68qiuDNyN05Q He6bvbZGbBs= =oPni -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++) ULU++ P+ L++ E---- W+(-) N++++ o+ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++ e++ h r-- y++** ------END GEEK CODE BLOCK------ From carolab at censored.org Thu Aug 17 11:47:53 1995 From: carolab at censored.org (Censored Girls Anonymous) Date: Thu, 17 Aug 95 11:47:53 PDT Subject: Message from a nobody... Message-ID: I'm kind of a nobody..... I can't write elaborate code. I can't even crack keys, unless it's plug & play cracking. But I do know SOMETHING important was done here. And once it's been done, it only gets easier each time. Congratulations to all of you! Love Always, Carol Anne Member Internet Society - Certified BETSI Programmer - WWW Page Creation ------------------------------------------------------------------------- Carol Anne Braddock <--now running linux 1.0.9 for your pleasure carolann at censored.org __ __ ____ ___ ___ ____ carolab at primenet.com /__)/__) / / / / /_ /\ / /_ / carolb at spring.com / / \ / / / / /__ / \/ /___ / ------------------------------------------------------------------------- A great place to start My Cyber Doc... From tcmay at got.net Thu Aug 17 11:52:45 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 17 Aug 95 11:52:45 PDT Subject: First known purchase of physical goods with cyberbucks Message-ID: At 6:39 PM 8/17/95, Marcel van der Peijl wrote: >> Anyway, if anyone knows of an earlier transaction of cyberbucks for physical >> goods than this (at 15:00 GMT 17th August 1995), then please let me know. > >As far as I know, the first transaction took place when I (while >testing) bought a postcard from GlobalX, the first ecash store to >open besides our own (and mine). It is stored in the 'DigiCash >museum' next to early prototypes of all kinds of smartcards, >emulators, wallets etc. > >This must have been around October last year (or August? Can't make >out the postmark). Hundreds of cards were shipped by several shops, >and stickers, lotteries, etc. Check the 'physical objects' section >on http://www.digicash.com/shops/categorical.html > >Maybe you should restrict the 'first known' claim to 'first known >purchase of physical goods with cyberbucks traded at the ECM'. > >Sorry! Also, there are other potential claims for this sort of thing. Based on varying extents to which the "electronic money" is really secure, is cryptographically interesting, etc. For example, more than two years ago on this list (I think it was spring of '93, but it could've been spring of '94) there were a flurry of transactions involving the "MagicMoney" and "TackyTokens" of Pr0ductCypher and others. I recall Black Unicorn and others talking about transactional exchanges involving sixpacks of beer or soft drinks. I could check my archives, but you get the point. And before that, there were "HExmarks" being used on the Extropians list. There was a nominal conversion rate to real dollars, and at the time I left that list, I had more HExmarks than anyone else. And dozens of token-based systems, coupons, LETS systems, etc. Not to mention the various commercial smartcards and "e money" systems. Granted, most of these are not "Chaumian," which is what most of us think of us as digital cash. Claiming credit for being first is a tough issue. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Thu Aug 17 12:04:05 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 17 Aug 95 12:04:05 PDT Subject: The Official Cypherpunks Screen Saver? Message-ID: At 5:11 PM 8/17/95, Jim Gillogly wrote: >I would hazard a guess that 90% of the compute cycles in the world are used >running screen savers... this gives a of slack for people who would >like to harness them to perform productive work like making points about >the strength of security. It would really be cool to have a screen saver that did useful work while displaying pretty pictures. Imagine a screen saver, maybe with code modules running in "After Dark," that updates the screen with keys tried...could be a nice demonstration of bignums in crypto, etc. Every now and then the user would get lucky and alarms would go off... (Details: getting the modules to automatically divvy-up keyspace...or maybe just let user pick his own key, or from a list, or whatever. A la the "Chinese lottery" keycracking scheme, where set-top cable boxes (containing computers) crunch on keys and try to match to signals sent over the air...Schneier may have something on this in his book.) Just a thought. The "Official Cypherpunks Screen Saver"? I'd rather have this running on my Mac than have a t-shirt. --Tim May (Berkeley Systems, makers of "After Dark" for Macs and Windows, supports third-party modules. Maybe the "Flying Toasters" could swoop down, pick up a "key" laying on the "ground" and proceed to munch on it...the mind boggles.) ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From bigmac at digicash.com Thu Aug 17 12:19:13 1995 From: bigmac at digicash.com (Marcel van der Peijl) Date: Thu, 17 Aug 95 12:19:13 PDT Subject: First known ... (stop this thread please) Message-ID: <199508171918.VAA17926@digicash.com> > Also, there are other potential claims for this sort of thing. Based on > varying extents to which the "electronic money" is really secure, is > cryptographically interesting, etc. Sorry, I think we should kill this thread while we're still on top of it. The discussion was CyberBucks, not electronic payments or anything like that. I _KNOW_ what the first transaction was, since I made it, I saw it at the bank, I received the goods, and got an email from the sender saying it was the first transaction. I do not wish to take claim for any of that other stuff, whether it is Chaumian or not. No doubt somebody traded some baseball cards for a few bits somewhere back in the fifties. Let's not dig up any other dead bodies. My claim (which was only to show the incorrectness of the other) is a very restrictive one, and is only for the CyberBucks trading. // Marcel van der Peijl, DigiCash bv, http://www.digicash.com/~bigmac/ // The hottest instruction on a P90? JMP $ @ 2.633A or 52C (with fan) From jweis at primenet.com Thu Aug 17 12:19:37 1995 From: jweis at primenet.com (Jason Weisberger) Date: Thu, 17 Aug 95 12:19:37 PDT Subject: Cost to Crack Keys In-Reply-To: Message-ID: <199508171919.MAA19041@usr2.primenet.com> > > But, Mark, estimates of the cost to crack a key _must_ be based on market > prices, not on opportunistic access to machines. Such access is good for > occasional, or one-shot, deals, but not for routine use. > Is it opportunistic access of machines, Tim, or simple use of available machines? I don't think this kind of access is limited to one shot deals. I've seen enough environments where the cpu cycles to achieve these kinds of tasks (brute forcing keys) are available and no one is much going to care if it is done in a lowprofile manner. > For example, one doesn't say "Hey, I don't see how Hertz can charge $40 a > day to rent a car...my friend lets me use his for free." > Indeed - but what is the real market value of the cpu cycles needed to pull off the task at hand? I think its far less than $10,000.00 > > "Standard accounting practices" dictate the way to estimate production costs. > Thats like accepting the amortized value of an object as its real value. I don't think GAAP really comes into play here... From aba at dcs.exeter.ac.uk Thu Aug 17 12:22:10 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 17 Aug 95 12:22:10 PDT Subject: Cost to Crack Keys Message-ID: <9285.9508171921@exe.dcs.exeter.ac.uk> Tim May writes: > >Hmm, I don't know about anyone else around here, but my workstation is > >idle 99% of the time. I could almost certainly get access to all the spare > >CPU cycles on 120 workstations for free, and I suspect that a lot of > >people (particularly hackers) could do so as well. There's no need to > >spend $ 10,000 on renting them. > > But, Mark, estimates of the cost to crack a key _must_ be based on market > prices, not on opportunistic access to machines. Such access is good for > occasional, or one-shot, deals, but not for routine use. > > For example, one doesn't say "Hey, I don't see how Hertz can charge $40 a > day to rent a car...my friend lets me use his for free." > [...] > "Standard accounting practices" dictate the way to estimate production costs. Agreed. *But* the real cost to a particular organisation, is subsidised by the amount of idle compute cycles they have. You can't take this into account very easily or accurately for a general figure, where raw $ are probably the best figure. For instance I know someone who works for a large UK newspaper (he's admin for their unix workstations), and he says there are acres of RS6000s just sitting there idling most of the time. They are used for document preparation only (what a waste all that lovely silicon just burning cylces, and being occasionally used as a glorified word processor). Anyway point being to that particular organisation, if they for some reason (I dunno but say a big scoop - they need to nefariously break something to get the low down on a politician - unofficially of course), their real cost is quite a bit lower than the raw $, perhaps 0 cost even if they can wait long enough for their impromptu farm to do the job. This doesn't really affect the raw $ cost as such, people just need to estimate the amount of wasted $ equivalent of idle compute they already have in their personal calculations. It would sound better if various news papers would care to print something along the lines of "with idle compute powers as many typical organisations have in abundance". Papers printing high sounding $ figures is though technically accurate (perhaps not too sure about the accuracy), mis-leading to general public who probably don't realise that there is a few $100 tho of idle compute lying around in the accounts department already! In summary, yes but it doesn't sound as good, and folks don't equate idle CPU to $ intuitively. Adam -- HAVE *YOU* EXPORTED RSA TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ --rsa--------------------------8<------------------------------- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 > From: aba at dcs.exeter.ac.uk > Another approach is to do lots of keys simultaneously - so you set up > this distributed effort which is continually re-sweeping the 40 bit > keyspace, say every couple of days or whatever. You can sweep for > more than one key at once at very low incremental cost, an extra key > costs close to nothing. So say you are searching for 1000 keys at > once - a dragnet approach - well keys just pop out at random as they > are hit, maybe straight away maybe at worst case the sweeping > roll-over time, but on average a key will fall out every 3 minutes. I don't see how you can sweep for more than one key at once at low cost. Because of the salt, every possible SSL encrypted message has to be swept independently. You can't sweep for two messages' keys at once because the input to the MD5 is different even for the same 40-bit key. If digital cash in micro amounts became practical, people could be paid to let the "idle cycles" on their computers be used for this kind of highly parallel application. (Some people have speculated that graphics rendering would be another suitable choice.) It would be interesting to see what the market price of cycles became in such an environment. That would give a better benchmark for the cost to break keys. Hal From hfinney at shell.portal.com Thu Aug 17 12:32:03 1995 From: hfinney at shell.portal.com (Hal) Date: Thu, 17 Aug 95 12:32:03 PDT Subject: SSL challenge -- broken ! Message-ID: <199508171930.MAA18815@jobe.shell.portal.com> I can see three ways in which RC4-40 is weaker now than it was when it was approved for "fast track" export approval. First, of course, computers get faster every year. So any fixed cipher becomes relatively weaker as time goes on. Second, until earlier this year RC4 was secret. Then it was posted anonymously to the cypherpunks list and later to sci.crypt. Before that time, only a much smaller number of people would have been in a position to launch an exhaustive search attack. But now that the source is public, virtually anyone can try to crack it. So this is really a very significant loss of security. It also illustrates the difficulty in keeping secrets which will occur due to the kind of technology we advocate. Third, there is much more interest now in actually doing massively parallel encryption attacks. The RSA-129 project got a lot of publicity, and it was followed by the attack on the "Blacknet" 384 bit PGP key by a small private group earlier this year. People are aware now of how easy it is to use parallelism in this kind of work, and with the software Adam Back has worked on this could become even more popular in the future. So all this talk about "6,000 MIPS years" will not be as impressive if any moderately sized hacker group can put that much computing power together in a few days. With these changes, RC4-40 has lost a significant amount of the cryptographic strength it may have had a year or two ago. It is certainly time for the exportable key size to be expanded. Hal From scs at lokkur.dexter.mi.us Thu Aug 17 12:33:37 1995 From: scs at lokkur.dexter.mi.us (Steve Simmons) Date: Thu, 17 Aug 95 12:33:37 PDT Subject: The Official Cypherpunks Screen Saver? In-Reply-To: Message-ID: <1995Aug17.193223.5667@lokkur.dexter.mi.us> tcmay at got.net (Timothy C. May) writes: >At 5:11 PM 8/17/95, Jim Gillogly wrote: >>I would hazard a guess that 90% of the compute cycles in the world are used >>running screen savers... this gives a of slack for people who would >>like to harness them to perform productive work like making points about >>the strength of security. >Just a thought. The "Official Cypherpunks Screen Saver"? I'd rather have >this running on my Mac than have a t-shirt. What an incredibly cool idea. Go for it... -- Simmons' Law Of Alcoholic Expectations: The best stuff always happens after the meeting, when everyone goes to the bar. Correlary: Any meeting which doesn't adjourn to the bar isn't worth going to. From dneal at usis.com Thu Aug 17 12:35:56 1995 From: dneal at usis.com (David Neal) Date: Thu, 17 Aug 95 12:35:56 PDT Subject: First known purchase of physical goods with cyberbucks In-Reply-To: Message-ID: On Thu, 17 Aug 1995, Rev. Mark Grant wrote: > > [Feel free to forward to anywhere you feel is appropriate] > > -----BEGIN PGP SIGNED MESSAGE----- > > > For some time now, Adam Back has been offering to sell RSA T-shirts for > cyberbucks (DigiCash's experimental anonymous digital cash system), but > no-one has had enough available to take him up on it. However, thanks to > the success of the ecm mailing list (ecm at ai.mit.edu) and WWW site > (http://www.c2.org/~mark/ecash/ecash.html), today I finally managed to > collect enough c$ to buy one. I just had a wicked thought. What happens when people combine challenge key cracking with e-cash? Lesse -- 2^40 keys = 1,099,511,627,776 keys. Damien was able to get 850000-1.3 million keys per second. Let's go for the low-end and use 8000 keys per second which is in the range of his sparcstations (a very common machine on the internet). We "only" need 38,178 machines to crack the key in 8 hours. Each of those workstations is going to test 28,800,000 keys and we'll assign a nominal value of $1,000 to cracking the key. (Most people have $1k of room on their visa or m/c, no?) Splitting the booty 50/50 gives someone $500 or about 1.79 e-cents per 100k keys tested. So, could 38,000 people be enticed into running a sparc-cycle cracking daemon for a 1 in 38,000 chance at $500? :-) From hfinney at shell.portal.com Thu Aug 17 12:39:52 1995 From: hfinney at shell.portal.com (Hal) Date: Thu, 17 Aug 95 12:39:52 PDT Subject: Strong encryption for credit cards only Message-ID: <199508171938.MAA19803@jobe.shell.portal.com> In response to the SSL break, Netscape has said they are working on improved encryption specifically for credit card numbers. This would use 56 bit keys, presumably DES. I got this from the SJ Mercury News online, . While we can applaud any measure to increase user privacy and security, it will be unfortunate if this enhanced encryption, which will apparently be limited strictly to credit card information in order to get export approval, weakens support for efforts to allow expanded export approval of all sorts of encryption. There are many aspects to privacy beyond credit card numbers. The bottom line remains that overseas companies are able to put stronger encryption in their products than American companies can in their export versions. We need to keep offering good arguments for why users will need strong encryption for more than their credit card info. If the message gets out that this new measure solves the security problems on the internet then that will be a big loss for our goals. Hal From jim at acm.org Thu Aug 17 12:50:00 1995 From: jim at acm.org (Jim Gillogly) Date: Thu, 17 Aug 95 12:50:00 PDT Subject: Cost to Crack Keys In-Reply-To: Message-ID: <199508171949.MAA03937@mycroft.rand.org> > tcmay at got.net (Timothy C. May) writes: > For example, one doesn't say "Hey, I don't see how Hertz can charge $40 a > day to rent a car...my friend lets me use his for free." > "Standard accounting practices" dictate the way to estimate production costs. Actually, I do say that, but in a slightly different way. If I want to estimate the cost to get home from the airport, I might say "I have two friends with cars who might give me a ride, or I could rent a car from Hertz." Most of the time a free car will be available; once in the last couple of years I rented a car at the airport to get home. My average cost hasn't been zero, but has certainly been a lot less than $40 ($29 from National, but that's not important now). Finding a cheap or free ride from one place to another should not be a problem if you live in a city of helpful people driving to and fro in vehicles with no passengers. There are lots of free seats on the CPU bus today! Share and enjoy... Jim Gillogly Highday, 25 Wedmath S.R. 1995, 19:46 From hayden at krypton.mankato.msus.edu Thu Aug 17 12:51:59 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 17 Aug 95 12:51:59 PDT Subject: Silly technical question from a non-technical person Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I'm be piceing together things on this list that I have only a passing understanding of (at a code level). If it costs $10,000 to crack one 40-bit key (putting aside whether we agree on that price or not), could not the software be designed in such a manner that it is able to check, say, 10,000 keys at the same time? Ie, it computes a key, and then checks it against the array of data to see if it fits any of them, and then goes on to the next one. Maybe that would be an interesting test. Randomly compute say 10,000 sessions and they try to crack them all at the same time. Theoretically, it would reduce that $10,000/crack cost dramatically. Of course, I could very well be wrong.... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMDOByjokqlyVGmCFAQHFeAP9Hi9rXt1Ij4+nXISXMdfQL7TglB5T0p5P o80KP3PExZ7BqPVrLK9at831SOOVBIN2qzkFcLo7VTOfsrtc95Oyit6Kkk6+PBQQ 4dmuTjbBtRTFi92a4r5RAIXBlLYaATGSZGI3UUSE4m/PoeOWwAhjl/sweu/g/1Q2 ZsRCz9wefR4= =HlUL -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++) ULU++ P+ L++ E---- W+(-) N++++ o+ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++ e++ h r-- y++** ------END GEEK CODE BLOCK------ From aba at dcs.exeter.ac.uk Thu Aug 17 13:00:33 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 17 Aug 95 13:00:33 PDT Subject: Breaking DES anyone? (was: Breaking RC4-40 for less) Message-ID: <9403.9508171959@exe.dcs.exeter.ac.uk> Hal Finney writes on cpunks: > > Another approach is to do lots of keys simultaneously - so you set up > > this distributed effort which is continually re-sweeping the 40 bit > > keyspace, say every couple of days or whatever. You can sweep for > > more than one key at once at very low incremental cost, an extra key > > costs close to nothing. So say you are searching for 1000 keys at > > once [...] on average a key will fall out every 3 minutes. > > I don't see how you can sweep for more than one key at once at low cost. > Because of the salt, every possible SSL encrypted message has to be swept > independently. You can't sweep for two messages' keys at once because the > input to the MD5 is different even for the same 40-bit key. Agreed. I was not being clear and mixing various things in one post. I was talking about 3 different systems: 1) export SSL 88 + 40 2) pure RC4-40 (hypothetical - possible microsoft / other apps) 4) DES (56 bits, can it be done) In the part you quote I was talking about pure RC4 40, I'm not sure which applications fall into this category, but it is one thing we have yet to determine. Perhaps Microsoft Access falls in to this category? Other microsoft applications / other vendor applications? someone needs to do the microsoft equivalent of a FOIA to extract this info. Anyone have any Microsoft software with encryption that they could quiz Microsoft tech support about? For export SSL it does not work for the reason you describe, the 88 bit salt effect. For DES I think it does work (attacking many keys at once), but then my understanding of DES is limited, but as a block cipher, presumably you can just brute keys in a straight forward manner? If so you can try multiple keys at once, unless there is some salt effect involved with typical CBC 56 bit DES operation too? Depending on the relative costs of the parts of the block cipher, a) key-setup b) block / stream decrypt pure RC4 is designed so that a) is vastly more expensive than b). How does this pan out for DES? DES (and RC4) are designed for fast encrypt / decrypt, but is there an appreciable key setup phase? I have these figures courtesy of Andy Brown: > Using Eric Young's very fast libdes code, and using the supplied speed > test program I get the following output on a Sparc 20 (1 processor): > > Doing set_key for 10 seconds > 582771 set_key's in 9.83 seconds > Doing des_ecb_encrypt's for 10 seconds > 989184 des_ecb_encrypt's in 9.85 second > Doing des_cbc_encrypt on 8192 byte blocks for 10 seconds > 982 des_cbc_encrypt's of 8192 byte blocks in 9.92 second > Doing crypt for 10 seconds > 37101 crypts in 9.89 second > set_key per sec = 59284.94 ( 16.9uS) > DES ecb bytes per sec = 803398.17 ( 10.0uS) > DES cbc bytes per sec = 810941.94 ( 9.9uS) > crypt per sec = 3751.37 (266.6uS) So what is a brute DES program on multiple keys with CBC mode (is this the most common mode?) going to look like in terms of calls to these various calls? The set_key looks slow compared to the DES cbc bytes per sec, even if you have to cycle a couple of blocks to get to your known plaintext location. Am I on the right tracks? It seems to me that you gain considerably by doing multiple keys even with CBC and random IV due to relatively fast block decrypt as compared to key setup. > If digital cash in micro amounts became practical, people could be paid > to let the "idle cycles" on their computers be used for this kind of > highly parallel application. (Some people have speculated that graphics > rendering would be another suitable choice.) It would be interesting to > see what the market price of cycles became in such an environment. That > would give a better benchmark for the cost to break keys. I think this would be an interesting way to determine the market value of idle cycles, and likely lead to cheaper figures for breaking things than are touted (by newspapers, and people to whose advantage it is to estimate generously the cost). Adam From aba at dcs.exeter.ac.uk Thu Aug 17 13:15:26 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 17 Aug 95 13:15:26 PDT Subject: Silly technical question from a non-technical person Message-ID: <9453.9508172015@exe.dcs.exeter.ac.uk> > If it costs $10,000 to crack one 40-bit key (putting aside whether we > agree on that price or not), could not the software be designed in such a > manner that it is able to check, say, 10,000 keys at the same time? Ie, > it computes a key, and then checks it against the array of data to see if > it fits any of them, and then goes on to the next one. Hmm yes and no. - For pure RC4-40 yes. - For export SSL no. It has what is effectively an 88 bit salt (familiar with unix password salts? like that only 88 bits). - For full 128 bit SSL, yes, but 128 bits is a rather large even if you have a few million keys to try at once with speed up gains. 2^128 is a biiig number. - For DES I think so, asked for others opinions, this might be the next one to die, big project but possibly doable with lots of keys at once Adam From george at knucklehead.phat.com Thu Aug 17 13:31:37 1995 From: george at knucklehead.phat.com (George T. Talbot) Date: Thu, 17 Aug 95 13:31:37 PDT Subject: Dumb question (Re: RSA T-Shirt) Message-ID: <199508172022.QAA16980@knucklehead.phat.com> Sorry to bother the entire list with this...anybody got the e-mail address of the USA seller of the 3-lines of Perl RSA T-Shirt? I haven't received mine yet and I can't find the e-mail address. Again...Sorry for adding to the traffic. ---------- George T. Talbot From mattt at microsoft.com Thu Aug 17 13:39:55 1995 From: mattt at microsoft.com (Matt Thomlinson) Date: Thu, 17 Aug 95 13:39:55 PDT Subject: First known purchase of physical goods with cyberbucks Message-ID: <9508172125.AA12793@netmail2.microsoft.com> don't forget GhostMarks! :) matt ---------- From: Timothy C. May To: "Marcel van der Peijl" ; Cc: ; ; Subject: Re: First known purchase of physical goods with cyberbucks Date: Thursday, August 17, 1995 11:59AM At 6:39 PM 8/17/95, Marcel van der Peijl wrote: >> Anyway, if anyone knows of an earlier transaction of cyberbucks for physical >> goods than this (at 15:00 GMT 17th August 1995), then please let me know. > >As far as I know, the first transaction took place when I (while >testing) bought a postcard from GlobalX, the first ecash store to >open besides our own (and mine). It is stored in the 'DigiCash >museum' next to early prototypes of all kinds of smartcards, >emulators, wallets etc. > >This must have been around October last year (or August? Can't make >out the postmark). Hundreds of cards were shipped by several shops, >and stickers, lotteries, etc. Check the 'physical objects' section >on http://www.digicash.com/shops/categorical.html > >Maybe you should restrict the 'first known' claim to 'first known >purchase of physical goods with cyberbucks traded at the ECM'. > >Sorry! Also, there are other potential claims for this sort of thing. Based on varying extents to which the "electronic money" is really secure, is cryptographically interesting, etc. For example, more than two years ago on this list (I think it was spring of '93, but it could've been spring of '94) there were a flurry of transactions involving the "MagicMoney" and "TackyTokens" of Pr0ductCypher and others. I recall Black Unicorn and others talking about transactional exchanges involving sixpacks of beer or soft drinks. I could check my archives, but you get the point. And before that, there were "HExmarks" being used on the Extropians list. There was a nominal conversion rate to real dollars, and at the time I left that list, I had more HExmarks than anyone else. And dozens of token-based systems, coupons, LETS systems, etc. Not to mention the various commercial smartcards and "e money" systems. Granted, most of these are not "Chaumian," which is what most of us think of us as digital cash. Claiming credit for being first is a tough issue. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sean at escape.ca Thu Aug 17 14:03:07 1995 From: sean at escape.ca (Sean A. Walberg) Date: Thu, 17 Aug 95 14:03:07 PDT Subject: More on Netscape Message-ID: I guess most everybody has seen the response that Netscape put on their page, but did people check out the "for more info" link (http://home.netscape.com/newsref/std/key_security.html) It says that the commerce server supports (among others) DES and DES3 (same as 3DES?). They list the key sizes as 64 and 192 bits respectively. My question is, isn't DES 56 bits? (with an 8 bit salt that would be 64 I guess), but isn't DES3 112 bits, not 192? Just wondering... Sean o-------------------o----------------------o-----------------------o | Sean Walberg, | Tech Support | Pas_al, _obol, BASI_, | | sean at escape.ca | escape communication | PostS_ript, T_L... | | Mail for PGP key | 925-4290 | C fills all the holes | o----------------] http://www.escape.ca/~sean [--------------------o From vznuri at netcom.com Thu Aug 17 14:04:59 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 17 Aug 95 14:04:59 PDT Subject: new o'reilly security book Message-ID: <199508172102.OAA04409@netcom20.netcom.com> ------- Forwarded Message Date: Tue, 15 Aug 1995 14:08:44 -0700 From: Sara Winge Subject: New "Computer Crime" book from O'Reilly FOR IMMEDIATE RELEASE August 15, 1995 TO REQUEST A REVIEW COPY, CONTACT: Sara Winge sara at ora.com 707/829-0515 O'REILLY RELEASES HANDBOOK ON FIGHTING COMPUTER CRIME SEBASTOPOL, CA--"Computer Crime: A Crimefighter's Handbook" is a resource for anyone who needs to know what today's computer crimes look like, how to prevent them, and how to detect, investigate, and prosecute them if they do occur. It contains basic computer security information as well as extensive guidelines for investigators, law enforcement, managers, and computer system administrators. The book has been reviewed by representatives of the U.S. Secret Service, the Department of Justice, local police departments, district attorney's offices, and law enforcement abroad. "Computer Crime" describes the varieties of computer crimes and profiles the computer criminal, using techniques developed for the FBI and other law enforcement agencies. It outlines the vulnerabilities of computer systems and discusses personnel, operational, physical, and communications measures that can be taken to prevent computer crimes. In addition, it contains a thorough treatment of effective methods for investigating and prosecuting computer crimes, ranging from the supplies needed for criminal investigation, to the detection and audit tools used in investigation, to the presentation of evidence to a jury. # # # Computer Crime: A Crimefighter's Handbook By David Icove, Karl Seger & William VonStorch, with Consulting Editor Eugene H. Spafford 1st Edition August 1995 464 pages, ISBN: 1-56592-086-4, $24.95 From vznuri at netcom.com Thu Aug 17 14:06:45 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 17 Aug 95 14:06:45 PDT Subject: nontoxic neuron interface built Message-ID: <199508172104.OAA04707@netcom20.netcom.com> for all of you eagerly awaiting the day you can literally "jack in" to cyberspace.. ------- Forwarded Message Date: Wed, 16 Aug 95 13:44:34 -0400 Subject: FW: 'Cyberpunk' neural interface? - - ---------- From: James McDaniel X-MsXMTID: red-14-msg950816203742MTP[01.00.00]0000009e-34570 The following item is taken from: http://www.hep.net/documents/newsletters/pnu/1995/pnu-236.html James - - -------------------- PHYSICS NEWS UPDATE The American Institute of Physics Bulletin of Physics News Number 236: August 7, 1995 by Phillip F. Schewe and Ben Stein A SILICON DEVICE FOR TRIGGERING ELECTRICAL ACTIVITY IN A NERVE CELL has been constructed, opening possibilities for two-way, non-toxic communication between computer chips and nerve cells. Previous devices for stimulating nerve cells were metallic devices generating ordinary electric currents. Not only do such devices have corrosion-prone electrodes, but their currents create electrochemical byproducts and heat that could damage the nerve cells and themselves. The silicon device, constructed by researchers at the Max Planck Institute for Biochemistry in Germany, contains a "stimulation spot" that triggers neural activity simply through the rearrangement of electric charge. Insulated by silicon oxide, the stimulation spot has a size (between 10 and 50 microns) matched to that of a leech nerve cell to which it is connected. A voltage pulse applied to the spot rearranges electric charge on the silicon oxide film and the insulating membrane of the nerve cell, creating a buildup of positive charge in the nerve cell which causes it to fire above a certain threshold. The silicon device is capable of triggering a single nerve cell without affecting other nearby neurons. The device complements the previously designed "neuron transistor," which receives ionic signals from nerve cells and transcribes them to electronic signals in silicon. "These two devices join the two worlds of information processing, the silicon world of the computer and the water-world of the brain," says the Max Planck Institute's Peter Fromherz (fromherz at vms.biochem.mpg.de). Developing this device for biomedical applications, such as computer-controlled artificial limbs, is not envisioned at the present moment, as researchers will first need to build and understand devices that interact with connective tissue and other non-neuronal cells in the body. (Peter Fromherz and Alfred Stett, upcoming article in Physical Review Letters; text and figures are available from AIP Public Information, 301-209-3091, physnews at aip.org.) - ------- End of Forwarded Message ------- End of Forwarded Message From quazi at banyan.com Thu Aug 17 14:19:51 1995 From: quazi at banyan.com (Quazi) Date: Thu, 17 Aug 95 14:19:51 PDT Subject: WANTED: anonymous remailer source code Message-ID: <199508172119.RAA04589@newsstand.cit.cornell.edu> Hi All. I'm interested in porting some remailer code to work on NT (most likely using NTMail as the smtp service). I'd like to be sure I'm starting my port from the most recent revisions, and the sources at the archive at berkeley seem a bit dated. Are they the latest sources? Are there more recent sources available somewhere? Thanks, Quazi From droelke at spirit.aud.alcatel.com Thu Aug 17 14:25:23 1995 From: droelke at spirit.aud.alcatel.com (Daniel R. Oelke) Date: Thu, 17 Aug 95 14:25:23 PDT Subject: Silly technical question from a non-technical person Message-ID: <9508172055.AA15978@spirit.aud.alcatel.com> > > - For DES I think so, asked for others opinions, this might be the > next one to die, big project but possibly doable with lots of keys > at once > But, what is a good DES target to attack?? SSL was a great target because it is both visible and because it has a well defined open specification that made it easy to determine exactly what to attack (unlike Microsoft Access). I know someone who *used* to be in the ATM transaction business, but is no longer. Is the code from a credit card reader DES encrypted? We could be possible "tap" the serial port between the reader and the modem and get a byte stream in that manner.... but then again, my knowledge of those beasts is pretty limited. Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX http://spirit.aud.alcatel.com:8081/~droelke/ From koontz at MasPar.COM Thu Aug 17 14:48:25 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Thu, 17 Aug 95 14:48:25 PDT Subject: More on Netscape Message-ID: <9508172151.AA14704@argosy.MasPar.COM> >It says that the commerce server supports (among others) DES and DES3 >(same as 3DES?). They list the key sizes as 64 and 192 bits >respectively. My question is, isn't DES 56 bits? (with an 8 bit salt >that would be 64 I guess), but isn't DES3 112 bits, not 192? DES keys are specified as 64 bits, of which 8 bits provide odd parity. The 192 bits would specify three independent keys (not triple DES) From banisar at epic.org Thu Aug 17 14:49:34 1995 From: banisar at epic.org (Dave Banisar) Date: Thu, 17 Aug 95 14:49:34 PDT Subject: Non-News Govt Announcement on Key Escrow Message-ID: The White House and NIST annouced today that they were planning to hold two open meetings next month to develop standards for "acceptable" software key escrow. The standards will then be made into a FIPS. The programs cannot have keys larger than 64 bits. Its great to see that it only took them 18 months (since Feb. 94) to come up with a call for public meetings for something that nobody really wants anyway, expcept for the officals who plan to make it mandatory by slipping it through bit by bit and a couple of vendors. (sorry, sarcasm mode off...) -d (in non-official sarcastic mode today from home) David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * ftp/gopher/wais cpsr.org Washington, DC 20003 * HTTP://epic.digicash.com/epic From jpp at software.net Thu Aug 17 14:51:28 1995 From: jpp at software.net (John Pettitt) Date: Thu, 17 Aug 95 14:51:28 PDT Subject: SSL challenge -- broken ! In-Reply-To: <9508160842.AA27120@couchey.inria.fr> Message-ID: On Wed, 16 Aug 1995, Damien Doligez wrote: > SSL challenge -- broken > > Conclusions: > > * Many people have access to the amount of computing power that I used. > The exportable SSL protocol is supposed to be weak enough to be > easily broken by governments, yet strong enough to resist the attempts > of amateurs. Exactly > It fails on the second count. Don't trust your credit > card number to this protocol. Huh? So you run on 120 workstations worth how much? to steal a credit card number worth how much? Get real - there are hundreds of ways to get credit card numbers that cost less. The idea is to make breaking SSL less attractive than dumpster diving not to make it impossible. I'll lay odds that I could get the credit card number of *any* individual in the US in less elapsed time and with nothing more than a $1000 windoze machinei, a telephone and a modem. John Pettitt jpp at software.net From jim at acm.org Thu Aug 17 15:20:08 1995 From: jim at acm.org (Jim Gillogly) Date: Thu, 17 Aug 95 15:20:08 PDT Subject: More on Netscape In-Reply-To: <9508172151.AA14704@argosy.MasPar.COM> Message-ID: <199508172219.PAA04481@mycroft.rand.org> Various people said: > >It says that the commerce server supports (among others) DES and DES3 > >(same as 3DES?). They list the key sizes as 64 and 192 bits > >respectively. My question is, isn't DES 56 bits? (with an 8 bit salt > >that would be 64 I guess), but isn't DES3 112 bits, not 192? > DES keys are specified as 64 bits, of which 8 bits provide odd parity. > The 192 bits would specify three independent keys (not triple DES) Real-world DES implementations ignore those 8 "parity" bits. DES uses 56 bits of key for encryption, and calling it a 64 bit key is misleading. Triple DES (3DES) is an overloaded term. It's used in 2- and 3-key versions, for 112 and 168 bits of protection respectively. Jim Gillogly Highday, 25 Wedmath S.R. 1995, 22:18 From dperko at efn.org Thu Aug 17 15:26:30 1995 From: dperko at efn.org (Darrell Perko) Date: Thu, 17 Aug 95 15:26:30 PDT Subject: I need an exportable crypto algorithm. Message-ID: Greetings; I realize that bad crypto is offensive to some here but I am in desperate need of an exportable, public-domain, general-purpose crypto algorithm. Or at least the rules for creating such. Sorry to bother y'all with this, but I am in dire straights. Thanks, Darrell Perko dperko at efn.org From kelly at netcom.com Thu Aug 17 15:34:03 1995 From: kelly at netcom.com (Kelly Goen) Date: Thu, 17 Aug 95 15:34:03 PDT Subject: Another SSL breakage... In-Reply-To: <7849.9508171510@exe.dcs.exeter.ac.uk> Message-ID: <199508172217.PAA10756@netcom5.netcom.com> where can the software be obtained I would like to run it on my dual pentium under solaris 2.4 for benchmarking... thanx in advance kelly From ab411 at detroit.freenet.org Thu Aug 17 15:34:24 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Thu, 17 Aug 95 15:34:24 PDT Subject: SSL challenge -- broken ! Message-ID: <199508172234.SAA21241@detroit.freenet.org> John Pettitt writes: >On Wed, 16 Aug 1995, Damien Doligez wrote: >> The exportable SSL protocol is supposed to be weak enough to be >> easily broken by governments, yet strong enough to resist the attempts >> of amateurs. > >Exactly. > >> It fails on the second count. Don't trust your credit >> card number to this protocol. > >Huh? So you run on 120 workstations worth how much? to steal a credit >card number worth how much? Get real - there are hundreds of ways >to get credit card numbers that cost less. ... SSL can of course be used to protect information other than credit card #s. It is supposed to be strong enough to resist the attempts of amateurs, yet it was broken not by a government, not by a three letter agency, not by a major corporation, but by a grad student with a lot of spare cycles. In other words, it was broken by an amateur. The real issue is not cc#s, the real issue is: does it do what it was designed to do (foil amateur attempts), and the answer is: no, not so long as it is export-restricted to only 40 secret bits of key. -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From perry at piermont.com Thu Aug 17 15:36:43 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 17 Aug 95 15:36:43 PDT Subject: I need an exportable crypto algorithm. In-Reply-To: Message-ID: <199508172235.SAA00248@frankenstein.piermont.com> Darrell Perko writes: > I realize that bad crypto is offensive to some here but I am in > desperate need of an exportable, public-domain, general-purpose crypto > algorithm. Or at least the rules for creating such. Make it so weak to be useless. Of course, you don't need it if its that weak. > Sorry to bother y'all with this, but I am in dire straights. Why not just get a decent algorithm abroad? Why would you want to export a useless one? .pm From usura at replay.com Thu Aug 17 15:55:33 1995 From: usura at replay.com (Alex de Joode) Date: Thu, 17 Aug 95 15:55:33 PDT Subject: WANTED: anonymous remailer source code Message-ID: <199508172255.AA02942@xs1.xs4all.nl> Quazi sez: : I'm interested in porting some remailer code to work on NT (most : likely using NTMail as the smtp service). I'd like to be sure I'm : starting my port from the most recent revisions, and the sources at : the archive at berkeley seem a bit dated. Are they the latest sources? : Are there more recent sources available somewhere? Try ftp.hacktic.nl:/pub/remailer -- Alex de Joode Fear Uncertainty Confusion and Kaos, Inc. From fc at all.net Thu Aug 17 16:20:31 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Thu, 17 Aug 95 16:20:31 PDT Subject: Another SSL breakage... In-Reply-To: <199508172217.PAA10756@netcom5.netcom.com> Message-ID: <9508172319.AA07049@all.net> > > > where can the software be obtained I would like to run it on my dual pentium > under solaris 2.4 for benchmarking... A copy is on all.net's W3/gopher server FRC -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From dperko at efn.org Thu Aug 17 16:42:21 1995 From: dperko at efn.org (Darrell Perko) Date: Thu, 17 Aug 95 16:42:21 PDT Subject: I need exportable crypto revisited. Message-ID: Greetings; Thank you all for your amazingly quick responses! However, I should have noted in my original message that this encryption is to meet a contractual point for a commercial product to be delivered soon. The product can have one and one only version to be boxed and shipped and will be sold internationally. The encryption portion will be dynamically linked, so real encryption will be available on the net just not in the box. Thanks, Darrell Perko dperko at efn.org From Matthew.Sheppard at Comp.VUW.AC.NZ Thu Aug 17 16:46:13 1995 From: Matthew.Sheppard at Comp.VUW.AC.NZ (Matthew James Sheppard) Date: Thu, 17 Aug 95 16:46:13 PDT Subject: RC40 and what we still need to do In-Reply-To: Message-ID: <199508172345.LAA17758@bats.comp.vuw.ac.nz> The shadowy figure took form and announced "I am "Robert A. Hayden" and I say ... > However, I think there is still value in writing the software that will > allow cooperation amoung hundreds or thousands of people. That way, we > could harness the space CPU of machines all over the globe and make the > cracking of this kind of stuff routine. > > I'd anticipate with proper advertising, easy-to-use software, and > little programming knowledge require, we could easily harness 10,000+ > machines and a few dozen parallel machines. A generalised distributed compute server would be powerful, a participant would only have to compile the server and ensure it's running. It would compile and run cracking code only if signed by say four principal participants. The central coordinator service would want to send the following instructions (every communique would be signed & checked): 1) accept code & run 2) report progress 3) stop 4) some management of keys, where perhaps any 3 principal participant keys could revoke or add others for evolutionary purposes. Just an idea, probably old. -- __________ .- __ / -- -\ __ . . . 0 / <___> ___ | =8' //\/ .^| _---_ / \ = / \ \/\ |o | = / o | | || | ... / =0=======0==| |----| |= Another drive by shooting on \_\_/ \_\_/ \_\_/ the information super highway. From perry at piermont.com Thu Aug 17 17:01:32 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 17 Aug 95 17:01:32 PDT Subject: I need exportable crypto revisited. In-Reply-To: Message-ID: <199508180000.UAA00325@frankenstein.piermont.com> Darrell Perko writes: > Thank you all for your amazingly quick responses! However, I > should have noted in my original message that this encryption is to meet > a contractual point for a commercial product to be delivered soon. The > product can have one and one only version to be boxed and shipped and > will be sold internationally. The encryption portion will be dynamically > linked, so real encryption will be available on the net just not in the box. If you have hooks for arbitrary encryption, you will find it to be virtually impossible to export the product. The only way to do this whole thing is to export the product to an offshore development site without the crypto, have the crypto added, and import the software into the US, never export it from the US. You have no other real choice. Welcome to hell. If you don't like it, complain to the NSA, and to the Clinton administration, experts in being buggered by the NSA and buggering us too. Perry From ian at bvsd.k12.co.us Thu Aug 17 17:01:44 1995 From: ian at bvsd.k12.co.us (Ian S. Nelson) Date: Thu, 17 Aug 95 17:01:44 PDT Subject: More on Netscape In-Reply-To: Message-ID: <199508180001.SAA18182@bvsd.k12.co.us> > > I guess most everybody has seen the response that Netscape put on their > page, but did people check out the "for more info" link > (http://home.netscape.com/newsref/std/key_security.html) > > It says that the commerce server supports (among others) DES and DES3 > (same as 3DES?). They list the key sizes as 64 and 192 bits > respectively. My question is, isn't DES 56 bits? (with an 8 bit salt > that would be 64 I guess), but isn't DES3 112 bits, not 192? > > Just wondering... > That would be one key for encrypting, another key for decrypting and a third key for encrypting again. 64*3=192. From jim at acm.org Thu Aug 17 17:30:36 1995 From: jim at acm.org (Jim Gillogly) Date: Thu, 17 Aug 95 17:30:36 PDT Subject: I need exportable crypto revisited. In-Reply-To: <199508180000.UAA00325@frankenstein.piermont.com> Message-ID: <199508180030.RAA04988@mycroft.rand.org> > "Perry E. Metzger" writes: > If you have hooks for arbitrary encryption, you will find it to be > virtually impossible to export the product. That's my understanding also (as I told him in e-mail) but I haven't found any legal justification for it. I spent a while poring over the ITARs, section XIII.b (ftp://ftp.cygnus.com/pub/export/itar.in.full), and I didn't see anything that looked likely. Maybe "ancillary equipment" in XIII.b.5, but that seems a stretch and is not at all specific. I note that hash algorithms for message authentication are specifically excluded from control in XIII.b.1.vi, which conflicts with what I was told by somebody who'd gotten a nastygram from Commerce. Sort of a relief, since I've been giving my SHA implementation away freely (rand.org:pub/jim/sha.tar.gz). Has anybody who's been impaled on the stinky end of this stick been told the chapter and verse? Jim Gillogly Sterday, 26 Wedmath S.R. 1995, 00:21 From pierre at shell.portal.com Thu Aug 17 18:21:30 1995 From: pierre at shell.portal.com (Pierre Uszynski) Date: Thu, 17 Aug 95 18:21:30 PDT Subject: SSL challenge -- broken ! Message-ID: <199508180058.RAA02949@jobe.shell.portal.com> Says Joe Buck: > > >Should some bad person get hold of your card number and misuse > > >it, you're not out any money: > > > > I'm not so sure....Checked the fees/interest lately? > > "There ain't no such thing as a free credit card theft." > > Yes, it's true that this contributes to high interest rates (though > defaults cost more than fraud). Certainly not only that. In fact you pay directly for weak credit card security through taxes used to legislate, police, try, and jail fraudsters. Add to that the cost to society of keeping these people in jail instead of more productive occupations. Add the time wasted straightening out bogus transactions. Add the cost of delaying purchases and action because of the (maybe irrational) fear that no secure payment system is available. The argument that fraud existed before credit cards is only a technically correct statement. It does not bear. The point is, credit card transactions could be much more secure, at sometimes trivial cost, making much fraud disappear. Unfortunately, in this case, insecure credit cards are not an obstacle to banks making money, so why should they care? Credit card fraud does not prevent politicians from being re-elected, so why should they care? Same would apply to car manufacturers: easily stolen cars do not prevent them from making money, so why should they care? When 'bad persons' misuse credit cards, the cost to us is very real, just well hidden by all involved. Pierre. pierre at shell.portal.com From fc at all.net Thu Aug 17 18:29:32 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Thu, 17 Aug 95 18:29:32 PDT Subject: I need exportable crypto revisited. In-Reply-To: <199508180030.RAA04988@mycroft.rand.org> Message-ID: <9508180128.AA11668@all.net> > > > > "Perry E. Metzger" writes: > > If you have hooks for arbitrary encryption, you will find it to be > > virtually impossible to export the product. ... > Has anybody who's been impaled on the stinky end of this stick been told the > chapter and verse? I had the experience about 5 years ago - it's not really a big deal. I submitted a product (Integrity Toolkit - still detecting and limiting the spread of all current viruses after 5+ years of not being updated) for release in source form to my European distributors (who are now the sole global source - I got out of that business). In order to assure that it could detect alteration (as part of its integrity shell), it used a pretty strong cryptographic checksum - actually a message digest that's faster than MD5 on a PC architecture, combined with an RSA system I implemented in MuLisp (pretty fast long arithmetic for a high-level language implementation). To add fuel to the fire, the system came with an encryption capability that included the ability to use an external encryption scheme of the user's own design. It even included source for a simplistic encryption program that could be replaced with real encryption by simply adding the code for the real encryption into the C source provided, recompiling, and running. I submitted it to state who sent it to the NSA who called me a few weeks later (pretty fast by government standards to be honest) and asked me some questions. I answered as honestly as I could ... *** The RSA was built into the system and, although it could be extracted and used for encryption, as shipped, it was only used for authentication. It literally throws away one of the keys during key generation so that it is truly a one-way trap door. It would take a substantial effort by a knowledgeable programmer to convert it into a workable RSA for encrypting large files, and as implemented, it is only good for authentication. *** The inbuilt encryption schemes are relatively easily broken and are designed only to prevent automated attack by viruses that try to forge checksums and other such things. *** The message digest facility is pretty good, but it can only be used for the authentication process, so it is useless as an encryption system. *** The external encryption hook includes no worthwhile encryption scheme, but it can easily be converted for this use if you have your own encryption technology. They responded that as far as they were concerned, I could go ahead and ship it oversees, sent me a letter to that effect (which I have in the files somewhere just in case), and off it went. All further development of the encryption side was done oversees from that point forward to keep me from having to go through ITAR again. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From stripes at va.pubnix.com Thu Aug 17 18:44:23 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Thu, 17 Aug 95 18:44:23 PDT Subject: Silly technical question from a non-technical person In-Reply-To: <9508172055.AA15978@spirit.aud.alcatel.com> Message-ID: In message <9508172055.AA15978 at spirit.aud.alcatel.com>, Daniel R. Oelke writes: [...] >I know someone who *used* to be in the ATM transaction >business, but is no longer. Is the code from a credit card >reader DES encrypted? We could be possible "tap" the serial >port between the reader and the modem and get a byte >stream in that manner.... but then again, my knowledge >of those beasts is pretty limited. At least some of the cc-reader protocalls are not encrypted (but they are rather cryptic on their own :-). I don't know how common this is 'tho. From jordan at Heuristicrat.COM Thu Aug 17 18:55:15 1995 From: jordan at Heuristicrat.COM (Jordan Hayes) Date: Thu, 17 Aug 95 18:55:15 PDT Subject: SSL challenge -- broken ! Message-ID: <9508180154.AA02120@euclid.Heuristicrat.COM> From pierre at shell.portal.com Thu Aug 17 18:29:41 1995 Unfortunately, in this case, insecure credit cards are not an obstacle to banks making money, so why should they care? At the risk of sounding like Perry, if you think that the major card issuers "don't care" about cutting (or eliminating) fraud, you're not talking to the right people. Fraud eats away a big chunk of revenue and can quite significantly affect competitiveness in a market with thin margins. /jordan From libgpmx at gsusgi2.Gsu.EDU Thu Aug 17 19:39:25 1995 From: libgpmx at gsusgi2.Gsu.EDU (George P. Magiros) Date: Thu, 17 Aug 95 19:39:25 PDT Subject: use PGP for http encryption instead! Message-ID: <199508180239.WAA27731@gsusgi2.Gsu.EDU> i don't mean to be extremely brash, but couldn't one use PGP to provide encrypted communication with the web. granted initially everyone with a browser would need there own key to communicate in an encrypted way - at least until such keys could be generated on the fly. since the http "client" format resembles rfc821 message headers and a body, one could easily use a "hal" remailer type "Encrypted: PGP" header line plus hash marks "::" to reassemble a compatible http client command. The same could be done on the server side. -george --- libgpmx at gsusgi2.gsu.edu (finger for PGP public key or use MIT keyserver) George P. Magiros Georgia State University Pullen Library PGP fingerprint of 59069039: D6 76 D4 FC 9B 25 6E DD DD 81 58 06 7B CD 03 AE From hayden at krypton.mankato.msus.edu Thu Aug 17 20:11:35 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 17 Aug 95 20:11:35 PDT Subject: use PGP for http encryption instead! In-Reply-To: <199508180239.WAA27731@gsusgi2.Gsu.EDU> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 17 Aug 1995, George P. Magiros wrote: > i don't mean to be extremely brash, but couldn't one use PGP to provide > encrypted communication with the web. > granted initially everyone with a browser would need there own key to > communicate in an encrypted way - at least until such keys could be > generated on the fly. > > since the http "client" format resembles rfc821 message headers and a body, > one could easily use a "hal" remailer type "Encrypted: PGP" header line > plus hash marks "::" to reassemble a compatible http client command. > The same could be done on the server side. As far as I understand, no. 1) you can't export PGP. 2) even though it's out there, making software with hooks for PGP is equally bad in the eyes of the NSA. There wa some talk on alt.internet.media-coverage (and the thread is being crossposted all over the place) about mosaic having to remove PGP hooks before the NSA would let them export. 3) Frankly, I don't necessarily trust something that plays with my personal stuff if I can't access the source code to make sure it's not messin' with it :-) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMDPo2DokqlyVGmCFAQH9wAP9EB9rdvCAu32ULCUqO6YE4eKSpn4499n8 S/FFeSD7QqRKRzDFs/FsWPqVJfgeD05QJRysrCBRwZTh8//jXBaiLJ6IhqG18YsE oQq7bFXTEk9BmFcjGljhaLYX548qSmkZCFyBa5LNG96f4Lpj3kOE02BmWNRcCT3Y U7kCk1btxcY= =RVSJ -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++) ULU++ P+ L++ E---- W+(-) N++++ o+ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++ e++ h r-- y++** ------END GEEK CODE BLOCK------ From perry at piermont.com Thu Aug 17 20:29:31 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 17 Aug 95 20:29:31 PDT Subject: use PGP for http encryption instead! In-Reply-To: <199508180239.WAA27731@gsusgi2.Gsu.EDU> Message-ID: <199508180329.XAA00456@frankenstein.piermont.com> "George P. Magiros" writes: > i don't mean to be extremely brash, but couldn't one use PGP to provide > encrypted communication with the web. You ought to read up on S-HTTP, the expert on said protocol being our very own Eric Rescorla... .pm From tcmay at got.net Thu Aug 17 20:41:33 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 17 Aug 95 20:41:33 PDT Subject: Non-News Govt Announcement on Key Escrow Message-ID: At 9:49 PM 8/17/95, Dave Banisar wrote: >The White House and NIST annouced today that they were planning to hold two >open meetings next month to develop standards for "acceptable" software key >escrow. The standards will then be made into a FIPS. The programs cannot >have keys larger than 64 bits. > >Its great to see that it only took them 18 months (since Feb. 94) to come >up with a call for public meetings for something that nobody really wants >anyway, expcept for the officals who plan to make it mandatory by slipping >it through bit by bit and a couple of vendors. (sorry, sarcasm mode >off...) One thing I'm hoping for is that Clinton will, as he contemplates his last year and a bit in office, have an attack of "liberalism." That is, I am hoping he realizes that any mandatory key escrow system is not only a massive infringement on the right of people to speak and communicate as they wish, it is also handing the keys to the Surveillance State to the likes of Bob Dole, Jesse Helms, Alonse D'Amato, Newt Gingrich, and William Bennett. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rsalz at osf.org Thu Aug 17 20:48:23 1995 From: rsalz at osf.org (Rich Salz) Date: Thu, 17 Aug 95 20:48:23 PDT Subject: Export policy change Message-ID: <9508180348.AA20354@sulphur.osf.org> Just heard on the 11:30pm NPR news update. The Clinton Administration has changed the crypto export policy. You will now be allowed to export strong crypto, provided it is a key escrow system. The reporter (Dan Charles?) said something like anyone can hold the keys, as long as they will be made avail when presented with a court order. He also said, US citizens will still be able to use strong crypto without key escrow internally. Terrorists and drug pushers were given as "reasons." /r$ From tcmay at got.net Thu Aug 17 21:06:30 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 17 Aug 95 21:06:30 PDT Subject: Export policy change Message-ID: At 3:48 AM 8/18/95, Rich Salz wrote: >Just heard on the 11:30pm NPR news update. The Clinton Administration >has changed the crypto export policy. You will now be allowed to >export strong crypto, provided it is a key escrow system. The >reporter (Dan Charles?) said something like anyone can hold the keys, >as long as they will be made avail when presented with a court order. >He also said, US citizens will still be able to use strong crypto >without key escrow internally. Terrorists and drug pushers were given >as "reasons." And I want to formally announce "Tim's Sort of Good Escrow Service." I accept keys, thus meeting Our Leader's dictum, but can't really say the keys will be retrievable, as my floppies often get warped from sitting in the sun. Hey, if "anyone can hold the keys".... Somehow I doubt this. I suspect that any mandatory GAK key escrow system will involve all sorts of hoops which must be jumped through, all sorts of approvals which must be gotten, etc. My neighbor has agreed to be the escrow agent for my keys. He doesn't know anything about computers, so he's taking my word that the things I give him every couple of months are disks. He figures that if the Justice Department ever asks for them, he'll point to the dusty box on the floor of his garage and say, "There they be." --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hayden at krypton.mankato.msus.edu Thu Aug 17 21:08:08 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 17 Aug 95 21:08:08 PDT Subject: Export policy change In-Reply-To: <9508180348.AA20354@sulphur.osf.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 17 Aug 1995, Rich Salz wrote: > Just heard on the 11:30pm NPR news update. The Clinton Administration > has changed the crypto export policy. You will now be allowed to > export strong crypto, provided it is a key escrow system. The > reporter (Dan Charles?) said something like anyone can hold the keys, > as long as they will be made avail when presented with a court order. > He also said, US citizens will still be able to use strong crypto > without key escrow internally. Terrorists and drug pushers were given > as "reasons." Ok, let's escrow our keys with Julf :-) Seriously, there might be a market for somebody to become a professional escrow agent.... (tongue partially in cheek) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMDP2ITokqlyVGmCFAQF/JgP+Ok367e94N5E/b9IpokHpYlyFydgPzQbO 7EDzobygI3HESHro12mEYwadIShcoRRCXdMiPcuCU1G9tmDU2DoRamqIbU4dFDRk 5kEuwkJYQD+w3d+0Heebd/YwH+zpZvnlIawby1pAAPVPpzHhGkb0lFBymqrbg952 nLMzvcWt6jM= =TPoy -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++) ULU++ P+ L++ E---- W+(-) N++++ o+ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++ e++ h r-- y++** ------END GEEK CODE BLOCK------ From patrick at Verity.COM Thu Aug 17 21:59:20 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 17 Aug 95 21:59:20 PDT Subject: I need exportable crypto revisited. Message-ID: <9508180456.AA08040@cantina.verity.com> But don't forget the International Cryptography Experiment, (ICE). You can read about it in a file available from TIS. They're trying to evolve something with pluggable authentication and encryption that will pass ITAR. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From shamrock at netcom.com Thu Aug 17 22:02:12 1995 From: shamrock at netcom.com (Lucky Green) Date: Thu, 17 Aug 95 22:02:12 PDT Subject: I need exportable crypto revisited. Message-ID: <199508180458.AAA11401@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199508180030.RAA04988 at mycroft.rand.org>, jim at acm.org (Jim Gillogly) wrote: >> "Perry E. Metzger" writes: >> If you have hooks for arbitrary encryption, you will find it to be >> virtually impossible to export the product. > >That's my understanding also (as I told him in e-mail) but I haven't found >any legal justification for it. You migh as well stop looking, because there isn't any. The brownshirts have long ago decided that the law means what they say it does. Welcome to reality. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDQd8ioZzwIn1bdtAQGyEwF9HHGf5vVL0EbVt7RVrXwLlQQUGLF+nFEl +KP+YB4/JYjjvE9G8By7RlezFhZF3Iy6 =MRsO -----END PGP SIGNATURE----- From tcmay at got.net Thu Aug 17 22:29:49 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 17 Aug 95 22:29:49 PDT Subject: Legality of the ITARs Message-ID: I'm not an expert on ITARs, but I'll pass along something I heard about a year or year and a half ago. At 4:58 AM 8/18/95, Lucky Green wrote: >In article <199508180030.RAA04988 at mycroft.rand.org>, jim at acm.org (Jim >Gillogly) wrote: > >>> "Perry E. Metzger" writes: >>> If you have hooks for arbitrary encryption, you will find it to be >>> virtually impossible to export the product. >> >>That's my understanding also (as I told him in e-mail) but I haven't found >>any legal justification for it. > >You migh as well stop looking, because there isn't any. The brownshirts >have long ago decided that the law means what they say it does. Welcome to >reality. Lawyers within NSA are apparently of the same opinion, that the ITARs would not stand up to a court test. Carl Nicolai, the inventor of the "PhasorFone," whose case was described in Bamford's 1982 "The Puzzle Palace," once called me up to tell me that he and his lawyer were allowed to view, but not copy, files on the ITAR issue. Some memos they came across from Agency lawyers warned that any ITAR court case would likely see the ITARs overturned. (I passed this information on to Phil Karn a year or so ago, as he was starting his suit to get Schneier's stuff approved for export. I later saw a note from Lee Tien and/or John Gilmore saying they had gotten similar documents under an FOIA they did. Maybe these were the same documents Carl Nicolai saw, maybe not.) On the other hand, these comments came from an era of judicial liberalism, not the current era in which the Supremes uphold random searches of bus passengers, of high school students, etc., when "good reasons exist." It may be that the current Supremes would uphold the ITARs. Wait until furrin terrorists are found to be using exported crypto for some nefarious plot... --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From johnl at radix.net Thu Aug 17 22:49:38 1995 From: johnl at radix.net (John A. Limpert) Date: Thu, 17 Aug 95 22:49:38 PDT Subject: Cheap Brute Force Attacks Message-ID: <199508180547.BAA15638@saltmine.radix.net> The use of idle cycles on workstations or PCs for brute force attacks made me think about the economics of this problem. How cheaply could a massively parallel system be built for key cracking? Much of the cost and complexity of current massively parallel systems is in the inter-processor communications and memory systems. Why not build a system with a large number of single chip processors (ROM/RAM/IO on one chip) and a simple/slow/cheap communication bus? I'm assuming that each processor can attack a small chunk of the keyspace without needing any external support. One or more PC boards could be populated with an array of cheap processors. There would be a master controller to assign chunks of key space and check for results. It could also download the software if it was to be stored in on-chip RAM. A PC board could be designed that would provide 5V power, a shared serial I/O bus and a wired-or interrupt for the microprocessors to signal the master controller that a key has been cracked. What would be a good microprocessor for this task? It would have to be cheap, reasonably low power with lots of integer MIPS. A decent amount of on-chip RAM would allow the software to be downloaded instead of being masked or burned into ROM. 1000 processors could be put into a relatively small box, lets say 10 boards each containing 100 single chip microprocessors. It shouldn't cost more than $10-$20 per processor, about the same total cost as one decent workstation ($10K-$20K). -- John A. Limpert johnl at Radix.Net From shamrock at netcom.com Thu Aug 17 23:14:19 1995 From: shamrock at netcom.com (Lucky Green) Date: Thu, 17 Aug 95 23:14:19 PDT Subject: Where is the key cracking farming software? Message-ID: <199508180611.CAA11918@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- With all the talk about cracking SSL, where is the cracking software? Sombody just offered me a six Pentium workstation, if I agree to give it a "real workout". I'd like to be able to say: "Sure, will do." - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDQu2yoZzwIn1bdtAQF+iAF/WrvfsHBTRhh8fYfWENS0oxOUagl1GrBo PMeo+yJOa7/CN5/pl0xQTFUdusijXqxO =DiNO -----END PGP SIGNATURE----- From seawolf at challenger.atc.fhda.edu Thu Aug 17 23:46:33 1995 From: seawolf at challenger.atc.fhda.edu (Sameer R. Manek) Date: Thu, 17 Aug 95 23:46:33 PDT Subject: SSL challenge -- broken ! In-Reply-To: Message-ID: On Thu, 17 Aug 1995, John Pettitt wrote: > On Wed, 16 Aug 1995, Damien Doligez wrote: > > SSL challenge -- broken > > It fails on the second count. Don't trust your credit > > card number to this protocol. > > Huh? So you run on 120 workstations worth how much? to steal a credit > card number worth how much? Get real - there are hundreds of ways > to get credit card numbers that cost less. The idea is to make > breaking SSL less attractive than dumpster diving not to make it > impossible. I'll lay odds that I could get the credit card number > of *any* individual in the US in less elapsed time and with nothing > more than a $1000 windoze machinei, a telephone and a modem. > I think the point here is that its not safe to send credit cards over the net and just like in rl, you got protect yourself by keeping a close eye on your credit card transactions. And to prove to our governments that RSA40 isn't a 'good enough' any more. On the other hand getting access to 120 workstations should'nt be to difficult for any system admin. Take my school for example, I could run the program on some 100 odd SGI Indy workstations, 2 SGI challenge S's and a challenger DM (2cpus) along with 2 DEC Alphas As long as I set it to a have high nice value, nobody would notice, or even mind. ________________________________________________________________________ Sameer Manek Seawolf at challenger.atc.fhda.edu ________________________________________________________________________ From stewarts at ix.netcom.com Fri Aug 18 00:53:53 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 18 Aug 95 00:53:53 PDT Subject: Netscape security Message-ID: <199508180750.AAA27087@ix4.ix.netcom.com> Mr. Shank - I'm a bit disappointed by your posting about the RC4-40 crack. >Late Tuesday evening a person from France posted a news article to the >hacker community claiming success at decrypting a single encrypted message (You could have used his name, and use of the term "hackers" to the press tends to be interpreted as a negative...) Anyway, as to content: >What this person did is decrypt one encrypted message that used RC4-40 for >encryption. He used 120 workstations and two parallel supercomputers for 8 >days to do so. "Two" parallel supercomputers? You can't really call the Encore Multimax or the Sequent B8000 a supercomputer - both of them together are slower than the HP workstation. The KSR gets closer to supercomputer territory, but it's only cracking keys about six times as fast as the faster DEC Alpha (which Damien only had one of); it increased his horsepower about 20% for two days. Now, I can see calling a MasPar a "parallel supercomputer"; another effort at the SSL challenge got the answer about 2 hours before Damien's did, and used about 4 days of spare time on the MasPar. Last time I looked, a MasPar was selling for about $150K, though I don't know how big the one used on SSL was. At that price, you could have your own for ~$500/day, and ripping off $2000 on a credit card isn't tough in today's automated world. Next year - computer time costs half as much. Yes, it's still cheaper to get good credit card numbers by scamming carbons at a mall clothing store or yuppie restaurant, but computer networks let criminals run their scams wholesale, putting the public at risk both from organized criminals with their own equipment and any dishonest college student or office worker who's got a roomful of idle computers to use at night. Trading off the cost of breaking security vs. the value to be gained is a good start - lots of people have $2000 of credit limit left on their cards, and most people have more than $0 left. > This level of security has been available in the >U.S. versions of our products since last April. Because of export controls >it has not been available outside the U.S. We would appreciate your support >in lobbying the U.S. government to lift the export controls on encryption. >If you'd like to help us lobby the government send email to >export at netscape.com. Thanks for working on this! Bill Stewart ==================== The list of computers =========================== type speed (keys/s) number notes - -------------------------------------------------------- DEC (alpha) 18000-33000 34 DEC (MIPS) 2500-7500 11 SPARC 2000-13000 57 HP (HPPA/snake) 15000 3 Sony (R3000) 1100-4000 3 Sun 3 600 2 Sequent B8000 100 x 10 1 (1) Multimax (NS532) 600 x 14 1 (1) KSR 3200 x 64 1 (1) (2) Notes: 1. These are multiprocessor machines 2. The KSR spent only about 2 days on this computation. The total average searching speed was about 850000 keys/s, with a maximum of 1350000 keys/s (1150000 without the KSR). ==================================================================== #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- "The fat man rocks out Hinges fall off Heaven's door "Come on in," says Bill" Wavy Gravy's haiku for Jerry From stewarts at ix.netcom.com Fri Aug 18 00:53:55 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 18 Aug 95 00:53:55 PDT Subject: (event 8/17) panel on the Net:Privacy, Security, and Parental Control Message-ID: <199508180751.AAA27094@ix4.ix.netcom.com> At 04:10 PM 8/14/95 -0700, you wrote: >Perhaps some of us should be here to keep things in perspective. Thanks; it was an interesting panel. I missed the first half hour, since traffic was appalling :-), but got to the rest; maybe an hour of panel discussion and 15 minutes of organized q&a, then wine&cheese. Just about everybody was concerned about pornography on the net, and thought that the government had no clue what they were doing and shouldn't be regulating it; most thought that the whole issue was really a smokescreen for the government wanting to regulate the nets and especially interstate commerce ("Hmm, we tried scaring everybody about terrorists on the net, that fizzled, let's scare them about porn and their kids - that always works!"). About half the panel had kids between 4 and 15. Lots of concern about media concentration and how this is currently the only widely accessible medium for 1:N communications so it's a target. Some interesting discussions about changes in society and our relationships with other people that come from net-style communications and artificiality - Mark Slouka was mainly taking the side of "this is different and I'm not sure I like it, and the fact that people are desperately seeking community through this virtual stuff says our communities out in the real world are probably having some real crises", with interesting thought behind it. PGN brought in some RISKS stuff, including the how-rumors-spread dynamics; he also talked a bit about cryptography (he's on that national policy review), somewhat from the perspective of "it's an international problem and trying to do things within national borders is ineffective" - I'm not sure he's on our side here though he's at least clueful. Dan Gillmor had some good perspectives on objectivity in reporting - the news business knows it's not objective, and he's at least concerned with trying to be fair and balanced and as quick as possible about correcting mistakes, but then he edits the SJMerc business page so it's a lot clearer what "mistakes" are than in, say, political reporting. >> * George Baldwin, California State University, Monterey Bay George Baldwin is involved with the IndianNet project, putting things like Native American artwork on the Web, including for sale. He brought up some cultural perspectives - a lot of people have been viewing it, but Native Americans don't actually _buy_ much of it because they tend to view artwork as personal and want to know the artist and what it means to him/her, and the net doesn't do that very well. If you haven't heard of CSU Monterey Bay, it's opening RSN. >> * Bill Bauriedel,Stanford University He's on an inter-university study to address things like how to do on-line registration while preserving privacy (doesn't like export laws at all.) >> * Dan Gillmor, San Jose Mercury News >> * Richard Gingras, Apple Manages E-World and some network things. >> * Peter Neumann, SRI >> * Craig Newmark, Digital Threads Used to wear plastic pocket protectors when he was younger :-) Consults to big companies that need clues. >> * Mark Slouka, University of California, San Diego One of the liberal arts types on the panel. Either he or George Baldwin was talking about college students learning creative writing on MUDs and MOOs. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- "The fat man rocks out Hinges fall off Heaven's door "Come on in," says Bill" Wavy Gravy's haiku for Jerry From fc at all.net Fri Aug 18 03:36:25 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Fri, 18 Aug 95 03:36:25 PDT Subject: Key escrow agent Message-ID: <9508181035.AA01820@all.net> Management Analytics is proud to announce it's key escrow agency. We will escrow keys for only US$1 per key. Please send your keys to us along with your $1 check or money order. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From liberty at gate.net Fri Aug 18 03:57:23 1995 From: liberty at gate.net (Jim Ray) Date: Fri, 18 Aug 95 03:57:23 PDT Subject: Non-News Govt Announcement on Key Escrow Message-ID: <199508181055.GAA23407@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Tim May writes: >any mandatory key escrow system is not only a >massive infringement on the right of people to speak and communicate as >they wish, it is also handing the keys to the Surveillance State to the >likes of Bob Dole, Jesse Helms, Alonse D'Amato, Newt Gingrich, and William >Bennett. You left out Mr. Perot, who has a pench nt for investigation [and even "operations" ] with his own family, business & money, and has not ruled out another run for the presidency this time. Imagine this authoritarian statist in charge of the whole alphabet of U.S. intelligence agencies run by *tax* money... Chilling! [I would ordinarily make an "all ears" joke now.] ... On another subject, NPR announcement confirmed at 6:38AM today. Key "escrow" with a private company [exact qualifications undefined, but amenable to service of search warrants] but export of stronger crypto now permitted. No U.S. key escrow for unexported cryptography [yet]. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMDRvYm1lp8bpvW01AQFotwP+LITpSdGjRuyBdTqP7n70HrkmsMAPqeK0 MQgOVqbmDT4N8KwLP80UIkCIRqSBXFq4aOTEld+ImCRhN4ivfmAd332DaPbhCXS6 nvEJXfXli6KumaSMLQjmFRfIvcgAHz5Y7NELpHDnI+gjKgixWPEZd7/8r7eL3uhh UUovA9OLiWk= =LOEF -----END PGP SIGNATURE----- Regards, Jim Ray "The important thing is not to stop questioning. Curiosity has its own reason for existing. One cannot help but be in awe when he contemplates the mysteries of eternity, of life, of the marvelous structures of reality. It is enough if one merely tries to comprehend a little of this mystery every day. Never lose a holy curiosity." -- Albert Einstein ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ From jya at pipeline.com Fri Aug 18 04:22:20 1995 From: jya at pipeline.com (John Young) Date: Fri, 18 Aug 95 04:22:20 PDT Subject: NYT on Crypto Policy Message-ID: <199508181122.HAA06682@pipe4.nyc.pipeline.com> The New York Times, August 18, 1995, pp. D1, D6. U.S. to Urge A New Policy On Software Affempt at Compromise On Scrambling of Data By John Markoff The Clinton Administration broke a year of silence on its data-scrambling policy yesterday by saying it would soon propose an alternative to the Government's so-called Clipper Chip system, which has been widely criticized by makers and users of computer technology. The Administration announcement is an attempt to reach a compromise with American corporations on a software coding system that would protect the privacy of communication over computer networks while still permitting court-authorized wiretaps and eavesdropping by law enforcement officials. Critics of the Clipper Chip have opposed it because the Government refused to allow public examination of the underlying technology to make sure there were no secret backdoors that might allow unauthorized spying. Privacy-rights advocates attacked the policy because it called for a Government agency to hold a numeric key to each user's code. And technology executives have opposed the Government's data-scrambling policy because it restricts export of other types of data-security systems, which is seen as an impediment to sales of American computer products overseas. Officials of the Commerce Department's National Institute of Standards and Technology, which administers the data- scrambling standard, said yesterday that the Government would convene a workshop on Sept. 6 and 7 to discuss the new proposal. The topics include a proposal to relax the export policy and discussion of an alternative to Clipper technology that would be more palatable to industry executives. Industry officials had written two weeks ago to Vice President Al Gore, calling for resumption of talks that had broken off last year. In the talks last year industry leaders had met with Government officials to seek Clipper Chip alternatives. "I think that moving ahead with industry dialogue is positive," Robert W. Holleyman 2d, president of the Business Software Alliance, said yesterday. The alliance is a group of the industry's largest software companies, including Microsoft, Lotus and Novell. "But much more needs to be fleshed out," Mr. Holleyman said. One big criticism of the Clipper policy was the proviso that a Government agency would hold, in escrow, a decoding key that law-enforcement officials could obtain after receiving a court's authorization. The new proposal would still include a provision for holding keys in escrow, but Government officials said they were now willing to discuss letting non-Government escrow agents hold the keys. Later in September, the Government will hold a second workshop to discuss Federal standards for software coding systems that could then be used as an alternative to Clipper and a related technology called Capstone. In an attempt to establish Clipper and Capstone as de-facto industry standards, the original policy mandated that computer and communications systems sold to the Federal Government must contain Clipper or Capstone hardware. But the new approach might allow computer and communications companies to sell products to the Government that achieved the same privacy protection through software- only means. That would relieve companies doing business with the Government of the obligation to invest in Clipper and Capstone technologies that might not find buyers in the commercial marketplace. Another criticism of the Government s policy has been its longstanding export rules, which have put strict limits on the export of software containing data-encoding capabilities. The assumption has been that the Government's electronic spies, the National Security Agency, would be able to break codes with keys of 40 bits or shorter. But now the Government will consider allowing export of coding systems with keys up to 64 bits long -- on the condition that decoding keys be held in escrow for access by authorized law-enforcement officials. "This is definitely a compromise," said Ray Kammer, the deputy director of the National Institute of Standards and Technology. "During the past year we've had a pretty spirited debate about the possibility of a 64-bit software key-escrow system. Law enforcement people had to get used to the notion it might be possible to do this." The vulnerability of 40-bit systems was underscored two days ago. A French student decoded a message that had been encoded using the 40-bit security feature in the European version of the Netscape Communications Corporation software for navigating the Internet's World Wide Web service. The student, Damien Doligez, at Ecole Polytechnique, a French engineering and sciences college, used 120 computers in a campus network to simultaneously test every key possible in a short period. It took him eight days, but he was able to decode a single encoded Netscape message. Mr. Doligez announced his achievement on the Internet. Yesterday, Netscape issued a statement saying that the version of its software distributed in the United States supports 128-bit keys, which the company said would require more than one trillion times the computing power the French student used to decode the message. Despite the industry's tentative willingness to accept a key-escrow coding plan, civil liberties organizations and other computer experts said that escrow techniques made little sense in light of the fact that private individuals might use any kind of coding system they wished to exchange information domestically. Encoding systems without escrow keys are also widely available overseas. "How does key escrow accomplish what the Government has set out to do?" asked David Sobel, legal counsel for the Electronic Privacy Information Center, a Washington D.C. public interest group. "Nonescrowed encryption is out there," he said. "And for the concerns law and enforcement and intelligence have, the problem remains and it will remain under this policy." [End] From rah at shipwright.com Fri Aug 18 04:32:11 1995 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 18 Aug 95 04:32:11 PDT Subject: Export policy change Message-ID: At 12:12 AM 8/18/95, Timothy C. May wrote: >My neighbor has agreed to be the escrow agent for my keys. He doesn't know >anything about computers, so he's taking my word that the things I give him >every couple of months are disks. He figures that if the Justice Department >ever asks for them, he'll point to the dusty box on the floor of his garage >and say, "There they be." You wouldn't want them to get *dusty*, Tim. Why not embed them in something like epoxy, better, Lexan, to protect them from the elements? Say about a foot thick in all directions... Should make sure the media itself is sufficiently coated too. Don't want the little electrons getting hurt, you know... I see a market opportunity here. Time to buy DuPont stock. I hear it's been depressed lately. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From jgrasty at gate.net Fri Aug 18 04:54:25 1995 From: jgrasty at gate.net (Joey Grasty) Date: Fri, 18 Aug 95 04:54:25 PDT Subject: Exportable if Escrowed Changes Nothing! Message-ID: <199508181152.HAA57449@tequesta.gate.net> C-punks: This "change" that encryption software can be exported if the keys are escrowed means nothing. PGP still couldn't be exported, since it can generate its own keys. You can be sure that any program that generates its own keys couldn't be exported. How are you going to escrow 2^100 possible keys (or whatever it is that PGP can generate)? Thus, this regulatory change means diddly-squat. The only crypto that could be exported would be something like Clipper, and they already said that could be exported. Governments: can't live with 'em, can't shoot 'em. Regards, -- Joey Grasty jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes] jgrasty at pts.mot.com [work -- designing pagers] "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -- John Von Neumann PGP = A7 CC 31 E4 7E A3 36 13 93 F4 C9 06 89 51 F5 A7 From danisch at ira.uka.de Fri Aug 18 04:54:32 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Fri, 18 Aug 95 04:54:32 PDT Subject: Article in Time Magazine Message-ID: <9508181150.AA03711@elysion.iaks.ira.uka.de> In the Time Magazine of this week there is an article about a new way to make war. Instead of sending bombs, tanks, and soldiers, the enemies computers and communication networks are attacked by sending viruses and worms and by using backdoors to sabotage the infra structure. How many exported software products might have backdoors, vulnerabilities, and hidden procedures which are harmfull if ever activated? Any opinions? Hadmut From banisar at epic.org Fri Aug 18 05:00:32 1995 From: banisar at epic.org (Dave Banisar) Date: Fri, 18 Aug 95 05:00:32 PDT Subject: Non-News Govt Announcem Message-ID: It seems more likely that the opposite will occur: Clinton has been pandering for the police vote so strongly that he's more likely to come up with more draconian proposals to curry their favor. -d -------------------------------------- Date: 8/17/95 11:47 PM To: Dave Banisar From: Timothy C. May At 9:49 PM 8/17/95, Dave Banisar wrote: >The White House and NIST annouced today that they were planning to hold two >open meetings next month to develop standards for "acceptable" software key >escrow. The standards will then be made into a FIPS. The programs cannot >have keys larger than 64 bits. > >Its great to see that it only took them 18 months (since Feb. 94) to come >up with a call for public meetings for something that nobody really wants >anyway, expcept for the officals who plan to make it mandatory by slipping >it through bit by bit and a couple of vendors. (sorry, sarcasm mode >off...) One thing I'm hoping for is that Clinton will, as he contemplates his last year and a bit in office, have an attack of "liberalism." That is, I am hoping he realizes that any mandatory key escrow system is not only a massive infringement on the right of people to speak and communicate as they wish, it is also handing the keys to the Surveillance State to the likes of Bob Dole, Jesse Helms, Alonse D'Amato, Newt Gingrich, and William Bennett. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." ------------------ RFC822 Header Follows ------------------ Received: by epic.org with SMTP;17 Aug 1995 23:40:49 U Received: from [205.199.118.202] (tcmay.sensemedia.net [205.199.118.202]) by buckeye.sensemedia.net (8.6.9/8.6.9) with SMTP id UAA05708; Thu, 17 Aug 1995 20:47:55 -0700 Date: Thu, 17 Aug 1995 20:47:55 -0700 X-Sender: tcmay at mail.got.net Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 1 (Highest) To: banisar at epic.org (Dave Banisar), cypherpunks at toad.com From: tcmay at got.net (Timothy C. May) Subject: Re: Non-News Govt Announcement on Key Escrow _________________________________________________________________________ Subject: RE>>Non-News Govt Announcement on... _________________________________________________________________________ David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * ftp/gopher/wais cpsr.org Washington, DC 20003 * HTTP://epic.digicash.com/epic From fc at all.net Fri Aug 18 05:34:06 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Fri, 18 Aug 95 05:34:06 PDT Subject: Exportable if Escrowed Changes Nothing! In-Reply-To: <199508181152.HAA57449@tequesta.gate.net> Message-ID: <9508181232.AA06225@all.net> > C-punks: > > This "change" that encryption software can be exported if the keys are > escrowed means nothing. PGP still couldn't be exported, since it can > generate its own keys. You can be sure that any program that generates > its own keys couldn't be exported. How are you going to escrow 2^100 > possible keys (or whatever it is that PGP can generate)? As I said, for $1 each, I will be happy to escrow all 2^100th keys for 100 bit PGP. Send your dollars to the address below: -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From syshtg at gsusgi2.Gsu.EDU Fri Aug 18 05:35:52 1995 From: syshtg at gsusgi2.Gsu.EDU (Tom Gillman) Date: Fri, 18 Aug 95 05:35:52 PDT Subject: Rant Generator Message-ID: <199508181235.IAA10123@gsusgi2.Gsu.EDU> Anybody have the URL of that rant generator that was mentioned here a couple of weeks ago. Due to unforeseen circumstances, all my annotations got lost :( Thanks, -- Tom Gillman, Unix/AIX Systems Weenie |"For a privacy advocate to determine Wells Computer Center-Ga. State Univ. |the best way to do key escrow is like (404) 651-4503 syshtg at gsusgi2.gsu.edu |a death penalty opponent choosing I'm not allowed to have an opinion. |between gas or electricity"-D.Banisar key to UNIX: echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq'|dc From jgrubs at voxbox.norden1.com Fri Aug 18 05:52:26 1995 From: jgrubs at voxbox.norden1.com (Jim Grubs, W8GRT) Date: Fri, 18 Aug 95 05:52:26 PDT Subject: PRZ Wins One Message-ID: <70510c2w165w@voxbox.norden1.com> John Young writes: > PRZ is awarded a 1995 Chrysler Award for Innovation in > Design, says a $40,000 full-page ad in The NYT today, with > a brief citation: > > Philip Zimmermann is the designer of Pretty Good Privacy > (PGP), an E-mail encryption software. Thanks to the > algorithms of PGP, which was released to the public as > free software in 1991, E-mail messages can be sent > securely all over the world without the risk of > interception by any third party. > > No mention of the free-world leader's sword poised to > decapitalize the public-spirited designer to protect IC > hegemony. No need. The implied vote of support is quite clear. -- WebCasters(tm) James C. Grubs jgrubs at voxbox.norden1.com 6817 Maplewood Avenue Tel.: 419-882-2697 Sylvania, Oh 43560 Fax: 419-885-2814 Internet consulting, HTML programming, Information brokering From merriman at arn.net Fri Aug 18 06:45:56 1995 From: merriman at arn.net (David K. Merriman) Date: Fri, 18 Aug 95 06:45:56 PDT Subject: Export policy change Message-ID: <199508181352.IAA28188@arnet.arn.net> >Ok, let's escrow our keys with Julf :-) > >Seriously, there might be a market for somebody to become a professional >escrow agent.... > >(tongue partially in cheek) > I will cheerfully escrow keys for 1$ ecash/key. Please be advised, however, that key storage will be on an old 40M RLL drive on an 8088 machine, so retrieval may be a bit slow and unreliable....... Yes, I'm really serious about the fee and storage medium. Dave Merriman This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From Damien.Doligez at inria.fr Fri Aug 18 07:07:30 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Fri, 18 Aug 95 07:07:30 PDT Subject: Cost to Crack Keys Message-ID: <9508181407.AA07951@couchey.inria.fr> This is how you can crack SSL RC4-40 sessions for $1000 each: Go to your bank and get a $250,000 loan over 10 years. Assuming a 10% interest rate, you will have to pay about $40,000 per year. Use the $250,000 to buy 50 low-cost high-speed pentium PCs. Don't bother with a screen, keyboard or mouse. Get the minimum of memory. Get a huge discount (you're a really good client). Pay $10,000 for the electricity bill, the real-estate rent, etc. The machines will crack 50 keys per year on average. They cost you $50,000 per year. That's $1,000 per key. Does anyone see any hole in the above plan ? It seems to me that Netscape's estimate is one order of magnitude too high. -- Damien From harveyrj at vt.edu Fri Aug 18 07:11:45 1995 From: harveyrj at vt.edu (R. J. Harvey) Date: Fri, 18 Aug 95 07:11:45 PDT Subject: Netscape security Message-ID: <9508181411.AA11657@toad.com> On the subject of Netscape: Now that Netscape is making the Commerce Server available for free to students, faculty, libraries, etc. (i.e., groups with limited ability to cough-up $290 to RSA to get the 1-year digitially-signed certificate needed to make it operate in "secure mode"), does anyone know of alternative methods for producing such certificates? rj ------------------------------------------------------ R. J. Harvey email: harveyrj at vt.edu WWW site for job analysis & personality research: http://harvey.psyc.vt.edu/ PGP key at http://harvey.psyc.vt.edu/RJsPGPkey.txt From jya at pipeline.com Fri Aug 18 07:21:47 1995 From: jya at pipeline.com (John Young) Date: Fri, 18 Aug 95 07:21:47 PDT Subject: BUK_guv Message-ID: <199508181421.KAA22725@pipe6.nyc.pipeline.com> 8-18-95. W$Japer: "Encryption-Software Plan Presented Using 'Keys' Held by Escrow Agents." [This is a variation on the Markoff article today, with a bit more.] Companies hoping to start selling stronger encryption products will have to wait a few months, since the administration has yet to sort out important details. For instance, one unresolved issue is how to certify escrow agents to keep fly-by-night operators and organized-crime figures out of the business. And the administration's emerging policy doesn't deal with data-security hardware -- products that wire the encryption schemes right into chips or other devices. Even with the export restrictions, U.S. officials haven't been able to stop widespread international distribution of an encryption program, called Pretty Good Privacy, that is nearly impossible to crack. "Seizure of Electronic Messages In Obscenity Case Raises Questions." Users of a small computer bulletin board in Ohio sued local authorities who seized their electronic mail and other materials as part of an investigation into obscene postings. In their lawsuit, which appears to be the first of its kind, the plaintiffs contend that the Hamilton County Regional Computer Crimes Task Force and other authorities violated their rights to free speech and privacy by seizing their messages during a June raid of five bulletin boards. The plaintiffs also allege that, by seizing their private electronic messages, the authorities violated the Electronic Communications Privacy Act. Double yolk: BUK_guv (about 11kb) From jya at pipeline.com Fri Aug 18 07:23:45 1995 From: jya at pipeline.com (John Young) Date: Fri, 18 Aug 95 07:23:45 PDT Subject: 28M_dip Message-ID: <199508181423.KAA23006@pipe6.nyc.pipeline.com> 8-17-95. FPeach: "Russian 'in $2.8m Citibank computer fraud'." Citibank New York fell victim to a $2.8m fraud after a Russian computer hacker penetrated the bank's security system in Wall Street and removed the money from the accounts of corporate clients, it was claimed in a London court yesterday. The alleged fraud was carried out by a 24 year-old mathematics graduate using a computer in his office in St Petersburg, claim the US authorities, which are seeking his extradition from the UK. 8-17-95. NYPaper: "Russian Accused of Citibank Computer Fraud." A judge set another hearing for Sept. 15 after Mr. Levin's lawyer argued that the Government has not shown that any computer in the United States was involved. Stereo: 28M_dip (about 6kb) From banisar at epic.org Fri Aug 18 07:26:45 1995 From: banisar at epic.org (Dave Banisar) Date: Fri, 18 Aug 95 07:26:45 PDT Subject: NIST Release on Key Escrow Message-ID: EMBARGOED FOR RELEASE: NIST 95-24 3 p.m. EDT, Thursday, Aug. 17, 1995 Contact: Anne Enright Shepherd COMMERCE'S NIST ANNOUNCES (301) 975-4858 PROCESS FOR DIALOGUE ON KEY ESCROW ISSUES Furthering the Administration's commitment to defining a workable key escrow encryption strategy that would satisfy government and be acceptable to business and private users of cryptography, the Commerce Department's National Institute of Standards and Technology announced today renewed dialogue on key escrow issues. A Sept. 6-7 workshop will convene industry and government officials to discuss key escrow issues, including proposed liberalization of export control procedures for key escrow software products with key lengths up to 64 bits, which would benefit software manufacturers interested in building secure encryption products that can be used both domestically and abroad. Key escrow encryption is part of the Administration's initiative to promote the use of strong techniques to protect the privacy of data and voice transmissions by companies, government agencies and others without compromising the government's ability to carry out lawful wiretaps. In a July 1994 letter to former Rep. Maria Cantwell, Vice President Gore said that the government would work on developing exportable key escrow encryption systems that would allow escrow agents outside the government, not rely on classified algorithms, be implementable in hardware or software, and meet the needs of industry as well as law enforcement and national security. Since that time, discussions with industry have provided valuable guidance to the Administration in the development of this policy. For example, many companies are interested in using a corporate key escrow system to ensure reliable back-up access to encrypted information, and the renewed commitment should foster the development of such services. Consideration of additional implementations of key escrow comes in response to concerns expressed by software industry representatives that the Administration's key escrow policies did not provide for a software implementation of key escrow and in light of the needs of federal agencies for commercial encryption products in hardware and software to protect unclassified information on computer and data networks. Officials also announced a second workshop at which industry is invited to help develop additional Federal Information Processing Standards for key escrow encryption, specifically to include software implementations. This standards activity would provide federal government agencies with wider choices among approved key escrow encryption products using either hardware or software. Federal Information Processing Standards provide guidance to agencies of the federal government in their procurement and use of computer systems and equipment. Industry representatives and others interested in joining this standards-development effort are invited to a key escrow standards exploratory workshop on Sept. 15 in Gaithersburg, Md. This workshop is an outgrowth of last year's meetings in which government and industry officials discussed possible technical approaches to software key escrow encryption. The Escrowed Encryption Standard, a Federal Information Processing Standard for use by federal agencies and available for use by others, specifies use of a Key Escrow chip (once referred to as "Clipper chip") to provide strong encryption protection for sensitive but unclassified voice, fax and modem communications over telephone lines. Currently, this hardware-based standard is the only FIPS-approved key escrow technique. NIST officials anticipate proposing a revision to the Escrowed Encryption Standard to allow it to cover electronic data transmitted over computer networks. Under this revised federal standard, the Capstone chip and other hardware-based key escrow techniques developed for use in protecting such electronic data also will be approved for use by federal agencies. As a non-regulatory agency of the Commerce Department's Technology Administration, NIST promotes U.S. economic growth by working with industry to develop and apply technology, measurements and standards. - 30 - Note to editors: Readers who are interested in obtaining more information about the workshops can contact Arlene Carlton, (301) 975-3240, fax: (301) 948-1784, e-mail: carlton at micf.nist.gov. From dan at milliways.org Fri Aug 18 07:48:18 1995 From: dan at milliways.org (Dan Bailey) Date: Fri, 18 Aug 95 07:48:18 PDT Subject: Where is the key cracking farming software? Message-ID: <199508181448.AA24966@ibm.net> On Fri, 18 Aug 1995 02:11:00 -0400 you wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >With all the talk about cracking SSL, where is the cracking software? >Sombody just offered me a six Pentium workstation, if I agree to give it a >"real workout". I'd like to be able to say: "Sure, will do." There must be several versions of the code at this point. The Cypherpunks release, Damien's release and whoever else wrote some code to do the chore. If someone could pass me a pointer to the version that's best-commented and most understandable (one man's C is another man's crypto) I'd like to port it to Windows NT and write a simple installation to install it as a service. Perhaps a general-purpose OO bruteforcing library (addition to Crypto++?) would be a good idea. Just pass a pointers to the encrypt() and decrypt() functions to use for this session to the Cracker object, which in turn takes a number of bits and starts cracking.:) The problem with this is the disparity among out-of-the-box encrypt and decrypt functions. But I suppose it's nothing that couldn't be overcome with wrapper functions. Just thinking out loud. :) Dan ****************************************************************************** "I think, therefore I am" - Descartes Dan Bailey "I don't think, therefore I'm a moustache." - Sartre dan at milliways.org Worcester Polytechnic Institute and The Restaurant at the End of the Universe ****************************************************************************** From dat at ebt.com Fri Aug 18 07:49:50 1995 From: dat at ebt.com (David Taffs) Date: Fri, 18 Aug 95 07:49:50 PDT Subject: [frissell@panix.com: Re: CoS Raid on "Copyright Terrorist"] Message-ID: <9508172033.AA10908@veronica.EBT.COM> --RAV01412.808624601/portland.ebt.com Content-Type: message/rfc822 Return-Path: dat Received: from veronica.EBT.COM (veronica [198.112.112.3]) by portland.ebt.com (8.6.9/8.6.9) with SMTP id MAA01172 for ; Tue, 15 Aug 1995 12:06:21 -0700 From: David Taffs Received: by veronica.EBT.COM (5.0/CF5.1L) id AA08383; Tue, 15 Aug 1995 12:04:37 +0800 Date: Tue, 15 Aug 1995 12:04:37 +0800 Message-Id: <9508151904.AA08383 at veronica.EBT.COM> To: maryt at wv.mentorg.com Subject: [frissell at panix.com: Re: CoS Raid on "Copyright Terrorist"] content-length: 1249 X-Sender: frissell at panix.com X-Mailer: Windows Eudora Version 2.1.1 Mime-Version: 1.0 Date: Tue, 15 Aug 1995 09:18:43 -0400 To: futplex at pseudonym.com (Futplex) From: Duncan Frissell Subject: Re: CoS Raid on "Copyright Terrorist" Cc: cypherpunks at toad.com Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text/plain; charset="us-ascii" Content-Length: 855 At 09:28 AM 8/14/95 -0400, Futplex wrote: >Some CoS news: > >This past Saturday (95/08/12) a prominent Church of Scientology litigator, >Helena Kobrin, and some U.S. federal marshals raided the home of Arnaldo >Lerma, seizing pretty much all his computer hardware, disks, etc. So why is it that people insist on listing their home addresses with their ISP's rather than a mail receiving service or something else. It is very hard to raid a mail drop and obtain anything useful. While it is true that if you blow up buildings, the Fibbies may be able to find you, quite simple techniques can frustrate even quite dedicated private parties. DCF "We warned you mental defectives back in '65 that the socialized medicine offered by Medicare and Medicaid would be expensive, lousy, and eventually not there at all but you didn't believe us. Good luck." --RAV01412.808624601/portland.ebt.com-- From dat at ebt.com Fri Aug 18 07:49:51 1995 From: dat at ebt.com (David Taffs) Date: Fri, 18 Aug 95 07:49:51 PDT Subject: [frissell@panix.com: Re: CoS Raid on "Copyright Terrorist"] Message-ID: <9508172030.AA10875@veronica.EBT.COM> --RAK01412.808623897/portland.ebt.com Content-Type: message/rfc822 Return-Path: dat Received: from veronica.EBT.COM (veronica [198.112.112.3]) by portland.ebt.com (8.6.9/8.6.9) with SMTP id RAA13095 for ; Tue, 15 Aug 1995 17:52:35 -0700 From: David Taffs Received: by veronica.EBT.COM (5.0/CF5.1L) id AA10092; Tue, 15 Aug 1995 17:50:51 +0800 Date: Tue, 15 Aug 1995 17:50:51 +0800 Message-Id: <9508160050.AA10092 at veronica.EBT.COM> To: maryt at wv.mentorg.com Subject: [frissell at panix.com: Re: CoS Raid on "Copyright Terrorist"] content-length: 1370 X-Sender: frissell at panix.com X-Mailer: Windows Eudora Version 2.1.1 Mime-Version: 1.0 Date: Tue, 15 Aug 1995 16:00:06 -0400 To: m5 at dev.tivoli.com (Mike McNally) From: Duncan Frissell Subject: Re: CoS Raid on "Copyright Terrorist" Cc: cypherpunks at toad.com Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text/plain; charset="us-ascii" Content-Length: 975 At 01:17 PM 8/15/95 CDT, Mike McNally wrote: >Mailboxes Etc. insists on getting a picture ID; at least they did last >time I checked. Some smaller mom&pop places will take a business card >(time to break out your Jim Rockford Business Card Fabrication Kit). I always supply picture ID these days. It's really rough getting those cold lamination-Employee ID kits from Office Depot, taking the polaroid on a blue background, trimming the photo, and assembling the employment ID. I'm one of my best employees. Don't forget to include your EMP_NO. It gives the clerk something to write down. DCF "Governments are simply not fully sovereign in the world of information; their powers within it are strangely limited....This weakness of government control within computer nets--a product of strongly protected privacy, a lack of frontiers and confusions of jurisdiction--make them natural places for subversion." -- The Economist "Softwar--A Survey of Defence Technology" --RAK01412.808623897/portland.ebt.com-- From adam at bwh.harvard.edu Fri Aug 18 08:04:58 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 18 Aug 95 08:04:58 PDT Subject: use PGP for http encryption instead! In-Reply-To: <199508180329.XAA00456@frankenstein.piermont.com> Message-ID: <9508181458.AA01838@joplin.harvard.edu> | "George P. Magiros" writes: | > i don't mean to be extremely brash, but couldn't one use PGP to provide | > encrypted communication with the web. | | You ought to read up on S-HTTP, the expert on said protocol being our | very own Eric Rescorla... PGP support was taken out of the latest SHTTP draft, apparently because no one had implemented it. Should someone build a libSHTTP with PGP support, I suspect it would get back into the spec. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From altitude at cic.net Fri Aug 18 08:08:47 1995 From: altitude at cic.net (Alex Tang) Date: Fri, 18 Aug 95 08:08:47 PDT Subject: Netscape security In-Reply-To: <9508181411.AA11657@toad.com> Message-ID: <199508181508.LAA11362@petrified.cic.net> On Fri Aug 18 10:11:07 1995: you scribbled... > > On the subject of Netscape: > Now that Netscape is making the Commerce Server available > for free to students, faculty, libraries, etc. (i.e., groups > with limited ability to cough-up $290 to RSA to get the > 1-year digitially-signed certificate needed to make it operate > in "secure mode"), does anyone know of alternative methods for > producing such certificates? are you sure that this is a commerce server? Last I saw, It was only the Communications server (doesn't have SSL). I could be wrong though. ...alex... From adam at bwh.harvard.edu Fri Aug 18 08:15:02 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 18 Aug 95 08:15:02 PDT Subject: Netscape security In-Reply-To: <9508181411.AA11657@toad.com> Message-ID: <9508181509.AA01916@joplin.harvard.edu> To clear up some apparent confusion: The Commerce server is not the certificate. The NSCP Commerce Server is an httpd. Non-profits and educationals still need to pay Verisign for a certificate. They do not need to pay NSCP for a $5,000 web server. The certificates must be signed by an approved key signing agency. Anyone can produce one; to get it to interact 'securely' with free netscape browsers you need the certificate to be signed. There is no word as to how to become a KSA. Netscpe has ignored the question on several occaisons. Adam | On the subject of Netscape: | Now that Netscape is making the Commerce Server available | for free to students, faculty, libraries, etc. (i.e., groups | with limited ability to cough-up $290 to RSA to get the | 1-year digitially-signed certificate needed to make it operate | in "secure mode"), does anyone know of alternative methods for | producing such certificates? -- "It is seldom that liberty of any kind is lost all at once." -Hume From sommerfeld at orchard.medford.ma.us Fri Aug 18 08:17:33 1995 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Fri, 18 Aug 95 08:17:33 PDT Subject: Cost to Crack Keys In-Reply-To: <9508181407.AA07951@couchey.inria.fr> Message-ID: <199508181501.PAA00845@orchard.medford.ma.us> -----BEGIN PGP SIGNED MESSAGE----- And I think your cost estimate is also too high. You're assuming $5000 per system, and that's way too high. You only need a power supply, a motherboard, a processor, a *tiny* amount of RAM, a network device of some sort (so you can netboot the systems), and probably a cheezeball display card; you can put one or two monitors on a cart if you *really* need one hooked up. You don't need a disk or disk controller -- it's just something else to break.. Prices selected by throwing darts at the August Computer Shopper. There are probably lower ones.. P120 motherboard + processor: $1099 P100 motherboard + processor: 666 case & power supply: $40 network card (10base2): $40 4MB memory: $160 VGA display card: $29 keyboard: $15 So, one could put together a P100 compute server for about $1000, and a P120 for about $1400.. the P100 is a better deal at this point. I suspect that with a little work, you could share power supplies between multiple motherboards, rack-mount the systems, share keyboards, etc. You might need a slightly more expensive LAN card for netbooting... That cuts your cost estimate down by a factor of about 3 or better, to around $350.00 I think your electricity estimate may be a bit low, but electricity is expensive where I live in the northeast U.S... - Bill -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBMDSrMrT+rHlVUGpxAQEbpAP/TIvDxLjfcdDdqhM5lIG9KEjeIFDWfgMF qk8RDE1PtAcYrq8SMjgrZ52KU7gf0t0QPs44ZGSC42ff5Z9gRpBGt7f7Qx8GUhPs 6kMVzmkwX9v0XLjcVC9Z/0f7diymWWfFXHW6HHTnYXseoRdmG3MBaDYWkFLiRQSh ddGscgV48tg= =ylld -----END PGP SIGNATURE----- From harveyrj at vt.edu Fri Aug 18 08:28:23 1995 From: harveyrj at vt.edu (R. J. Harvey) Date: Fri, 18 Aug 95 08:28:23 PDT Subject: Netscape security Message-ID: <9508181528.AA14614@toad.com> At 11:08 AM 8/18/95 -0400, Alex Tang wrote: >On Fri Aug 18 10:11:07 1995: you scribbled... >> >> On the subject of Netscape: >> Now that Netscape is making the Commerce Server available >> for free to students, faculty, libraries, etc. (i.e., groups >> with limited ability to cough-up $290 to RSA to get the >> 1-year digitially-signed certificate needed to make it operate >> in "secure mode"), does anyone know of alternative methods for >> producing such certificates? > >are you sure that this is a commerce server? Last I saw, It was only the >Communications server (doesn't have SSL). I could be wrong though. > >...alex... > Yes, I got an email on it this morning. Check-out: http://home.netscape.com/comprod/server_central/index.html. rj ------------------------------------------------------ R. J. Harvey email: harveyrj at vt.edu WWW site for job analysis & personality research: http://harvey.psyc.vt.edu/ PGP key at http://harvey.psyc.vt.edu/RJsPGPkey.txt From dneal at usis.com Fri Aug 18 08:29:19 1995 From: dneal at usis.com (David Neal) Date: Fri, 18 Aug 95 08:29:19 PDT Subject: Export policy change In-Reply-To: <199508181352.IAA28188@arnet.arn.net> Message-ID: On Fri, 18 Aug 1995, David K. Merriman wrote: > >Ok, let's escrow our keys with Julf :-) > > > >Seriously, there might be a market for somebody to become a professional > >escrow agent.... > > > >(tongue partially in cheek) > > > > I will cheerfully escrow keys for 1$ ecash/key. Please be advised, however, > that key storage will be on an old 40M RLL drive on an 8088 machine, so > retrieval may be a bit slow and unreliable....... Same here -- I have an original Compaq "Sewing Machine" Portable with a 40MB hard card. Of course the HD sticks and needs a good whacking sometimes, and the last floppy came out of the drive smoking and covered in grease. (You DO have a 5 1/4" 360K floppy don't you?) My service, however is $2. That's because all keys are encrypted against my key, which is unfortunately escrowed with the fellow listed above. Sorry about having to pass along the extra costs. :-) David Neal - GNU Planet Aerospace 1-800-PLN-8-GNU Unix, Sybase and Networking consultant. "...you have a personal responsibility to be pro-active in the defense of your own civil liberties." - S. McCandlish From sameer at c2.org Fri Aug 18 08:34:20 1995 From: sameer at c2.org (sameer) Date: Fri, 18 Aug 95 08:34:20 PDT Subject: Netscape security In-Reply-To: <9508181509.AA01916@joplin.harvard.edu> Message-ID: <199508181529.IAA01360@infinity.c2.org> > The certificates must be signed by an approved key signing > agency. Anyone can produce one; to get it to interact 'securely' with > free netscape browsers you need the certificate to be signed. > > There is no word as to how to become a KSA. Netscpe has > ignored the question on several occaisons. > It is interesting that in order for me to use the commerce server on an *internal* application I am working on, my project *still* needed to get the key signed by verisign, even though no one outside of the company i am working for will have access to the commerce server my application is running on. -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From lws+ at transarc.com Fri Aug 18 08:34:23 1995 From: lws+ at transarc.com (Lyle Seaman) Date: Fri, 18 Aug 95 08:34:23 PDT Subject: SSL challenge -- broken ! In-Reply-To: <9508180154.AA02120@euclid.Heuristicrat.COM> Message-ID: jordan at Heuristicrat.COM (Jordan Hayes) writes: > talking to the right people. Fraud eats away a big chunk of revenue > and can quite significantly affect competitiveness in a market with > thin margins. The credit card market has thin margins? That's news to me. From merriman at arn.net Fri Aug 18 09:01:32 1995 From: merriman at arn.net (David K. Merriman) Date: Fri, 18 Aug 95 09:01:32 PDT Subject: Export policy change Message-ID: <199508181608.LAA29884@arnet.arn.net> At 10:25 AM 8/18/95 -0500, you wrote: >On Fri, 18 Aug 1995, David K. Merriman wrote: > >> >Ok, let's escrow our keys with Julf :-) >> > >> >Seriously, there might be a market for somebody to become a professional >> >escrow agent.... >> > >> >(tongue partially in cheek) >> > >> >> I will cheerfully escrow keys for 1$ ecash/key. Please be advised, however, >> that key storage will be on an old 40M RLL drive on an 8088 machine, so >> retrieval may be a bit slow and unreliable....... > > >Same here -- I have an original Compaq "Sewing Machine" Portable with >a 40MB hard card. Of course the HD sticks and needs a good whacking >sometimes, and the last floppy came out of the drive smoking and >covered in grease. (You DO have a 5 1/4" 360K floppy don't you?) Yeah - it's my 'good' fdd. The other one is a 180K :-) Dave This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From pierre at shell.portal.com Fri Aug 18 09:05:02 1995 From: pierre at shell.portal.com (Pierre Uszynski) Date: Fri, 18 Aug 95 09:05:02 PDT Subject: SSL challenge -- broken ! Message-ID: <199508181603.JAA09123@jobe.shell.portal.com> Jordan (jordan at Heuristicrat.COM) attempts to correct me ;-) > > From pierre at shell.portal.com Thu Aug 17 18:29:41 1995 > > > > Unfortunately, in this case, insecure credit cards are not an > > obstacle to banks making money, so why should they care? > > [...] if you think that the major card issuers "don't care" about > cutting (or eliminating) fraud, you're not talking to the right > people. Fraud eats away a big chunk of revenue [...] Creative quoting aside, the point of my post, if it needs further clarification, was that the cost of fraud is not only a burden to the banks as some people seem to think. It is not even only transmitted back to the customers in the form of higher fees and interest rates. Card issuers can, do, and should as long as they can get away with it, rely on methods against fraud that are less costly to them. That's because they answer to their bottom line, to their share holders. There are disincentives to fraud in the form of legal penalties and threat of same, even the impression that credit cards are insecure may help by limiting what (some) people dare to do with them. The costs of these methods of fighting fraud is carried in part even by us who don't even usually use credit cards! The highest the penalties and cost of enforcement, the lowest the direct burden on banks, but that does not necessarily mean that our (user's) bottom line will improve. For citizens and tax payers who are not significant share holders, it's not enough to ask the card issuers what the cost of card insecurity is to them. "Our cost is higher." By making some credit card fraud illegal, enforcing, etc... we actually allow card issuers to use less secure mechanisms and procedures (although I'll agree this does not apply to the 40 bit key nonsense, that's one case where banks and businesses would be happy to use longer keys.) (the equivalent mis-quote about politicians applies here :-) Pierre. pierre at shell.portal.com (And I will not contribute further to this side thread.) From aba at dcs.exeter.ac.uk Fri Aug 18 09:08:43 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Fri, 18 Aug 95 09:08:43 PDT Subject: Where is the key cracking farming software? Message-ID: <14470.9508181605@exe.dcs.exeter.ac.uk> Dan Bailey writes on cpunks: > There must be several versions of the code at this point. The > Cypherpunks release, Damien's release and whoever else wrote some code > to do the chore. If someone could pass me a pointer to the version > that's best-commented and most understandable (one man's C is another > man's crypto) I'd like to port it to Windows NT and write a simple > installation to install it as a service. Yep there's lots of versions of the brutessl software, ones I know of (in no particular order): - Damien Doligez wrote one - Andrew Roos wrote on (this is the one we're using for the challenge) - Eric Young wrote one - I wrote one More related softwares, specifications etc. - Piete Brookes, Andy Brown, and I wrote a protocol specification for a SMTP style key doler - SKSP (Simple Key Search Protocol) - draft RFC like document on brute (www url below). - Piete wrote a unix socket based key server and client for generic unix machines (in perl). - Andy Brown wrote a Windows NT client which talks the same protocol - David Byers did a MasPar port of the brutessl code > Perhaps a general-purpose OO bruteforcing library (addition to > Crypto++?) would be a good idea. Just pass a pointers to the > encrypt() and decrypt() functions to use for this session to the > Cracker object, which in turn takes a number of bits and starts > cracking.:) The socket based key distributer allows you to write clients which interact with the key server. Take a look at Andy's code. > The problem with this is the disparity among out-of-the-box encrypt > and decrypt functions. But I suppose it's nothing that couldn't be > overcome with wrapper functions. Just thinking out loud. :) Not sure how Andy addresses this in the NT code (I don't have NT), but for the unix client you'd just get another brute force program, compile it and update the client. Piete has a WWW URL for the software (the protocol spec is there too) at: http://www.brute.cl.cam.ac.uk/brute/ (Brute is a subsubdomain he set up for the purpose). Also this: ftp://ftp.brute.cl.cam.ac.uk/pub/brute/ should work. And the socket server runs on: sksp.brute.cl.cam.ac.uk (port 19957). I think we're ready to start another challenge, this one a collaborative project like the brute rc4 one. Just need some challenges now (asked Hal about this). Adam From perry at piermont.com Fri Aug 18 09:30:50 1995 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 18 Aug 95 09:30:50 PDT Subject: SSL challenge -- broken ! In-Reply-To: Message-ID: <199508181629.MAA02496@frankenstein.piermont.com> Lyle Seaman writes: > jordan at Heuristicrat.COM (Jordan Hayes) writes: > > talking to the right people. Fraud eats away a big chunk of revenue > > and can quite significantly affect competitiveness in a market with > > thin margins. > > The credit card market has thin margins? That's news to me. Its true. The issuers often end up making most of their money for a transaction on the fee and not on the two points off the top -- that money ends up getting divvied up and lots of it disappears into fraud costs and other similar places. The other big place they make their money is on the interest they charge people who don't pay off their balance every month, but for someone like me who does, they are indeed earning a fairly small margin. Perry From fc at all.net Fri Aug 18 09:36:57 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Fri, 18 Aug 95 09:36:57 PDT Subject: SSL challenge and escrows Message-ID: <9508181635.AA23177@all.net> I think a lot of people miss the distinction between automated message cracking and dumpster diving. Dumpster diving is not free. It costs at least a dollar each to get credit card slips by dumpster diving. Consider that in order to use the information, you have to get the slip, pull off the numbers, enter them into a computer (or even worse yet, create a phoney card or make a phone call) in order to use the information. The break-even point for an automated cracking and usage system is more than a dollar per stolen card. My parallel processor is actually more cost effective for crimilar theft via credit card fraud. What does this have to do with escrow? My escrow offer costs less than the cost of crimial attack. If it reduces attack, it is cost effective and should lower the overall cost of transaction processing. In fact, I have a friend who says he will escrow keys for free, but he is less trustworhty than I am, and I think he wants to get his dollar on the other side. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From cwe at it.kth.se Fri Aug 18 09:54:56 1995 From: cwe at it.kth.se (Christian Wettergren) Date: Fri, 18 Aug 95 09:54:56 PDT Subject: Where is the key cracking farming software? In-Reply-To: <14470.9508181605@exe.dcs.exeter.ac.uk> Message-ID: <199508181654.SAA10686@piraya.electrum.kth.se> | Yep there's lots of versions of the brutessl software, ones I know of | (in no particular order): | | - Damien Doligez wrote one | - Andrew Roos wrote on (this is the one we're using for the challenge) | - Eric Young wrote one | - I wrote one | I think we're ready to start another challenge, this one a | collaborative project like the brute rc4 one. Just need some | challenges now (asked Hal about this). I think it is time this kind of software is outlawed! I mean, it is a criminal instrument, and the only good it does is to embarrase good old well-meaning companies trying to make a profit. Besides, the customers should know better than to buy stuff over the net! And Netscape said AS IS all the time, didn't they? (Just joking! :-)) But seriously, I wonder how long it will take before bruteXXX programs will be classified as "criminal instruments"? As well as real good random generators, I guess? (I don't think they will outlaw the XOR op, so to get rid of one-time-pads they have to go for the random gen...) /Christian From panzer at dhp.com Fri Aug 18 10:34:08 1995 From: panzer at dhp.com (Panzer Boy) Date: Fri, 18 Aug 95 10:34:08 PDT Subject: SSL challenge -- broken ! In-Reply-To: Message-ID: <412j0b$6em@dhp.com> John Pettitt (jpp at software.net) wrote: : Huh? So you run on 120 workstations worth how much? to steal a credit : card number worth how much? Get real - there are hundreds of ways : to get credit card numbers that cost less. The idea is to make : breaking SSL less attractive than dumpster diving not to make it : impossible. I'll lay odds that I could get the credit card number : of *any* individual in the US in less elapsed time and with nothing : more than a $1000 windoze machinei, a telephone and a modem. I'll ignore the offer to gamble due to agreeing with you. However, your comparision to dumpster diving is kinda weak. People everytday use thousands of dollars worth of computer equipment to download pictures from select newsgroups. They have spent couple grand to be able to download and veiw these pictures on their screens. Now if you told them that they could just mail order some videos, magazines or the like, they'ld tell you it's "easier" their way. Many people have access to piles and piles of computer horsepower. People without that will still do dumpster diving, but bored sys-admins, college students, college-professors, office workers, etc will still have easy access to this type of computing power. The problem also lays in the fact that people are led to believe that their information is safe against most attacks, when it's obvious that this information is only safe for a very short time. Has anyone thought about starting up a distributed rc4 cracking web. Send in your message to a web server form, it will then spawn of requests to a pool of machines willing to try cracking rc4 for you. Allow anyone to offer up spare cycles towards the effort. -- -Matt (panzer at dhp.com) DI-1-9026 "That which can never be enforced should not be prohibited." From poodge at econ.Berkeley.EDU Fri Aug 18 10:34:33 1995 From: poodge at econ.Berkeley.EDU (Sam Quigley) Date: Fri, 18 Aug 95 10:34:33 PDT Subject: Distributed computing In-Reply-To: <14470.9508181605@exe.dcs.exeter.ac.uk> Message-ID: <199508181734.KAA03684@emily6.Berkeley.EDU> -----BEGIN PGP SIGNED MESSAGE----- This may be more of a computer science question than a cryptography one, but it seems relevant to the current discussion: What is the current technology for running large compute-intensive jobs accross a whole lotta computers? Specifically, what's the best way to run something like a big key-cracking job on a farm of workstations? Run separate jobs on each machine that check in to a main server for new keys to crack? Or is there a better way? Also, on the note of producing a cheap parallel setup: a simple 90MHz pentium motherboard is ~$150. A cheap network card is under $50, and I'll bet it's possible to build a custom power-supply that'll juice a whole bunch of motherboards for under $200. You don't need monitors or keyboards for these machines -- just one of each to plug into the various machines to troubleshoot. Thus, the incremental cost of adding another pentium to a big cracking job is about $200 -- the startup cost is the cost of the distributed power supply, monitor, keyboard, etc. plus one server. And it's even cheaper to build this sort of setup if you go to someone who knows what s/he is doing, and can put a whole lotta CPUs onto one motherboard... The point is, that while one pentium can't do a whole lot, it's pretty cheap to build a DIY pentium "farm." And if a whole lot of people have these farms, and are willing to run distributed cracking jobs on them, computing power like that of the systems used in the RC40 crack is very easy to come by. Finally, there is a factor that hasn't been touched on much yet. Credit cards are not the crux of the problem: in the years to come, there will be more and more ways to manipulate money on the net. Charles Schwab is already working on a way to trade stocks wholesale over the net (or have they already started?), and I know of a couple other companies that have plans in the works to do the same. If it's possible for a small group to break one of *these* keys in a relatively short time (a month or two, I suppose), the money at stake could be well worth the compute time involved. - -sq -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMDTPE1IP+Y8TPTdtAQGf3wP/f+X6nCvFqnqtdjUv4JqV3AMZVTXaf1At TCvP8DByrbRH/Yo/1PQvtOkLIcmII1meI0FQjLRsE13EL5KNZoppyAkcCTl5Rr92 bsrHZsZLI3cYry9YZP/m1XthrrZg5ppePIbfOiUzqoCYHCUvqlhJyTRl00Y4lZP4 +mLYuDh1Rps= =+Tij -----END PGP SIGNATURE----- From rsalz at osf.org Fri Aug 18 10:39:56 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 18 Aug 95 10:39:56 PDT Subject: Netscape security Message-ID: <9508181739.AA21179@sulphur.osf.org> > There is no word as to how to become a KSA. Netscpe has >ignored the question on several occaisons. I'm fairly sure that I remember Taher saying at the W3C security meeting that they intend to do this, and that hardcoding the CA's into the library was as quick hack. I also have the impression that they don't know how to do it, but my recollection is fuzzier there. /r$ From dorab at twinsun.com Fri Aug 18 10:54:34 1995 From: dorab at twinsun.com (Dorab Patel) Date: Fri, 18 Aug 95 10:54:34 PDT Subject: PGP encryption for HTML forms Message-ID: <199508181754.KAA05661@knee.twinsun.com> -----BEGIN PGP SIGNED MESSAGE----- I've developed a simple protocol for encrypting the submission of HTML forms using PGP. I've written up the protocol in an "Internet Draft". We are distributing two reference implementations (with sources --- copyrighted, but freely redistributable). One is a modification to lynx sources to handle this protocol natively. The other is a "helper application" (by Jun Hamano) to do the encryption written in python. You can get the package via anon ftp. ftp://ftp.cs.ucla.edu/pub/sitp.tar.gz Comments welcome. Snarf it before it becomes illegal! -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.2, an Emacs/PGP interface iQCVAwUBMDTTYGnoQvE1ROndAQE5dQP/SWII7eR/eFYWsdU6mOilLZautmtS1rb9 kRcifS02p7WS3N3sY+MRu20uuPmuL+f+5rriYWJWVgd//s3jgegs8HGqmRuxVQdL qMFRmtMB5oUfYkLmTiDebHsksr2YLF+AB8vrBCgXIbgKAcSRF4OStRyXBUeXfZ/3 gp9MiACvXV4= =PxCp -----END PGP SIGNATURE----- From mfroomki at umiami.ir.miami.edu Fri Aug 18 11:23:20 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 18 Aug 95 11:23:20 PDT Subject: SSL challenge -- broken ! In-Reply-To: <199508181629.MAA02496@frankenstein.piermont.com> Message-ID: On Fri, 18 Aug 1995, Perry E. Metzger wrote: > > The credit card market has thin margins? That's news to me. > > Its true. The issuers often end up making most of their money for a actually the NYT reported this week that banks make super-profits on credit cards. economists are not sure why the margins are about 3 times that of other lines of biz. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm From koontz at MasPar.COM Fri Aug 18 11:28:48 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Fri, 18 Aug 95 11:28:48 PDT Subject: Netscape security Message-ID: <9508181832.AA21899@argosy.MasPar.COM> >Now, I can see calling a MasPar a "parallel supercomputer"; another effort >at the SSL challenge got the answer about 2 hours before Damien's did, >and used about 4 days of spare time on the MasPar. Last time I looked, >a MasPar was selling for about $150K, though I don't know how big the one >used on SSL was. At that price, you could have your own for ~$500/day, >and ripping off $2000 on a credit card isn't tough in today's automated world. >Next year - computer time costs half as much. Well, lets put it this way, an MP-2 with 16K processors could attack a 56 bit key about as fast as a 486 could attack a 40 bit key. The next generation MP will be less than an order of magnitude faster, although able to use more processors. An MP2 with 1K processors can do 220K crypt(3)/sec. Now, if it weren't so darned hard to program one for performance... One tends to wonder if there are analytical methods to reduce the search space. From koontz at MasPar.COM Fri Aug 18 11:35:40 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Fri, 18 Aug 95 11:35:40 PDT Subject: Article in Time Magazine Message-ID: <9508181838.AA22012@argosy.MasPar.COM> >In the Time Magazine of this week there is an article about a new way >to make war. Instead of sending bombs, tanks, and soldiers, the >enemies computers and communication networks are attacked by sending >viruses and worms and by using backdoors to sabotage the infra structure. I've been getting flyers from the Armed Forces Communications Electronics Association (AFCEA) for a symposium on information warfare this fall. Parts are classified SECRET NOFORN. (SIGNAL magazine is a good source for basic articles, its the latest rage in the War Colleges) From mfroomki at umiami.ir.miami.edu Fri Aug 18 11:48:07 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 18 Aug 95 11:48:07 PDT Subject: Certificates/Anonymity/Policy/True Names Message-ID: I have a question which is of course purely hypothetical. Suppose you were designing the legal framework that would govern the operation of Certification Authorities (the people who issue certificates vouching for public keys used for digitial signatures), called CAs for short. The CAs will operate in a hierarchical model (not a PGP-web-of-trust model), with a state agency being at the root, and issuing certificates for private CAs. You have decided to allow the private CAs to issue certificates of varying degrees of corroberation so long as the degree of verification used is deducible from the certificate. E.g. a certificate might say "we check the passport"; or "we check driver's license" or "we took blood, hair, fingprint, retinal scan and first-born child". It might even say "we checked nothing". You have also decided that a CA may issue a certificate in the name of a pseudonym, so long as the CA retains information about the True Name. Now the issue arises as to whether one should allow the CA to issue certificates to pseudonyms where it has *no record* of the real identity of the person proffering the key pair. Is there any reason why a person would want such a certificate? In other words, given that the recipient of a digital signature will easily be able to check the value of the certificate (nil), won't the transaction/communication be in all ways identical to one where there was no certificate at all. So is anything of value lost by prohibiting such a certificate? I understand, of course, that in a world where the CA has no duty to check the client's representations, there is a somewhat farcical element to this debate, but this hypothetical problem involves group decision making and groups find themselves debating irrational things. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm From dneal at usis.com Fri Aug 18 11:50:52 1995 From: dneal at usis.com (David Neal) Date: Fri, 18 Aug 95 11:50:52 PDT Subject: SSL challenge -- broken ! In-Reply-To: <412j0b$6em@dhp.com> Message-ID: On 18 Aug 1995, Panzer Boy wrote: > John Pettitt (jpp at software.net) wrote: > : Huh? So you run on 120 workstations worth how much? to steal a credit > : card number worth how much? Get real - there are hundreds of ways > : to get credit card numbers that cost less. > > Has anyone thought about starting up a distributed rc4 cracking web. > Send in your message to a web server form, it will then spawn of requests > to a pool of machines willing to try cracking rc4 for you. Allow anyone > to offer up spare cycles towards the effort. > I suggested that very thing just yesterday in the list, but my message seems to have gone awry. In short, I suggested we use E-Cash payments for cracking efforts. This would establish a reward for participating and an 'exchange rate' for e-cash at the same time. From altitude at cic.net Fri Aug 18 11:53:55 1995 From: altitude at cic.net (Alex Tang) Date: Fri, 18 Aug 95 11:53:55 PDT Subject: Netscape security In-Reply-To: <199508180750.AAA27087@ix4.ix.netcom.com> Message-ID: <199508181852.OAA12523@petrified.cic.net> On Fri Aug 18 03:51:20 1995: you scribbled... > > Mr. Shank - I'm a bit disappointed by your posting about the RC4-40 crack. After following the threads that have gone on after the SSL/RC4 cracking, It seems that we are going about this all wrong. The cypherpunks and Netscape shouldn't be at odds about this event. It would be in everyone's best interest to join forces against the common foe (ITAR), and try to prove to the feds that RC4-40 just plain isn't good enough. For example, if Netscape (or someone else) were to issue a challenge to break an SSL Key as fast as possible, and then the cypherpunks did just that in say...a few hours, it could make a very big statement. It seems that one of the problems with Damien's cracking job was that it was "not sanctioned". Look at the WSJ article, they didn't mention his name...they just called him "a hacker". It shows how public opinion still sees groups like the cypherpunks as just that, a bunch of punks. With some "respected" business on our side, it may make a much bigger impact (better publicity, better leverage, etc.). Maybe i'm just dreaming... ...tango... From adam at bwh.harvard.edu Fri Aug 18 12:00:45 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 18 Aug 95 12:00:45 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: Message-ID: <9508181854.AA02742@joplin.harvard.edu> | I have a question which is of course purely hypothetical. [Description of a certificate with no backing deleted.] | Is there any reason why a person would want such a certificate? In other | words, given that the recipient of a digital signature will easily be | able to check the value of the certificate (nil), won't the | transaction/communication be in all ways identical to one where there was | no certificate at all. So is anything of value lost by prohibiting such | a certificate? I'll turn the question around, and ask, is anything of value gained by prohibiting such a thing? If not, why not let people pay for worthless things, should people so desire? Does the Government have a duty to prevent us from wasting our time or money? On another tack, I'll say, yes, there is something of value lost, and that is the easy creation of pseudonyms. Pseudonyms are useful for the creation of a persistant, although untraceable identity. Having those identities in the certification tree is, I suspect, as good a thing as the CA as a whole. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From adam at bwh.harvard.edu Fri Aug 18 12:02:59 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 18 Aug 95 12:02:59 PDT Subject: Netscape security In-Reply-To: <9508181832.AA21899@argosy.MasPar.COM> Message-ID: <9508181856.AA02769@joplin.harvard.edu> | One tends to wonder if there are analytical methods to reduce the search | space. I suspect that the PRNG used by Netscape navigator might yeild up some clues if someone were to disassemble it. One might see if secret_key_data and public_key_data are derived from the same seeds. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From perry at piermont.com Fri Aug 18 12:03:14 1995 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 18 Aug 95 12:03:14 PDT Subject: SSL challenge -- broken ! In-Reply-To: Message-ID: <199508181902.PAA03032@frankenstein.piermont.com> Michael Froomkin writes: > On Fri, 18 Aug 1995, Perry E. Metzger wrote: > > > The credit card market has thin margins? That's news to me. > > > > Its true. The issuers often end up making most of their money for a > > actually the NYT reported this week that banks make super-profits on > credit cards. economists are not sure why the margins are about 3 times > that of other lines of biz. The overall business is very profitable. The margins on transactions are very thin. Perry From goedel at tezcat.com Fri Aug 18 12:13:17 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Fri, 18 Aug 95 12:13:17 PDT Subject: SSL challenge -- broken ! Message-ID: David Neal wrote: >On 18 Aug 1995, Panzer Boy wrote: >> John Pettitt (jpp at software.net) wrote: >> : Huh? So you run on 120 workstations worth how much? to steal a credit >> : card number worth how much? Get real - there are hundreds of ways >> : to get credit card numbers that cost less. >> >> Has anyone thought about starting up a distributed rc4 cracking web. >> Send in your message to a web server form, it will then spawn of requests >> to a pool of machines willing to try cracking rc4 for you. Allow anyone >> to offer up spare cycles towards the effort. >> > >I suggested that very thing just yesterday in the list, but my message >seems to have gone awry. In short, I suggested we use E-Cash payments >for cracking efforts. This would establish a reward for participating >and an 'exchange rate' for e-cash at the same time. I'd we willing to set up a "crackweb" mailing list, or perhaps a site to register your machine(s) with % available and MIPS ratings. DJK From ic58 at jove.acs.unt.edu Fri Aug 18 12:48:24 1995 From: ic58 at jove.acs.unt.edu (Childers James) Date: Fri, 18 Aug 95 12:48:24 PDT Subject: Cypherpunks' ideal escrow agent Message-ID: I've seen the idea of voluntary key escrow discussed before on this list. (And no, not the government's idea of "voluntary", either.) A question I would raise is this: What would be the ideal setup for an escrow agency? If I were to open up an agency for business, what would be some characteristics you would look for? "Freedom is meaningless unless | ic58 at jove.acs.unt.edu - James Childers you can give to those with whom| No man's freedom is safe you disagree." - Jefferson | while Congress is in session EA 73 53 12 4E 08 27 6C 21 64 28 51 92 0E 7C F7 From anon-remailer at utopia.hacktic.nl Fri Aug 18 13:08:16 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Fri, 18 Aug 95 13:08:16 PDT Subject: Exportable if Escrowed Changes Nothing! Message-ID: <199508181945.VAA26128@utopia.hacktic.nl> Joey Grasty writes: > Governments: can't live with 'em, can't shoot 'em. ^^^^^^^^^^^^^^^ It is precisely this kind of self-defeating pessimism that has allowed the current state of affairs to develop. From meconlen at IntNet.net Fri Aug 18 13:16:51 1995 From: meconlen at IntNet.net (Michael Conlen) Date: Fri, 18 Aug 95 13:16:51 PDT Subject: SSL challenge -- broken ! In-Reply-To: Message-ID: On Fri, 18 Aug 1995, Michael Froomkin wrote: > On Fri, 18 Aug 1995, Perry E. Metzger wrote: > > > The credit card market has thin margins? That's news to me. > > > > Its true. The issuers often end up making most of their money for a > > actually the NYT reported this week that banks make super-profits on > credit cards. economists are not sure why the margins are about 3 times > that of other lines of biz. Thats the business of banking. In any case most business run tight net margins. Over half of the gross margin in Retail Electronics dissapears, and in some markets like Los Angeles, its as low as 6 or 7 percent. The Credit card companys dont have a whole lot to worry about other then public image, and only a few like American Express worrys about this alot. A large portion of phone calls paid for by credit cards are declined for payment. Its the establishment that didnt check the person using the card that looses out. Mail order business take the loss when a computer is carded, beacuse they dont have a signature on hand to back up the charge. The credit card company dosent take the hit at all. American Express is the toughest of all the companys that I have delt with. While I can steal a card in the mail, sign it, and use it, at which case the person who the card was intended for can be held liable for the bill, AmEx requires that teh person who's name is on the card sign for the charge. Basicaly what it comes down to is, card companys and banks dont take the hit unless they want to for public image and customer service. What do they care if their card is being used by someone who shouldnt have it. They can decline payment at will without a signature. I in some ways hope using credit cards on the net takes off, is abused, and people go back to using cash, and checks, and buying things in person. Groove on Dude Michael Conlen meconlen at intnet.net From adam at bwh.harvard.edu Fri Aug 18 13:23:58 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 18 Aug 95 13:23:58 PDT Subject: Cypherpunks' ideal escrow agent In-Reply-To: Message-ID: <9508182017.AA03042@joplin.harvard.edu> | I've seen the idea of voluntary key escrow discussed before on this list. | (And no, not the government's idea of "voluntary", either.) A question I | would raise is this: What would be the ideal setup for an escrow agency? | If I were to open up an agency for business, what would be some | characteristics you would look for? From the top down: I'd want to see a board of directors with several well known, well respected cypherpunks on it. I wouldn't trust 'Joe the cypherpunks' escrow agency any farther than I could throw it, becuase I expect the FBI and NSA will both set them up as stings. I'd want to see it well financed; legal fees will not be small if the KEA is really on my side. A few good technical people involved to make sure that the actual key databases are well encrypted and protected, and that individual keys can be extracted without extracting an entire database. If I was actually going to extract keys, I'd want to see a two or three passphrase extraction procedure, so that theres no single point of bribery/extortion. A nice location in an offshore banking haven. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From mfroomki at umiami.ir.miami.edu Fri Aug 18 13:40:53 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 18 Aug 95 13:40:53 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: <9508181854.AA02742@joplin.harvard.edu> Message-ID: On Fri, 18 Aug 1995, Adam Shostack wrote: > I'll turn the question around, and ask, is anything of value > gained by prohibiting such a thing? If not, why not let people pay > for worthless things, should people so desire? > because you have to pick your fights. If nothing's lost, there are other fish to fry. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm From liberty at gate.net Fri Aug 18 14:24:04 1995 From: liberty at gate.net (Jim Ray) Date: Fri, 18 Aug 95 14:24:04 PDT Subject: Cypherpunks' ideal escrow agent Message-ID: <199508182122.RAA54557@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- James Childers wrote: >I've seen the idea of voluntary key escrow discussed before on this list. >(And no, not the government's idea of "voluntary", either.) A question I >would raise is this: What would be the ideal setup for an escrow agency? >If I were to open up an agency for business, what would be some >characteristics you would look for? Exactly what the government *doesn't* want, I'm afraid... I would want them to honor *only* warrants which involve crimes dealing with at least the possibility of an individual, articulable victim. Despite much hot wind about "terrorism" from the FBI to the contrary, the reason for "GAK" [I liked "FUCKED" better] is to allow prosecuting the tax-and-spend drug war to remain possible. Also, the temptation to ignore any warrant requirement and screen *political* e-mail if a "minor" political party started to gain prominence would be nearly overwhelming to any non-angels with "real-time" decryption capability. Political debates these days are (obviously) won by sound bite, and advisors want to be prepared for a sound "byte" such as "tax-and-spend drug war" [Oops, can't use that one now!] :) flying through cyberspace toward an opponent, just as Reagan was (supposedly) prepared for Carter's lines before their debates. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMDUDZ21lp8bpvW01AQFx0wP/b5c5xTxyGygbTcRJriErK9dD0ahfFXEu SSpqmExn+E+aD6tYNQNEDS50pnT8wOI7IKQjVLGGEZKfmeZRIU7gnT0jttbHV14c QnMGkMsEsVK3R2YkWPGavhPeJwdrwHrvYC/xUFzrtSJHQQ1u7X3LXubjS2vikcVJ mxqfYoUympA= =YEMs -----END PGP SIGNATURE----- Regards, Jim Ray "The important thing is not to stop questioning. Curiosity has its own reason for existing. One cannot help but be in awe when he contemplates the mysteries of eternity, of life, of the marvelous structures of reality. It is enough if one merely tries to comprehend a little of this mystery every day. Never lose a holy curiosity." -- Albert Einstein ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ From tcmay at got.net Fri Aug 18 14:26:28 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 18 Aug 95 14:26:28 PDT Subject: Certificates/Anonymity/Policy/True Names Message-ID: At 6:47 PM 8/18/95, Michael Froomkin wrote: >I have a question which is of course purely hypothetical. > >Suppose you were designing the legal framework that would govern the >operation of Certification Authorities (the people who issue certificates >vouching for public keys used for digitial signatures), called CAs for >short. The CAs will operate in a hierarchical model (not a >PGP-web-of-trust model), with a state agency being at the root, and >issuing certificates for private CAs. I don't see any basis for having a state agency as the root...lots of things that are grounded in law have no origin/connection to the state. But, I'll assume your hypothetical (though I think the assumption that government = root leads down a dangerous path). >You have decided to allow the private CAs to issue certificates of varying >degrees of corroberation so long as the degree of verification used is >deducible from the certificate. E.g. a certificate might say "we check >the passport"; or "we check driver's license" or "we took blood, hair, >fingprint, retinal scan and first-born child". It might even say "we >checked nothing". You have also decided that a CA may issue a certificate >in the name of a pseudonym, so long as the CA retains information about >the True Name. Now the issue arises as to whether one should allow the CA >to issue certificates to pseudonyms where it has *no record* of the real >identity of the person proffering the key pair. It all depends on what the purpose of certification is in the first place, and whether alternative heierarchies of certification exist outside the one that has government as root. For example, I may instantiate many keys for use in experiments, or as agents in a market microworld, and I may "vouch" for them. These "agents" have no True Name, are not persons, but still have varying levels of certification (to me, at least) A company may even have multiple agents. Multiple departments, multiple users, etc. The web-of-trust model, which, loosely phrased, says "I say I believe this is the key of so-and-so, and you can believe me or not. We don't need no steenking badges!" The beauty of this is that any person or program can generate lots and lots of keys, for experiments, agents, etc. Now if it is desired to have the "legal system" mesh with this certification process, the governemnt is still not needed. Contract law suffices. If the Alice Corporation claims the Bob Company signed a document with a fraudulent key )or whatever the scenario might be), then each side can present in a court what the contracts they agreed to said and what the facts were. This happens all the time, though "I am not a lawyer," in disputes about whether a contract was signed properly, about whether the signer had the right authority, etc. And it is apparently not necessary to have the "state" establish itself, for example, as the keeper of signatures. I concede that there is a path back to the legal "is-a-person" status of parties, such as credentials for identity. In cases involving software agents and "virtual persons" (which is where key certification tends to come in), a stipulation can be made that a Real Person is to be involved in the loop. >Is there any reason why a person would want such a certificate? In other >words, given that the recipient of a digital signature will easily be >able to check the value of the certificate (nil), won't the >transaction/communication be in all ways identical to one where there was >no certificate at all. So is anything of value lost by prohibiting such >a certificate? So long as I am not prohibited from getting together with others (on a list like our, in a corporation, with offshore folks, etc.) and setting up our own system--of whatever nature--then I suppose it doesn't matter. But you ask "So is anything of value lost by prohibiting such a certificate?" Well, why prohibit something unless a real and compelling problem exists? it might turn out to be very useful to have certificates even for keys that belong to entities or agents that have no True Name attached to them. I've given some examples, and can think of more. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cman at communities.com Fri Aug 18 14:37:46 1995 From: cman at communities.com (Douglas Barnes) Date: Fri, 18 Aug 95 14:37:46 PDT Subject: Economic Model for Key Cracking Message-ID: So far, list members have mostly presented two points of view on the economics of key cracking: o It's free, since it uses spare CPU cycles o It should be priced at the cost of the dedicated computer hardware needed to do it. Both of these approaches are wrong. The first approach fails because it doesn't scale -- there probably aren't enough people willing to crack lots of keys purely for the research interest, hack value, or the goodness of their heart. At the same time, many people and companies have lots of unused CPU time on their hands. Economically, this CPU time is scrap material -- and there are companies out there that do nothing but buy up scrap equipment for pennies on the dollar. Therefore it should be possible to create a market in spare CPU cycles for tasks like this that require massive parallel computing. An earlier suggestion for bounties on keys (basically the Chinese lottery approach) is a step in this direction. I'd also like to point out that a hacker who can sniff out SSL-encrypted packets on a hacked network is going to be vastly harder to catch than someone who trolls through his or her physical community dumpster diving and bribing clerks. The ability to anonymously gather and decrypt credit card numbers has a vastly lower "cost" in terms of likelyhood of prosecution. If it drops down to under $100 per key, it's probably at a good break-even point to do it wholesale. Certainly the out-of-pocket cost of cracking a 40-bit SSL key is less than that right now for a great many people, even without creating a market. From adam at bwh.harvard.edu Fri Aug 18 14:39:51 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 18 Aug 95 14:39:51 PDT Subject: Netscape security In-Reply-To: <412tij$704@flop.mcom.com> Message-ID: <9508182133.AA03147@joplin.harvard.edu> | > > There is no word as to how to become a KSA. Netscpe has | > >ignored the question on several occaisons. | > | > I'm fairly sure that I remember Taher saying at the W3C security | > meeting that they intend to do this, and that hardcoding the CA's | > into the library was as quick hack. I also have the impression | > that they don't know how to do it, but my recollection is fuzzier there. | | It has been stated publicly several times that we do plan to allow | user configurable certificate authority and server trust. A user | will be able to configure their browser to talk to servers that have | certificates signed by any CA they choose to trust. But I think I can work cheaper than Verisign. What do I have to do to get set up as a KCA today? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From nobody at REPLAY.COM Fri Aug 18 15:06:41 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 18 Aug 95 15:06:41 PDT Subject: WhiSSLing in the Dark Message-ID: <199508182201.AAA27435@utopia.hacktic.nl> Netscape Encrypted Data Cracked Tokyo, Japan, Aug. 18 (NB) -- Two computer users have managed to break Netscape's Secure Sockets Layer (SSL) encryption code in response to a challenge posted to the Internet. But far from scaring people away from using the system for online purchases, the results could reassure people of the safety. In mid July Hal Finney, a US computer user, posted data in an Internet message that he recorded when he sent an order, containing a fake name and credit card details, to Netscape's own computer. Setting a task for the hacking community, he wrote, "The challenge is to break the encryption and recover the name and address info I entered in the form and sent securely to Netscape." Early this week, news came from Damien Doligez, a French computer user, that he had cracked the code and revealed the contents of the message. Several hours later a message from an American team also claimed the same feat, actually cracking it two hours earlier than Doligez. While the results look damaging on the surface, Netscape, and Doligez, pointed out the amount of computer processing power needed to hack just one message and the difficulty in repeating the process. Roseanne Siino of Netscape told Newsbytes, "The real issue is whether this compromises security on the net. He used 120 computers for 8 days just to crack one message." Siino points out that to break into another message would require another eight days at the same 120 workstations and 2 parallel computers. In home computer terms, Doligez guesses a network of about 80 Intel Pentium-based machines would be equivalent to the system he had access to via his workplace, INRIA in Paris, and computers an Ecole Polytechnique and ENS. Netscape estimates the total cost of this computing time at around $10,000, meaning there are many more economical ways of getting credit cards numbers than hacking into Netscape SSL messages. Doligez agrees, writing on his home page: "The technical implications are almost zero. Everybody who understands the technical details knew perfectly well that this was do-able and even easy. You have to understand what happened exactly. I did not break SSL itself. I did only break one SSL session that used the weakest algorithm available in SSL. If I want to break another session, it will cost another 8 days of all my machines." The vulnerability of the encryption system is shown by its international use. The coding system available via Netscape software from the Internet makes use of a 40-bit encryption key. A stronger version, using a 128-bit key, is available to US citizens but restricted from export outside the United States by government regulations. Netscape's Siino explained the US government allows export of the lower security version "because they can break it." There are some hopes that this demonstration will help persuade the US government to lift export restrictions on some harder-to-crack versions of the code. Netscape is currently developing a new Secure Courier code which just encrypts the financial data in the messages using 56-bit keys. Siino explained, "You can export over 40-bit keys for a specific application." The new system should be available early next year. Many companies working on secure transaction systems hope the much more secure 128-bit code version of the system will be available for export eventually. This is said to be almost unbreakable, requiring a trillion times more processing power to crack than the 40-bit version. Internet users can view a copy of the original challenge, access Doligez's home page with details of his result, get copies of the program used to crack the code and read Netscape's response to the news through a special section at Netscape, http://home.netscape.com/newsref/std/key_challenge.html Press contacts : Roseanne Siino, Netscape, +1-415-528-2619 , Internet email roseanne at netscape.com; Damien Doligez, Internet email damien.doligez at inria.fr ; Hal Finney, Internet email hfinney at shell.portal.com) From andrew_loewenstern at il.us.swissbank.com Fri Aug 18 15:21:38 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 18 Aug 95 15:21:38 PDT Subject: Export policy change Message-ID: <9508182218.AA04527@ch1d157nwk> > I will cheerfully escrow keys for 1$ ecash/key. Please be advised, > however, that key storage will be on an old 40M RLL drive on an > 8088 machine, so retrieval may be a bit slow and unreliable....... hey, my escrow service will store your keys on modern equipment... Plus, I don't care you encrypt your key (with still-legal, non-exportable, escrow-free, strong-crypto) before you escrow it. :-) andrew From howard at cs.ualberta.ca Fri Aug 18 15:29:56 1995 From: howard at cs.ualberta.ca (Howard Cheng) Date: Fri, 18 Aug 95 15:29:56 PDT Subject: Economic Model for Key Cracking In-Reply-To: Message-ID: <95Aug18.162938-0600_mdt.13069-7+113@scapa.cs.ualberta.ca> Douglas Barnes wrote: > > At the same time, many people and companies have lots of unused CPU > time on their hands. Economically, this CPU time is scrap material -- > and there are companies out there that do nothing but buy up scrap > equipment for pennies on the dollar. > > Therefore it should be possible to create a market in spare CPU cycles > for tasks like this that require massive parallel computing. An > earlier suggestion for bounties on keys (basically the Chinese lottery > approach) is a step in this direction. > One can set up a workload distributor this way: Distribute work when a request is received. When the final results come back, pay the worker e-cash. We need to make sure that someone did do the work honestly, but I don't know how to check this (other than doing the work yourself to confirm the results, but this defeats the whole point of the system). Perhaps we should require that people buy the work first, and when they report the results, they get the money back + some profits. Assuming everyone is honest, I am sure many people in businesses wouldn't mind making money this way. Most business machines are completely idle/turned off after working hours anyway. Now we just need to convince the business people to help us. Not everyone is honest, and so this may be a bit difficult to do. If I were a business person without much computer knowledge, I probably wouldn't trust someone running programs on my computer. What if the program scans all my business secrets and distributes them world-wide, or what if the program is some sort of a virus? I could get some computer consultants to check the program's source code, but this would be too much trouble. Anyway, I think this would be the attitude of an average business person. Therefore, it will not be very easy to convince a lot of people to donate their spare cycles. Howard -- Howard Cheng e-mail: hcheng at gpu.srv.ualberta.ca University of Alberta howard at cs.ualberta.ca 3rd year Honors Comp. Sci. URL : http://ugweb.cs.ualberta.ca/~hcheng Finger hcheng at amisk.cs.ualberta.ca for PGP public key. Algebraic symbols are used when you do not know what you are talking about. From jya at pipeline.com Fri Aug 18 16:01:35 1995 From: jya at pipeline.com (John Young) Date: Fri, 18 Aug 95 16:01:35 PDT Subject: Netscape security Message-ID: <199508182301.TAA08043@pipe4.nyc.pipeline.com> Responding to msg by altitude at cic.net (Alex Tang) on Fri, 18 Aug 2:52 PM >It seems that one of the problems with Damien's >cracking job was that it was "not sanctioned". Look >at the WSJ article, they didn't mention his >name...they just called him "a hacker". It shows how >public opinion still sees groups like the cypherpunks >as just that, a bunch of punks. > >With some "respected" business on our side, it may make >a much bigger impact (better publicity, better >leverage, etc.). While the WSJ story mentioned no names, other than the esteemed CypherName and our cypheragent who lured the reporter, later stories have given individual credit and amplified the "mainstream" impact of the cabalistic hacker culture crack. This segue may be due to the PR-mad corporations and the LEA's seeking to profit by the drama given to outsiders to get their safety-products approved, to pose themselves as being more devoted to the public weal than the devil- punks (liars or inadverdent truthsayers?). Or, it may just be a more interesting (lucrative) to pump the outsider, hacker aspect. Reporting on hackerdom has been oft used to boost a shrewd wannabe-an-insider's rep in the mainstream -- no names now, you know who they are, most are doing quite well, Zarathrustra bless their complicit Guccioni-success. So, hackers, punks, cypherpunks, up all night, right, watch them come calling for an interview when you misbehave in outrageous and wondrous and techno-magical ways. Gotta get lurid stories to allure the customer/advertiser/voter. Damien, Hal and the SSL-non-anonymous hackers, watch your backs, think of Kevin and his oh-so-admiring, trust-me provocateurs. Just my Time-averse sensor-jigger, sensing threat models. From ab411 at detroit.freenet.org Fri Aug 18 16:13:39 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Fri, 18 Aug 95 16:13:39 PDT Subject: WhiSSLing in the Dark Message-ID: <199508182312.TAA13928@detroit.freenet.org> >Netscape Encrypted Data Cracked > >Tokyo, Japan, Aug. 18 (NB) -- ... > >Many companies working on secure transaction systems hope >the much more secure 128-bit code version of the system >will be available for export eventually. This is said to >be almost unbreakable, requiring a trillion times more >processing power to crack than the 40-bit version. ... Notice how the "over a trillion times more" has devolved into simply "a trillion times more" -- and we all know that the former statement was a gross underestimate, reminiscent of the claim of "over 3 billion combinations" on Ideal's packaging for Rubik's cube. Of course the real reason the media have standardized on trillian for this is that they know it is the biggest number the bulk of their audience is familiar with, and that if they said 3e26 or even "three times ten to the twenty-sixth power" they would snow most of their readers/viewers. (To be fair, I think the WSJ did say 10^26, with a brief explanation of what that meant. I congratulate them for not "talking down" to their readers.) -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From goedel at tezcat.com Fri Aug 18 16:38:02 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Fri, 18 Aug 95 16:38:02 PDT Subject: WhiSSLing in the Dark Message-ID: David R. Conrad wrote: >>Netscape Encrypted Data Cracked >> >>Tokyo, Japan, Aug. 18 (NB) -- ... >> >>Many companies working on secure transaction systems hope >>the much more secure 128-bit code version of the system >>will be available for export eventually. This is said to >>be almost unbreakable, requiring a trillion times more >>processing power to crack than the 40-bit version. ... > >Notice how the "over a trillion times more" has devolved into simply "a >trillion times more" -- and we all know that the former statement was a >gross underestimate, reminiscent of the claim of "over 3 billion >combinations" on Ideal's packaging for Rubik's cube. > >Of course the real reason the media have standardized on trillian for >this is that they know it is the biggest number the bulk of their >audience is familiar with, and that if they said 3e26 or even "three >times ten to the twenty-sixth power" they would snow most of their >readers/viewers. (To be fair, I think the WSJ did say 10^26, with a >brief explanation of what that meant. I congratulate them for not >"talking down" to their readers.) I talked the guy out of using an analogy with physical key length (the kind you stick in a door) and he settled on "10^26" rather than a power of 2. Also, I gave hime the relevant names, e-mail addresses, and URL's, but didn't have any phone numbers. BTW, in the "cryptography experts and hackers and mathematicians" as well as the whole "hacker" slant, smells like an editor. Dietrich J. Kappe | Red Planet http://www.redweb.com/ Red Planet, L.L.C.| "Chess Space" /chess 1-800-RED 0 WEB | "MS Access Products" /cobre Web Publishing | E-mail: RedPlanet at redweb.com From stewarts at ix.netcom.com Fri Aug 18 16:45:16 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 18 Aug 95 16:45:16 PDT Subject: Certificates/Anonymity/Policy/True Names Message-ID: <199508182342.QAA20924@ix7.ix.netcom.com> At 02:47 PM 8/18/95 -0400, Michael Froomkin writes about CAs, and asks why a CA or customer would want a certificate for a pseudonym without any identification or True Name. >given that the recipient of a digital signature will easily be >able to check the value of the certificate (nil), won't the >transaction/communication be in all ways identical to one where there was >no certificate at all. So is anything of value lost by prohibiting such >a certificate? It's useful for a couple of reasons 1) Continuity - For a single transaction, it doesn't make much difference; for multiple transactions/communications it does. If you want to use the nym JohnDoe, and you register with keys.com, you can do repeated transactions (e.g. posting to the net) as JohnDoe/keys.com, and nobody can impersonate you as long as keys.com doesn't allow duplicates. This allows people to build reputations under pseudonyms, and do repeat business or have readers bother to read their postings. Without certification (whether web-based or hierarchy-based), you're stuck with always posting your messages with a given key and hoping people can decide whether they've really got yours or some other JohnDoe. Our local Black Unicorn is this way - few of us know his True Name, but his reputation is established. On the other hand we can't really tell if the many postings by the L-Name are from a single person, a cooperating group, or imposters who decided it would be fun to borrow his reputation for the day. Tim May has occasionally proposed that the key is really all that matters, and that the name tacked onto it is just an untrustable convenience, but I'd say that certification does increase that convenience by adding some trust. 2) Policy-vs-Mechanism - Realistically, there'll be software out there that wants an Official CA-approved certificate to talk to anyone. If nobody's willing to give certificates to nyms, then nyms can't participate. 3) What's your definition of "prohibit"? If you mean "Keys.com decides not to offer the service", they lose the cash they might have made selling certificates to nyms, lose some customer goodwill, but maybe gain an improved reputation in other parts of the market, and JohnDoe can always go to Nyms-R-Us.org and register as JohnDoe32767. If you mean "the government should ban it", I've done enough anarchist ranting about how that sort of thing degrades society :-) However, if you mean "The Certificate Authority Cabal should agree not to offer any certificates without real ID and contractually forbid lower-level certifiers to do it either", well, it's a sad thing for society, but they can do it if they want. You lose the ability to participate as a nym, you lose privacy, you lose the value that you might have gained by transactions with people who wanted to retain their anonymity. RSA does offer personna certificates to unauthenticated people. (Also see my follow-on message about my offer to sign PGP keys for nyms.) 4) Are there negatives about dealing with unattributable pseudonyms? Of course. But you don't have to deal with them, and there will be CAs who don't, and services that refuse to deal with unauthenticated pseudonyms, just as there are on-line services like the Well that allow "unlisted" identifications but do keep track of true names for their users. It would be nice if certification authorities did indicate how much trust they have in the identity of a given key's owner, but markets will take care of that. Thanks; Bill Stewart #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- "The fat man rocks out Hinges fall off Heaven's door "Come on in," says Bill" Wavy Gravy's haiku for Jerry From stewarts at ix.netcom.com Fri Aug 18 16:46:51 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 18 Aug 95 16:46:51 PDT Subject: PGP Certification Service for Pseudonyms Message-ID: <199508182342.QAA20975@ix7.ix.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- Time to stretch some paradigms :-) I've decided to offer a service of certifying PGP keys for Pseudonyms. Normally, it only makes sense to sign PGP keys for people you can trust to really be who they say they are, but this means you can't sign keys for people who want to use pseudonyms, which would be a Good Thing. To try and retain a certain amount of trust in the process, here's my policy for doing so: 0) I only sign pseudonyms with the psuedonym-signing key below, which tries to make it clear how trustable it isn't.. 1) First Come, First Served - The first user of a given name gets it, and the only guarantee I'll make about verification is that I won't sign more than one key with the same name unless the later key is signed by the earlier key. 2) At least for now, keys need to indicate pseudonymity in the name. 3) If you're using a name I recognize, I might check it out with the person I know who uses that name. 3A) If you're claiming to be L.Detweiler, I'll want a fax of your ID :-) Procedures: 1) Requests by email; I will mail a copy of the key to the keyserver and to the address you sent the request from if I can. 2) Price is 1 Digicash e$, or 1 Tacky Token, or a big prime number, or an interesting cypherpunk-related URL (well-known sites only count if it's something new. New code is always interesting!) 3) I'll post interesting payments to http://idiom.com/~wcs/ , and if it's something that takes a while to verify (e.g. I haven't gotten my free stuff from digicash.com yet :-) and your payment bounces, I'll probably post that too :-) Pseudonym John Doe sent me a composite number 897098274398742! Enjoy! Bill ############################################################################ 1024/B57ECBC5 1995/08/18 Bill Stewart Unauthenticated Pseudonym Signing Key PGP-Fingerprint: 70 96 C9 B8 38 05 61 0C A5 30 D0 82 7A 74 16 15 - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7.1 mQCNAzA1FMYAAAEEAKW0NWw3NyyFSuo1tQRbK8hBQDJ8Kdi0VlNqJrxKYcdbMMsW 3Mcy9aqU9Z2o4ZzqFGWVVgXARwBzIK996yL+6tNPeVZQeDa64gmuTc12oYhfocjt AhEv6+f/oEYBiKjhSfoVVuoe8sudFH2e1Q5wjpd8LGZux15gN/nzJsm1fsvFAAUR tEtCaWxsIFN0ZXdhcnQgVW5hdXRoZW50aWNhdGVkIFBzZXVkb255bSBTaWduaW5n IEtleSA8c3Rld2FydHNAaXgubmV0Y29tLmNvbT6JAJQDBRAwNRcy+fMmybV+y8UB AaYjA/iyfRbaYmNrlH81Pig/3c9Co2pPXWXJW4MES/5syRvebZEmbWaXFKpIwXh6 OBT1oKZtN8WfGxENyWcXyyoiOaRR/9tt3c3VqJ98oAgJcB9W217q4NGWiG2X6mlB IQYZ8Lcdl6aX2pftHGbFZ0AR45RKYcIdQOPVC87NLzJYEDxkiQBVAwUQMDUXFHB8 FQG9p6e1AQF/BQH+JROoAsFoo9CmzUfP2c8w8OqfNSlGkZ6gHRsJ6zgzXkJJwQ89 gJcK9HkIFPgec1/HiTmRtLWrqeDB9WVzorTnMokBFQMFEDA1Fi6IHBX3yeGy8QEB GdAH/RknVXw5UDCkEXXrrLUyNBvDpokBb7rarpJQ1SXB+YvvfcMDyotUTyhb5QZi LWOi8OrSeUD0l/LyJjQ01ejMUC3Y5z4KVyKel4E+3CwMWkuJpkoe0AkQ3TUfXqtd AM7H2kC13hXrprQKOAMJMArcHxocP9GkIRKx7URDM7vE6lmaXYEd6i5uFICNNFNM MggRfVTCr8RecP+kAWvbFJQ3ET2/ctP/wzb2uJoXlzFTebAMlh32d4UrQyo2iE1h qSF6G+GKYbtl61OJU0FySAPPV2bO5xVqgsySm9mmjEs7W2l3gyddMallbnE5vFJr 0xSOd/9ZKNfq+0Cxdy7KuW3PobY= =OBBP - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.7.1 iQBVAwUBMDUk2fthU5e7emAFAQEqZwH/ZOGPWCOldIsueBZWbmSAEGcXoUlXqJNS 8DoFNO0W1qs7+2kcKxM55UahdcOdaJe/lTbtf2PLgRmEzkV2mYLSyw== =kpgd -----END PGP SIGNATURE----- #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- "The fat man rocks out Hinges fall off Heaven's door "Come on in," says Bill" Wavy Gravy's haiku for Jerry From stewarts at ix.netcom.com Fri Aug 18 17:13:57 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 18 Aug 95 17:13:57 PDT Subject: PGP Certification Service for Pseudonyms Message-ID: <199508190011.RAA26902@ix7.ix.netcom.com> In my announcement about Pseudonym Signing Service, I forgot to type Rule 4) 4) Any messages requesting signatures for keys must be signed by the key requesting the signature (both the key and the email message need to be signed...) Thanks; Bill #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- "The fat man rocks out Hinges fall off Heaven's door "Come on in," says Bill" Wavy Gravy's haiku for Jerry From monty.harder at famend.com Fri Aug 18 17:40:54 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Fri, 18 Aug 95 17:40:54 PDT Subject: Strong encryption for credit cards only Message-ID: <8AF6450.000300033A.uuout@famend.com> H > There are many aspects to privacy beyond credit card numbers. The bottom "Jane goes to dance class Wednesdays from 4:30 to 5:30. And since Madame Sophia's School of Dance is just a few blocks away from Johnson Elementary, she can walk." tells that pedophile (and we know that the Internet is just =filled= with them, thanks to Marty Rimm's Definitive Study on the subject) exactly where he can lie in wait for his next victim. We need strong crypto to protect The Children! from such threats. Hillary and the rest of the Children's Defense Fund-amentalists should be in the vanguard of this Just Cause. * Encrypted just to pixx off Louis Freeh: mQCNAiqxEn0AAAEEAM0fi4K4+iXI9fV0fz0n --- * Monster at FAmend.Com * From walrus at ans.net Fri Aug 18 17:45:38 1995 From: walrus at ans.net (michael shiplett) Date: Fri, 18 Aug 95 17:45:38 PDT Subject: Sun's buggy MD5? Message-ID: <199508190045.UAA148800@bugsy.aa.ans.net> Here's something fun to do on Solaris 2.3 or 2.4. Notice the similarity among the Solaris md5 output. Anyone know why this is? The Sun service folk weren't able to point me to a Solaris bug-report email address. I had a similar experience looking through www.sun.com. Pointers are welcomed. PROBLEM: A program which uses md5 from a dynamically linked (or loaded) library and the nsl library is loaded before a ``standard'' md5 library will get md5 results different from the rest of the non-Solaris world. NOTES: the non-Solaris md5 files are from RFC 1321. some test output has been deleted as it does not fit nicely on a standard message line. solmd5 seems to give slightly different output on different machines and greatly different output with different compilers the nsl library is required on Solaris 2.4 when using sockets. /usr/include/sys/ppp_chap.h includes a slightly modified---mainly names---version of md5.h. % gcc -o md5 mddriver.c md5c.c % gcc -o solmd5 mddriver.c -lnsl % ./md5 -x MD5 test suite: MD5 ("") = d41d8cd98f00b204e9800998ecf8427e MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661 MD5 ("abc") = 900150983cd24fb0d6963f7d28e17f72 MD5 ("message digest") = f96b697d7cb7938d525a2f31aaf161d0 MD5 ("abcdefghijklmnopqrstuvwxyz") = c3fcd3d76192e4007dfb496cca67e13b MD5 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = d174ab98d277d9f5a5611c2c9f419d9f % ./solmd5 -x MD5 test suite: MD5 ("") = f00001c0effffba8429b59d50529097c MD5 ("a") = f00003c0effffba8aec5fcf4284a8dbe MD5 ("abc") = f00005c0effffba896fc8af8ca60a911 MD5 ("message digest") = f00007c0effffba8f373218f317a9558 MD5 ("abcdefghijklmnopqrstuvwxyz") = f00009c0effffba896b4f24acb3f4738 MD5 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = f0000bc0effffba8cef237a614aa457d michael From mfroomki at umiami.ir.miami.edu Fri Aug 18 18:26:38 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 18 Aug 95 18:26:38 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: <199508182342.QAA20924@ix7.ix.netcom.com> Message-ID: Bill Stewart asks what follows from "prohibit". In the model I am, um, hypothesizing, CAs that play by the rules are entitled to certain safe harbors shielding them from potential liability (e.g. can't be sued if their certificate was used in a transaction that went bad through no fault of theirs). No other behaviour or act is banned, but other, private, alternatives may suffer a coompetitive disadvantage since they would lack the certainty that they could not be sued. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm From mfroomki at umiami.ir.miami.edu Fri Aug 18 18:29:00 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 18 Aug 95 18:29:00 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: Message-ID: Tim May says that having govt == root is a step down the slippery slope. If we say that others can set themselves up as root too, and that web-of-trust is not prohibited, but that CAs which take part in the govt-as-root hierarchy get some advantages (liability caps, primarily), what are the dangers? National ID cards is one possibility (key becomes a functional ID). Others? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm From mfroomki at umiami.ir.miami.edu Fri Aug 18 18:32:03 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 18 Aug 95 18:32:03 PDT Subject: Economic Model for Key Cracking In-Reply-To: <95Aug18.162938-0600_mdt.13069-7+113@scapa.cs.ualberta.ca> Message-ID: Didn't Ross Perot make his fortune by running data processing tasks nights and weekends on machines he leased to other people (all legal)? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm From nobody at REPLAY.COM Fri Aug 18 18:40:09 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 18 Aug 95 18:40:09 PDT Subject: Red Shift Message-ID: <199508190140.DAA01774@utopia.hacktic.nl> Citibank Theft New York (AP) -- Russian computer hackers broke into a Citibank electronic money transfer system and stole more than $10 million before they were caught, according to newly-unsealed court documents. The money was shifted from Citibank to accounts in Finland, Russia, Germany, the Netherlands, the United States, Israel and Switzerland, FBI agent Steven Garfinkel said. Citibank said six people have been arrested in the scheme and that none of its clients lost money. From jgrasty at gate.net Fri Aug 18 18:51:29 1995 From: jgrasty at gate.net (Joey Grasty) Date: Fri, 18 Aug 95 18:51:29 PDT Subject: Exportable if Escrowed Changes Nothing! Message-ID: <199508190150.VAA39657@tequesta.gate.net> Anonymous wrote: > Joey Grasty writes: > > Governments: can't live with 'em, can't shoot 'em. > ^^^^^^^^^^^^^^^ > > It is precisely this kind of self-defeating pessimism that has allowed > the current state of affairs to develop. > > You grossly misinterpreted my remark. I believe that socialist-statism exhibited by the current US gov't is about to crack due to overspending and technology. Whether it will go peacefully or not is another question. I stand ready to defend myself if necessary, but I prefer to kick the statists in the ass by deploying strong encryption. When information can flow, the statists lose. They know that; witness the frantic effort to outlaw encryption. Too late, though. I'm writing code to hasten the end of the statists. Just what are you doing besides hiding behind anonymity? Regards, -- Joey Grasty jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes] jgrasty at pts.mot.com [work -- designing pagers] "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -- John Von Neumann PGP = A7 CC 31 E4 7E A3 36 13 93 F4 C9 06 89 51 F5 A7 From JMKELSEY at delphi.com Fri Aug 18 19:42:20 1995 From: JMKELSEY at delphi.com (JMKELSEY at delphi.com) Date: Fri, 18 Aug 95 19:42:20 PDT Subject: Time-memory tradeoff in SSL's RC4 code? Message-ID: <01HU8H23AHQQ8ZJ4DW@delphi.com> -----BEGIN PGP SIGNED MESSAGE----- >Date: Thu, 17 Aug 1995 08:32:56 -0400 >From: "Perry E. Metzger" >Subject: Re: SSL challenge -- broken ! >It has occured to me that, because the RC4 key crackers spend most of >their time in key setup, you can crack N SSL sessions that you >captured in not substantially more time than it took to crack 1. This >is analagous to the way brute force Unix password file hacking operates. This would work with straight 40-bit keys, but I believe SSL uses 128-bit keys, and then intentionally leaks 88 bits to comply with export requirements, to prevent this kind of attack from working. >Perry --John Kelsey, jmkelsey at delphi.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDVGXUHx57Ag8goBAQFyUQP7B7fhKc8AqpcHnQ09ip5gOfy5QMCtGImB f1Y9lZtAmLFwOIkrfdaL2vCWJKIKc7yg8+FwtmX6Q8yYWH4TdE5eWOGIKSfl5Q8f etVgF2B49T5Lxxb02ah5cHfO8baOqQOTMkvzQ9bj0XVqAItPoPjDTCOAAegwKZ3V 6L+kZQn89lY= =KkAX -----END PGP SIGNATURE----- From JMKELSEY at delphi.com Fri Aug 18 20:04:12 1995 From: JMKELSEY at delphi.com (JMKELSEY at delphi.com) Date: Fri, 18 Aug 95 20:04:12 PDT Subject: Export policy change Message-ID: <01HU8HT0PYIQ8ZJ4DW@delphi.com> -----BEGIN PGP SIGNED MESSAGE----- >Date: Thu, 17 Aug 1995 23:48:01 -0400 >From: Rich Salz >Subject: Export policy change >Just heard on the 11:30pm NPR news update. The Clinton Administration >has changed the crypto export policy. You will now be allowed to >export strong crypto, provided it is a key escrow system. The >reporter (Dan Charles?) said something like anyone can hold the keys, >as long as they will be made avail when presented with a court order. >He also said, US citizens will still be able to use strong crypto >without key escrow internally. Terrorists and drug pushers were given >as "reasons." I think this is an important and somewhat subtle political move on the part of the administration. If they can get at least a few large businesses (the ones who buy into the key-escrow scheme) on their side, by making it in their economic interests for everyone to use escrowed crypto, they will have manufactured some potentially powerful allies in the computer industry. Certainly, once any major company has spent a lot of money to set up a key escrow facility, they will help lobby *against* any easing of the requirement to use escrowed crypto, based simply on self-interest. --John Kelsey, jmkelsey at delphi.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDVGZUHx57Ag8goBAQEutQQAmM/qEIAlLklDRW/FVvLah7vgY6lYcCK/ XToA79tVZNmy+8U/XjS2g6+Ffsc/gQflOdg/ZmewDOQRJ4YI+BzHUjKL5NVDWAUA /4+ySWxcAAEOD23GhS9p/iFN/Gbe0oV9JIQ2HCpPN929VaRl7J+1fWA/ETZkB914 ClJPlXqa1xo= =XefF -----END PGP SIGNATURE----- From JMKELSEY at delphi.com Fri Aug 18 20:04:41 1995 From: JMKELSEY at delphi.com (JMKELSEY at delphi.com) Date: Fri, 18 Aug 95 20:04:41 PDT Subject: Anonymous certificates Message-ID: <01HU8HTP8R4O8ZJ4DW@delphi.com> -----BEGIN PGP SIGNED MESSAGE----- >Date: Fri, 18 Aug 1995 14:47:55 -0400 (EDT) >From: Michael Froomkin >Subject: Certificates/Anonymity/Policy/True Names >Now the issue arises as to whether one should allow the CA >to issue certificates to pseudonyms where it has *no record* of the real >identity of the person proffering the key pair. >Is there any reason why a person would want such a certificate? In other >words, given that the recipient of a digital signature will easily be >able to check the value of the certificate (nil), won't the >transaction/communication be in all ways identical to one where there was >no certificate at all. >So is anything of value lost by prohibiting such >a certificate? There are definitely cases where something is lost by prohibiting that kind of certificate. For example, there may be cases where a certified key gives someone some right that doesn't need any further identification, such as a right to run up $100 in phone bills, or a right to receive a year's subscription to cp-lite. As long as the person has paid for that right, who cares who he or she is? In other words, you may wind up sometimes binding a key to a function, rather than a person. >A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) >Associate Professor of Law | mfroomki at umiami.ir.miami.edu >U. Miami School of Law | >P.O. Box 248087 | It's hot here. And humid. >Coral Gables, FL 33124 USA | --John Kelsey, jmkelsey at delphi.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDVGbUHx57Ag8goBAQHO/AP+IM1YQSXZWaysjDALtOljqUEiyiCBA3EM Wxd8dp0dVrXKEii1Ima/xLHMKY4P0fvwT3oQl4x+mMo+ED2lNHo5GOUhgkE1tOZ8 6JfnUS6+l1Y4r14Aq0eMLljrOKFBDDUxewJTRaz36awWNr9W0tEcnnKv9NwQMU// CCKR6L5fekI= =EI6V -----END PGP SIGNATURE----- From tcmay at got.net Fri Aug 18 20:10:37 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 18 Aug 95 20:10:37 PDT Subject: Certificates/Anonymity/Policy/True Names Message-ID: At 1:26 AM 8/19/95, Michael Froomkin wrote: >Bill Stewart asks what follows from "prohibit". In the model I am, um, >hypothesizing, CAs that play by the rules are entitled to certain safe >harbors shielding them from potential liability (e.g. can't be sued if >their certificate was used in a transaction that went bad through no >fault of theirs). No other behaviour or act is banned, but other, >private, alternatives may suffer a coompetitive disadvantage since they >would lack the certainty that they could not be sued. Then I suggest you use a different word than "prohibit." To many of us, this implies illegality, men with guns, early morning raids, and Janet Reno. You don't seem to mean this. By the way, is this really just an excercise, or are you perchance involved in the goings-on with policy on crypto? (Not making any accusations, just noting that various crypto policy groups are reported to be meeting...the National Research Council thing, the key escrow initiatives, etc.) Encrypting minds want to know. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From grue!blane at eskinews.eskimo.com Fri Aug 18 20:29:55 1995 From: grue!blane at eskinews.eskimo.com (Brian Lane) Date: Fri, 18 Aug 95 20:29:55 PDT Subject: Where is the key cracking farming software? In-Reply-To: <199508180611.CAA11918@bb.hks.net> Message-ID: On Fri, 18 Aug 1995, Lucky Green wrote: > With all the talk about cracking SSL, where is the cracking software? > Sombody just offered me a six Pentium workstation, if I agree to give it a > "real workout". I'd like to be able to say: "Sure, will do." Here's a copy of everything from the webpage explaining the crack. Brian ----------------------------------------------------------------------------- "A little rebellion now and then is a good thing." | PGP Key and .plan -- President Thomas Jefferson | email Subj: blane-info ============================================================================= -------------- next part -------------- A non-text attachment was scrubbed... Name: bin00000.bin Type: application/octet-stream Size: 45344 bytes Desc: "ssl-crack.tar.gz" URL: From tcmay at got.net Fri Aug 18 21:38:55 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 18 Aug 95 21:38:55 PDT Subject: Perot and Scrap Cycles Message-ID: At 1:31 AM 8/19/95, Michael Froomkin wrote: >Didn't Ross Perot make his fortune by running data processing tasks nights >and weekends on machines he leased to other people (all legal)? I hadn't heard this. And until I hear more details, I'm skeptical. (Trivia sidenote: I was in high school in 1970 and met Ross Perot at a shindig in Dallas--his wife picked me up at the airport and drove me to the hotel. He had just that spring lost a billion dollars in a single day, due to a glitch in EDS stock. A billion dollars in 1970 was a lot of money.) Now in 1970 EDS was indeed leasing lots of IBM mainframes to customers, and running them. Also, doing processing jobs. But how many IBM mainframes were idle at night? Not many. This was the day of multimillion dollar mainframes and programmers making $10,000 a year to keep them busy at all times. So, I doubt the machines were idle in the same way our workstations and PCs are largely idle (obviously, machines now cost less $2000-6000, and programmers make 10-20 times that...the tables have turned). I don't discount the possibilty that EDS made a deal on the lease rates. I haven't read up on EDS in this era. I just know that Perot wasn't using "scrap cycles" (to use Doug Barnes' term), because there probably weren't many of them. But I'd like to hear the details. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Fri Aug 18 21:59:48 1995 From: hfinney at shell.portal.com (Hal) Date: Fri, 18 Aug 95 21:59:48 PDT Subject: Vacation Message-ID: <199508190458.VAA16245@jobe.shell.portal.com> Sorry to be bugging out at such an interesting time, but I will be on vacation from Aug 19 through Aug 26. Hope to see a lot of CPs at Crypto - Hal Finney From vznuri at netcom.com Fri Aug 18 22:47:18 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Fri, 18 Aug 95 22:47:18 PDT Subject: NSA into antigravity? Message-ID: <199508190533.WAA14801@netcom16.netcom.com> this apparently involves credible researchers, and it's something that would be pretty bizarre if the NSA is really implicated.. ------- Forwarded Message Date: Fri, 18 Aug 95 18:04:09 -0700 From: Albert Nanomius - ------- Forwarded Message Date: Thu, 17 Aug 1995 17:03:00 -0500 From: "chris (c.) currivan" To: snet-l at world.std.com Subject: NSA and science A post from alt.conspiracy: Francis E. Decstation wrote: > >On July 19, Gerald Ollman and Robert Wayne, two researchers from the >University of Maryland geophysics department were detained in Fort Meade, >Maryland, apparently by agents of the National Security Agency, whilst >taking measurements of the Earth's gravitational field. After 18 hours of >questioning, they were released after being instructed not to discuss the >incident. Their equipment and results were not returned. > >Neither the University nor the NSA has commented on the incident. However, >it is believed that Ollman and Wayne were investigating a slight anomaly >in the Earth's gravitational field centered around Fort Meade. No reason has >been given for their detention. From stewarts at ix.netcom.com Sat Aug 19 01:02:31 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 19 Aug 95 01:02:31 PDT Subject: Economic Model for Key Cracking Message-ID: <199508190800.BAA26793@ix9.ix.netcom.com> At 04:29 PM 8/18/95 -0600, howard at cs.ualberta.ca wrote: > Distribute work when a request is received. > When the final results come back, pay the worker e-cash. > >We need to make sure that someone did do the work honestly, but I don't know >how to check this (other than doing the work yourself to confirm the results, >but this defeats the whole point of the system). For the usual NP-hard problems, including keycracking, checking the answer once you have it is easy - the hard part is finding the answer. Another way to look at it is that most of the work is throwing away the 2**N-1 keys that aren't correct, and if you've got one correct key you don't need to know about the rest (except in special cases where there are multiple keys that work, but usually you don't care about that.) Most people are honest, except Bad Guys. The honesty problem is more serious for negative results - if somebody says "Range N1-N2 doesn't have the key", they could be honest, or they could be a Bad Guy who knows that the key really _is_ in that range and wants to prevent you from searching it, or they could be a scammer who wants to get paid for searching but didn't actually do the work. If people are willing to be paid in lottery-mode (only the person who finds they key gets paid), then honesty's not a problem. Otherwise, only hire honest people (plus Bad Guys), and if they don't find the key after the first sweep, try again (switching off ranges so one Bad Guy doesn't get to lie about the same range twice.) Alternatively, you could do a model where everybody gets paid, but only after the answer is found, which discourages scammers (since they don't get paid if they lie about searching the range that has the real key.) If a Bad Guy lies about the key not being in his range, people do have an incentive to look for it if the first pass fails, and have an incentive to finger him if they do find the key on a later pass. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- "The fat man rocks out Hinges fall off Heaven's door "Come on in," says Bill" Wavy Gravy's haiku for Jerry From stewarts at ix.netcom.com Sat Aug 19 01:02:33 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 19 Aug 95 01:02:33 PDT Subject: Exportable if Escrowed Message-ID: <199508190800.BAA26798@ix9.ix.netcom.com> PGP inherently provides master-key service, which can be used for escrow. On a normal PGP message, there's a session key which the sender knows, and a copy of the session key is provided to the recipient, who can open it on the condition that he has the genuine private key. That's fairly close to _real_ escrow - it's certainly closer than Clipper's Master-Key stuff. (And it has a lot more masters :-) If PGP message-senders want to do so, they can use multiple recipients on a given message, so the key is accessible to a third party trusted by the sender (the legitimate recipient already can give it to trusted parties.) (Typically a sender might use encrypt-to-self to retain the key for later use.) An amusing feature to add to PGP (using the 3.0 toolkits when available) would be a session-key-splitting feature, which uses Shamir M/N sharing or a simple two-way split and encrypts the splits with different people's public keys, so that you could give them to semi-trusted parties. Of course, the Clintonites' proposal of "Well let you use slightly less wimpy encryption in return for GAK" is really offensive - if they've got GAK, it doesn't matter if they keys are 64000 bits long, since they'll have them. Smokescreen. On the other hand, master GAK keys don't fit well into a Web of Trust - you'd essentially have to require that people only send mail to keys that are signed by an escrow service, and people wouldn't always do that if they had a choice - to enforce GAK, you either need to limit the sender's encryption software (unrealistic) or the recipient's decryption software (unrealistic), probably by requiring exportable products to use a specific hierarchical key-service. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- "The fat man rocks out Hinges fall off Heaven's door "Come on in," says Bill" Wavy Gravy's haiku for Jerry From zeus at pinsight.com Sat Aug 19 01:49:29 1995 From: zeus at pinsight.com (J. Kent Hastings) Date: Sat, 19 Aug 95 01:49:29 PDT Subject: NSA's black hole event detector Message-ID: <199508190849.BAA25410@utopia.pinsight.com> -- [ From: J. Kent Hastings * EMC.Ver #2.5.02 ] -- >On July 19, Gerald Ollman and Robert Wayne, two researchers from the >University of Maryland geophysics department were detained in Fort Meade, >Maryland, apparently by agents of the National Security Agency, whilst >taking measurements of the Earth's gravitational field. So, the NSA has a microscopic black hole they're modulating with a fine particle stream, so gravity wave detectors can receive messages through the Earth using hyper-amplified optical data cubes. These messages could not be jammed by e-m waves (OK, terawatts at the receiver maybe). According to Communications Quarterly, such black hole events could arguably support a compressed real-time digital voice channel. This sounds like the "heavy hand" devices in the new Free Space science-fiction anthology. What? You haven't read it? Neither has anyone else, but when it finally comes out you'll get to read my story about blue helmeted Earth Union troops battling a neo-Confederate militia 20 years after the War of Annexation. Nanotech weapons, makeshift missiles, home-brew spacecraft. An important part of a balanced breakfast. Kent -- "Put pages for your business on the World Wide Web, just $5 per month!" J. Kent Hastings -- zeus at pinsight.com -- http://www.pinsight.com/~zeus/ From frissell at panix.com Sat Aug 19 03:40:26 1995 From: frissell at panix.com (Duncan Frissell) Date: Sat, 19 Aug 95 03:40:26 PDT Subject: So, NSA can break 64-bit keys Message-ID: <199508191040.GAA20763@panix.com> The WSJ article on Clipper II (The Next Day) was the best one. Particularly this line: "Clint Brooks, a technical advisor with the NSA [said] that continued [64-bit] limits [on key length] were needed because officials were "uneasy" about the possibility that software could be altered so that the key would no longer be accessible to law-enforcement officials." This must mean that the Feds figure that by the time this turkey gets around to actually flying (sometime well after the Clinton administration), 64-bit keys will be (are) vulnerable. I guess this means no source code. Are there any software encryption systems that can't be modified after the fact? DCF "Course, the source code could be released after key escrow has occured." From jya at pipeline.com Sat Aug 19 04:36:27 1995 From: jya at pipeline.com (John Young) Date: Sat, 19 Aug 95 04:36:27 PDT Subject: HAQ_kof Message-ID: <199508191136.HAA02404@pipe4.nyc.pipeline.com> 8-19-95. NYPaper: Whitfield Diffie OpEd: "Washington's Computer Insecurity." The Federal Government has refused to allow companies to export strong encryption systems, insisting that cryptography is a military weapon. If the Administration does not fundamentally alter its position, it is likely that our high-tech industries, which sell more than half their products outside the country, will continue to be forced to sell programs with weak security systems. This will pave the way for foreign companies to grab what is expected to become a huge market for properly safeguarded computer communications. "Citibank Fraud Case Raises Computer Security Questions." A $10 million computer fraud against Citibank appeared to be the first successful penetration by a hacker into the systems that transfer trillions of dollars a day around the world's banks. New details of the case were disclosed as a Federal complaint was unsealed in Manhattan. The hackers were accused of breaking into Citibank's cash management system, a network that allows its corporate customers to transfer money to any bank account in the world. Banking experts said similar breakins were bound to occur at a time when more powerful personal computers are available. Since the break-in, Citibank has required customers to use an electronic device, that creates a new password for every transfer. Two: HAQ_kof (11kb) From marks at evitech.fi Sat Aug 19 07:08:03 1995 From: marks at evitech.fi (Markku-Juhani Saarinen) Date: Sat, 19 Aug 95 07:08:03 PDT Subject: Eudora/Trumpet encryption (stupid, solved here) In-Reply-To: Message-ID: On Wed, 16 Aug 1995, Sean A. Walberg wrote: > I'm a crypto newbie here, but does anybody know how Trumpet Winsock > and/or Eudora encrypt the passwords in their .ini files? I am trying to > write a front end for a client and would rather it set up automatically > rather than the program ask. > It's not xor. It's wrap-around addition. Not much better than rot-13 :) I broke it for my friend just a couple of days back, but it seems like he has deleted the source I wrote at his place (crytoanalysis and writing the 4-line c-source took about 20 minutes, total). Besides the key (the one used in encryption of the password) may be different in different versions and licences of these programs. Here's what you'll have to do to get the built-in key: 1. set password to 00000000, for example, and see what it encrypts into. 2. now substract 0x30 (ascii 0) from every character of the encrypted password. congratulations, you have the key! :) Now you can pretty much figure out how to decrypt any password. Note: Encrypted characters are in the range 32..127. First perform a logical and with 0x7f. If the result is smaller than 32, add 32. - mark From hfinney at shell.portal.com Sat Aug 19 08:28:19 1995 From: hfinney at shell.portal.com (Hal) Date: Sat, 19 Aug 95 08:28:19 PDT Subject: SSL Challenge #2 Message-ID: <199508191525.IAA16924@jobe.shell.portal.com> OK, here is another "SSL challenge" for your cracking pleasure. I hope this time people will be able to put together more of a group effort to show how large numbers of less powerful machines can crack these keys. I am leaving for a week in the Colorado mountains in a few hours so I don't have time now to format this nicely. However the necessary information should all be here. This one includes a fake credit card number as well as other fake information. As with the earlier challenge, this is all data I created myself and captured using the actual Macintosh Netscape browser. Note that the breakdown by messages is based on the packetizing done in the TCP communication. There may not be an exact correspondence between these packet breakpoints and the "logical packets" used in the SSL transaction. Particularly for the long sequence of packets which come back from the server towards the end (because it rejected the transaction so is re-sending the form data, I think) you will need to check the SSL length fields to see where the SSL packets start and end. I am not sure why there is so much data sent from the server at the end, but whomever cracks it can presumably find out. Good luck! August 19, 1995 Hal Finney First message from client 0x80 0x1c 0x01 0x00 0x02 0x00 0x03 0x00 0x00 0x00 0x10 0x02 0x00 0x80 0x07 0xea 0x7b 0x9d 0x65 0xeb 0x61 0xfa 0xbb 0x41 0x74 0xe8 0x45 0x3a 0x5f 0xc6 first message from server 0x82 0x14 0x04 0x00 0x01 0x00 0x02 0x01 0xf6 0x00 0x03 0x00 0x10 0x30 0x82 0x01 0xf2 0x30 0x82 0x01 0x5b 0x02 0x02 0x01 0x8a 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x04 0x05 0x00 0x30 0x47 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x06 0x13 0x02 0x55 0x53 0x31 0x10 0x30 0x0e 0x06 0x03 0x55 0x04 0x0b 0x13 0x07 0x54 0x65 0x73 0x74 0x20 0x43 0x41 0x31 0x26 0x30 0x24 0x06 0x03 0x55 0x04 0x0a 0x13 0x1d 0x4e 0x65 0x74 0x73 0x63 0x61 0x70 0x65 0x20 0x43 0x6f 0x6d 0x6d 0x75 0x6e 0x69 0x63 0x61 0x74 0x69 0x6f 0x6e 0x73 0x20 0x43 0x6f 0x72 0x70 0x2e 0x30 0x1e 0x17 0x0d 0x39 0x35 0x30 0x37 0x31 0x31 0x32 0x32 0x34 0x31 0x34 0x35 0x5a 0x17 0x0d 0x39 0x37 0x30 0x37 0x31 0x30 0x32 0x32 0x34 0x31 0x34 0x35 0x5a 0x30 0x7f 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x06 0x13 0x02 0x55 0x53 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x08 0x13 0x02 0x43 0x41 0x31 0x16 0x30 0x14 0x06 0x03 0x55 0x04 0x07 0x13 0x0d 0x4d 0x6f 0x75 0x6e 0x74 0x61 0x69 0x6e 0x20 0x56 0x69 0x65 0x77 0x31 0x26 0x30 0x24 0x06 0x03 0x55 0x04 0x0a 0x13 0x1d 0x4e 0x65 0x74 0x73 0x63 0x61 0x70 0x65 0x20 0x43 0x6f 0x6d 0x6d 0x75 0x6e 0x69 0x63 0x61 0x74 0x69 0x6f 0x6e 0x73 0x20 0x43 0x6f 0x72 0x70 0x2e 0x31 0x23 0x30 0x21 0x06 0x03 0x55 0x04 0x03 0x13 0x1a 0x45 0x2d 0x53 0x74 0x6f 0x72 0x65 0x20 0x54 0x72 0x61 0x6e 0x73 0x61 0x63 0x74 0x69 0x6f 0x6e 0x20 0x53 0x65 0x72 0x76 0x65 0x72 0x30 0x5c 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x01 0x05 0x00 0x03 0x4b 0x00 0x30 0x48 0x02 0x41 0x00 0xc7 0x24 0x0d 0xbd 0xfe 0x5f 0x21 0x09 0xb4 0x46 0x12 0xbb 0xc7 0x4c 0xbc 0x0c 0x98 0xe3 0x11 0x19 0x60 0x85 0x86 0x0a 0xa2 0xaf 0xae 0x8f 0xf9 0x43 0x86 0x92 0x1f 0xcc 0xd3 0x38 0xcf 0x92 0x14 0xa7 0x8c 0x89 0x07 0x26 0xd4 0x21 0x55 0xa8 0x43 0x2d 0xb4 0xec 0xce 0x24 0x73 0x5e 0x7c 0xe2 0xbe 0x22 0x2d 0xbd 0x96 0xbf 0x02 0x03 0x01 0x00 0x01 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x04 0x05 0x00 0x03 0x81 0x81 0x00 0x8f 0xbe 0x0c 0xae 0xc8 0xf0 0x22 0xef 0xae 0x83 0xb5 0xb1 0xe3 0xb4 0xd9 0xd6 0xa9 0x4a 0xb6 0x60 0x9c 0x0b 0x00 0x70 0x12 0x88 0x73 0xd1 0xef 0xe2 0x54 0xf6 0x3a 0xc7 0xa5 0xbe 0xe1 0xe0 0xdb 0x4d 0x20 0x10 0x3d 0x68 0x7c 0x8d 0xdb 0x16 0xf6 0x67 0xe7 0x1d 0x51 0xbc 0x19 0xa2 0xf6 0xbf 0x6f 0xa4 0x52 0xc7 0x7e 0x50 0x3d 0xb9 0x3e 0x1e 0x67 0xff 0xf6 0xf2 0x5d 0xe7 0x2b 0x7e 0x3a 0x7e 0x6c 0x40 0xb7 0x04 0x9c 0x2c 0x2b 0x89 0x0f 0x8c 0xb5 0x93 0xd8 0xac 0x94 0xe6 0x5f 0x84 0xe8 0x71 0x75 0x9e 0x10 0x6e 0x36 0xe6 0x14 0xfe 0xba 0xf8 0x11 0x71 0x9d 0x74 0x33 0x48 0x74 0xc1 0xba 0xcb 0xff 0x58 0x86 0x8c 0xba 0x9c 0x08 0xad 0xce 0x8a 0x02 0x00 0x80 0xd5 0xe6 0x38 0xd6 0x8c 0xa8 0xa1 0xae 0xca 0x2e 0xf8 0xc8 0xe2 0x96 0x02 0xa4 Second message from client 0x80 0x55 0x02 0x02 0x00 0x80 0x00 0x0b 0x00 0x40 0x00 0x00 0xfb 0xc0 0x09 0x91 0x60 0x10 0xa6 0x15 0x3f 0x8f 0x36 0x5a 0x19 0x06 0x8e 0x58 0xc4 0xfa 0xd0 0x73 0xd4 0x6d 0x20 0x97 0x2f 0x85 0x95 0xb3 0xa5 0x97 0xb5 0xe0 0x63 0x91 0x61 0xb7 0x76 0x3c 0x4e 0x62 0x8b 0x02 0x2b 0x05 0x98 0xd4 0x14 0x44 0x63 0xf3 0x43 0x7e 0xa0 0xa8 0x3f 0x16 0xb2 0x43 0x4b 0x24 0x76 0xae 0xba 0x8c 0x89 0x71 0xde 0x25 0x6b 0xce 0x89 0x77 0x8a 0x30 0x2a Second message from server 0x80 0x21 0x9a 0xc5 0xf7 0xd1 0x6a 0x5b 0x26 0x43 0x57 0x67 0x65 0xb6 0x3f 0x9a 0xe3 0x82 0x00 0x65 0x99 0xb6 0xd2 0xf2 0xa7 0x36 0xa0 0x7d 0xd9 0x94 0xcf 0xe2 0x33 0xb2 0x1b Third message from server 0x80 0x21 0x38 0x4f 0x4d 0x99 0x31 0x33 0xc9 0x72 0x0f 0xf9 0xb7 0x7f 0xd4 0x02 0x4b 0x4a 0x3b 0xdb 0x4f 0xc9 0x04 0xa4 0x09 0xd1 0x04 0xbe 0xee 0xb0 0xe6 0xed 0x7f 0x18 0x17 Third message from client 0x80 0x21 0x98 0xdb 0x86 0xf2 0xe0 0x67 0x8a 0x2f 0x04 0x5b 0xf3 0xf0 0x78 0xe1 0x96 0x83 0x34 0x38 0x2f 0x22 0x45 0x61 0xa0 0xac 0x7d 0x9f 0xa8 0xcc 0x16 0xec 0xd7 0x33 0xb9 Fourth message from client 0x83 0x64 0x05 0x8e 0x95 0x38 0x40 0xca 0x91 0xb7 0x6f 0xc5 0x48 0x33 0x0c 0xf0 0xde 0x75 0x7d 0x41 0x08 0x23 0xe4 0xd8 0x0c 0x63 0x31 0x20 0x54 0xae 0xd9 0x4f 0x3f 0xc6 0x1c 0xbb 0x55 0xe3 0x6b 0xdd 0x8e 0x10 0x5a 0x40 0x3a 0x01 0xd6 0x35 0x35 0x3b 0x0c 0x5b 0x0f 0x22 0xb2 0x30 0x37 0x00 0x6c 0x3f 0x3f 0xa5 0x80 0x45 0xf8 0xe4 0x8d 0x0d 0x5d 0x4d 0x97 0xc8 0x4d 0xb5 0x23 0x7c 0x26 0xa2 0x63 0xeb 0xbb 0xbb 0x27 0xbd 0x72 0x64 0x18 0x97 0x0f 0x11 0x0c 0x22 0xc6 0x84 0xff 0x26 0x87 0x56 0x41 0x9c 0x48 0x48 0x51 0xc6 0x35 0xe1 0xff 0x85 0xf4 0xf4 0xfb 0x6e 0xba 0xcb 0x4c 0x2a 0xf1 0x18 0x5e 0xa3 0x24 0xb2 0xfd 0xf6 0x33 0x0c 0xc8 0x66 0x90 0x0c 0x80 0x72 0xbe 0x8c 0x2d 0x66 0xff 0xd3 0x11 0x5f 0x3c 0x9d 0x0f 0xe5 0x8a 0x39 0x4b 0x5e 0x05 0xde 0xd7 0x2c 0xfe 0xe7 0x15 0x96 0xbc 0xa8 0x2a 0x45 0x55 0x84 0xb4 0xb7 0xdc 0x6f 0x1b 0x89 0x88 0xd0 0x39 0xd7 0xff 0xad 0x3e 0x54 0x19 0xf8 0x7a 0x46 0x15 0x18 0x2b 0xd5 0x2e 0x69 0x61 0x83 0x4c 0xc1 0x52 0xd2 0x9d 0x22 0xa8 0x75 0x79 0x7b 0x95 0xf6 0x1d 0xf8 0xab 0x9f 0xf2 0xf5 0xf1 0xb7 0x42 0x2e 0xf6 0x17 0x43 0xc5 0x36 0x09 0x35 0x4b 0xeb 0xf6 0x39 0x45 0x5f 0xe2 0xdc 0x5c 0xa2 0x2b 0xee 0x1f 0x58 0xac 0xc1 0x92 0x63 0xe7 0xa7 0x5a 0xaf 0x85 0x40 0xbe 0x10 0x9c 0x96 0x18 0xeb 0x01 0xc4 0xb9 0x9f 0x49 0x76 0x04 0xe0 0xe8 0xda 0xcc 0x69 0x12 0x4d 0x2f 0x8f 0x53 0x2a 0xe0 0x07 0x15 0x41 0x4e 0xe8 0x88 0x92 0xdf 0x4e 0x67 0xdf 0xc4 0x42 0xe5 0xcb 0x6d 0x30 0xaf 0x62 0x0e 0xe1 0x4b 0x6c 0x33 0x01 0x6c 0xf6 0x66 0x0b 0xee 0x83 0xdd 0x00 0x7b 0xbb 0xad 0x9b 0x95 0xc0 0x2d 0xa1 0xfd 0x8b 0x41 0x13 0x70 0x87 0x1f 0xd9 0x3a 0x45 0x1b 0xcb 0xec 0x1b 0x61 0x41 0x62 0x50 0x8f 0x64 0xbc 0x8f 0xa9 0x2e 0x14 0x7c 0x75 0xff 0xb6 0x82 0x61 0x10 0x8f 0xad 0x27 0xa5 0x51 0xc6 0x2c 0x45 0x0f 0x52 0x27 0x3b 0x6c 0xb2 0x70 0xfa 0x3e 0x57 0xd9 0x16 0x91 0x0a 0xa5 0xd9 0xe4 0x1d 0xc0 0x7e 0x5f 0x5e 0xae 0x26 0xda 0x36 0x36 0x15 0x91 0x40 0x6c 0x6d 0x4a 0x51 0x9a 0x02 0x54 0x84 0x6b 0x1b 0xd5 0xa3 0xda 0x48 0xea 0x22 0x58 0xad 0xbe 0x65 0x25 0xfd 0x98 0x59 0xbb 0x00 0x06 0x32 0x3f 0xc3 0xfb 0x3a 0xb2 0x91 0x9e 0x25 0x8a 0x73 0x39 0xc1 0xeb 0xac 0x99 0xcf 0x5f 0xef 0x2b 0x57 0x05 0x8c 0x06 0xc5 0xd0 0x48 0x3b 0xad 0xc3 0xdb 0x83 0xdc 0xa0 0x00 0x3b 0xaf 0xfa 0x06 0x6a 0x0c 0xbd 0xe3 0x7a 0xd7 0x7c 0x00 0xcc 0xce 0xd1 0x0f 0xf6 0xc1 0x1a 0xa5 0x58 0x7d 0xa6 0xc4 0x55 0x2e 0xc2 0x7d 0x26 0x61 0x7e 0x8c 0x3a 0x9e 0xd6 0xb2 0x16 0xa9 0x39 0x6f 0x55 0x47 0x4c 0x67 0x5d 0x6b 0xc7 0xea 0xcc 0xde 0x17 0x5d 0x22 0x1d 0x0f 0xba 0x66 0x0e 0x9e 0x2b 0x6f 0x75 0xe7 0x1b 0x7a 0x86 0xbb 0x7f 0x6c 0x5b 0xa0 0x7b 0xe4 0xcb 0x55 0x8b 0xe2 0x38 0xf2 0x86 0x24 0x77 0xc2 0x8b 0x80 0xb3 0xb8 0xb7 0x1e 0x29 0x1f 0x3e 0x63 0xee 0x39 0x4f 0x4f 0x48 0x2a 0x9b 0xd2 0xcc 0xe4 0xaa 0xdd 0x73 0x5a 0x6e 0xd3 0x2d 0xb0 0x4f 0xe6 0xf1 0xc3 0xd9 0x5b 0xee 0xb6 0xfe 0xd4 0x92 0x37 0x5d 0xa6 0x5a 0xe3 0x11 0x71 0x76 0x0a 0x8b 0x9a 0xeb 0xe3 0x13 0x38 0x30 0x70 0x56 0x80 0x81 0xb3 0x16 0xbd 0x66 0xd5 0x86 0x6b 0xc9 0xbd 0xd8 0x47 0x8e 0x72 0x67 0x56 0xcc 0xce 0xc0 0x14 0x00 0xab 0xc4 0x9f 0x0a 0x75 0xf1 0x1c 0x5b 0x5b 0xa6 0xaf 0x52 0x01 0xe6 0xb1 0xe9 0x24 0x10 0x9f 0x60 0xf7 0xbb 0xed 0x25 0x62 0xb6 0x3f 0x23 0x93 0xd0 0x3b 0x12 0xb6 0x03 0x33 0x7a 0xa2 0xc6 0x74 0x1b 0x6d 0x82 0x47 0x67 0x2d 0x72 0x18 0x7e 0x23 0xff 0x44 0x17 0x13 0x57 0x61 0x0d 0xb9 0xa5 0x49 0x57 0xae 0xaf 0xd2 0xf2 0xf4 0xf3 0xb9 0x42 0xf2 0x31 0xc7 0xff 0x18 0xda 0x69 0x03 0xc3 0xdf 0xae 0xe8 0xcb 0x5c 0x6c 0x25 0xd5 0xcb 0xb5 0xd3 0x82 0xdc 0x04 0xb2 0x4f 0x74 0x44 0xa8 0x80 0xe3 0x38 0x5b 0xee 0xf5 0x98 0x9e 0x32 0x33 0x19 0x96 0xf5 0xfe 0xc5 0xf5 0x12 0xab 0xf7 0x02 0xfd 0x2a 0xe6 0x0b 0xf8 0xf0 0x1f 0xce 0x72 0x49 0x07 0x49 0x3d 0xd5 0xe7 0x04 0x80 0x3a 0x5f 0xfa 0x40 0xc7 0x7f 0x02 0x2c 0xfb 0x6e 0x6d 0x9b 0x5f 0x5c 0x2e 0x3d 0xc0 0x88 0x88 0xcd 0x70 0xc0 0xd4 0xfa 0x42 0xf3 0x76 0x8f 0xa8 0x5a 0x1f 0xa6 0x65 0x33 0x51 0x3f 0xe9 0x06 0xa7 0x5c 0xf3 0x87 0xce 0x78 0xe8 0x98 0x3f 0x83 0x4e 0x97 0x44 0x12 0x43 0x61 0xc9 0x9d 0x5e 0x19 0xba 0x87 0x06 0x26 0x07 0xe1 0x0c 0xb5 0x07 0xad 0x26 0x92 0xa6 0x3b 0x93 0x94 0xd2 0x36 0x7c 0x73 0x7f 0xf8 0xdf 0x05 0x0a 0x18 0x30 0xef 0xf5 0x77 0xfa 0xab 0x09 0x71 0x48 0xc1 0xc2 0x7c 0x28 0xf9 0x1c 0x78 0x05 0x12 0xde 0x51 0x83 0xdc 0x8f 0xc9 0x88 0x15 0x60 0x5e 0xb5 0x2d 0x7f 0x65 0x97 0x3e 0xba 0x14 0x06 0x0d 0xcb 0x5a 0x2f 0x0e 0xba 0x92 0x05 0xe0 0xd8 0x87 0xb3 0x38 0x42 0xc3 Fourth message from server: 0x81 0x2b 0xf3 0x4a 0x59 0xff 0xcb 0xd5 0x3b 0x06 0x97 0xc5 0xa9 0xa2 0x3e 0xb7 0x5a 0xc3 0x8b 0xa3 0x71 0xc6 0x86 0x15 0x82 0xb7 0x21 0x0c 0x46 0x2d 0x4e 0x70 0x1b 0x45 0x7b 0xc5 0x7c 0x92 0xe8 0x1f 0x1a 0x3a 0x2e 0xac 0x3b 0xb7 0xb2 0xa9 0x4a 0xca 0x26 0xb6 0x92 0x44 0x1b 0xe2 0xed 0x87 0x4d 0x1d 0x88 0x5d 0xe4 0x3b 0xbc 0x4b 0xc9 0xeb 0xce 0xc3 0x92 0x58 0xef 0x2d 0xf0 0x38 0x18 0xc6 0x52 0x5b 0xa0 0xf9 0x07 0x34 0xf2 0x46 0x92 0x6a 0x29 0xaa 0x4d 0xd8 0xc5 0x71 0x51 0xf9 0x6b 0x89 0x7e 0x3d 0x17 0x33 0x49 0x26 0x09 0xfb 0x57 0xa8 0xac 0x28 0x66 0x77 0xa6 0x9b 0xdc 0xbb 0xa4 0xf7 0x6a 0x2b 0x62 0x81 0x02 0xeb 0xa1 0x6e 0x57 0x13 0xe5 0xd3 0x85 0x9c 0x4c 0xd2 0xe5 0xc4 0x2b 0xe5 0x39 0x75 0xd3 0xe6 0x7a 0x8b 0xc5 0xdf 0x31 0xdf 0x58 0xd0 0xac 0xbf 0xf0 0xad 0x87 0x90 0xba 0x87 0x5f 0x21 0x86 0x6b 0x8e 0x9a 0x9c 0xa9 0x58 0xc6 0xa3 0x15 0x4f 0xec 0xb7 0x6e 0x7c 0xb9 0xb2 0x52 0xf9 0x65 0xc6 0xd5 0x4c 0xab 0x92 0x9a 0x84 0x63 0x8a 0x87 0x71 0xe0 0x39 0xa7 0x43 0xda 0x0e 0xe3 0x40 0x91 0xc9 0x9a 0xb9 0x79 0x0c 0x9e 0xbc 0xdd 0x83 0xf0 0xa2 0xde 0x85 0xb4 0x64 0x24 0x9d 0xdb 0xf0 0xcb 0xbe 0xaf 0x62 0x07 0x04 0x0b 0x08 0x65 0x89 0xc0 0x42 0xda 0x4e 0x2a 0x39 0x2d 0xbc 0xfa 0x8a 0xcc 0xc8 0xff 0x34 0x23 0xea 0x4a 0x41 0x41 0xcd 0x44 0xd3 0xfd 0x93 0x79 0xde 0xf8 0x53 0x7c 0xc5 0x2e 0x1c 0xfe 0xec 0xe5 0x7c 0xde 0x71 0x34 0x69 0xc7 0xf1 0x83 0x64 0x81 0xaa 0x42 0xb6 0xca 0xe2 0xef 0x33 0x7b 0x84 0x68 0x2d 0x49 0x01 0xc7 0xbf 0x85 0xd2 0x50 0x4c 0x1d 0x0b 0xde 0xd6 0xf0 0x31 0x6b 0xe1 Next message from server 0x93 0x52 0xc4 0x98 0xf3 0xf1 0xe7 0x1f 0x84 0x75 0xd0 0x26 0x24 0x69 0xc6 0xc4 0x16 0x7d 0x85 0xd8 0x16 0xb5 0x26 0x46 0xcc 0x51 0x24 0xcb 0xfb 0x22 0x09 0xa3 0x72 0x67 0x54 0x7f 0xf3 0xdb 0x85 0x10 0x02 0x34 0x7b 0x47 0x06 0x6e 0xf8 0xc9 0xd7 0xc4 0xf9 0xe1 0xe8 0x96 0x2f 0x19 0x0e 0x6d 0x61 0xf2 0x9c 0x4b 0xbc 0x89 0x1c 0xa8 0xd8 0x47 0x33 0xf6 0x15 0xf2 0x76 0xc1 0x5b 0x87 0xb6 0x82 0xe5 0x48 0x43 0x92 0x02 0x21 0x46 0xec 0xa3 0xd0 0x28 0xdc 0xce 0x7b 0x63 0x05 0x7f 0xd2 0xe1 0x92 0x99 0x76 0xbb 0x40 0xb5 0x07 0x15 0x20 0x73 0x59 0xe9 0xc5 0x0a 0x6f 0x40 0x48 0x91 0x88 0x2c 0x63 0x6a 0x46 0x0d 0x1a 0x5a 0xa0 0xc5 0x36 0xd1 0x47 0x66 0x82 0x87 0x0b 0x98 0x95 0xb9 0xa2 0xf9 0x73 0x9d 0x6d 0xfd 0x84 0x25 0x1a 0x1d 0x93 0xc1 0x18 0xd0 0x72 0xb2 0x90 0xc7 0x72 0x2f 0xf7 0x1b 0x6a 0xaf 0x1f 0xbf 0x05 0xcb 0xda 0x6a 0x31 0xff 0xcf 0xfb 0x30 0x89 0xdd 0xba 0xe9 0x7f 0x6b 0xbc 0x4c 0xbd 0x6c 0x63 0x0e 0x7b 0x2b 0x2f 0x90 0xe9 0x09 0x24 0xde 0xc6 0x97 0x3f 0x19 0x2e 0x1f 0x4c 0x4a 0xe9 0xf6 0x3d 0xf3 0x01 0xba 0x28 0xaf 0xfc 0x19 0xb7 0x96 0xb8 0x8d 0xfa 0x74 0xc8 0x62 0xe0 0x7a 0xae 0xe9 0xad 0x73 0x8c 0xa1 0x56 0xb8 0xbc 0x88 0x57 0x00 0xcd 0x5b 0x96 0x09 0xfc 0x1b 0xf7 0xef 0xf1 0x0c 0x68 0xee 0x7d 0x71 0x06 0x2d 0xd9 0x5c 0xdd 0x89 0x39 0x83 0x99 0x39 0x59 0x7a 0x47 0xfe 0xd5 0xb0 0xa2 0xdb 0x2f 0x92 0x9a 0xf6 0xff 0x8d 0xe4 0x45 0x69 0xbf 0xdb 0x87 0x08 0x0f 0x23 0x28 0xb2 0xe6 0x95 0x37 0xf6 0xd6 0x8d 0xb9 0x82 0x38 0x7c 0x5d 0xd2 0x96 0xae 0x24 0xf4 0xe4 0xaa 0xf4 0x01 0xb8 0x10 0x88 0xc4 0x5a 0x9e 0xa3 0x72 0x22 0xc1 0xb5 0x11 0x65 0x69 0x92 0xfe 0x1c 0xdb 0x3e 0xdd 0xc7 0x72 0x6c 0xf6 0xe4 0x55 0xbe 0xb5 0x4b 0x3c 0x2e 0xb0 0x1c 0x62 0xd5 0x03 0x19 0xb3 0xc3 0x42 0xbe 0xf2 0x8a 0xaa 0xdc 0xb2 0xc8 0x86 0x3f 0x11 0x56 0xc0 0x7b 0x6c 0x64 0xdf 0x83 0xb1 0x71 0xa2 0x51 0xd7 0x81 0x0e 0xac 0x0f 0x65 0x3d 0x46 0xbe 0x4d 0x58 0x26 0x44 0x92 0xd0 0x65 0x2f 0xf7 0x00 0xbb 0xe0 0x39 0x95 0xac 0xb8 0xd5 0xb6 0x7a 0x02 0xf1 0xb5 0x18 0xc0 0xa3 0x62 0x79 0xee 0xe4 0x7e 0x4f 0x4b 0xa0 0x42 0x25 0x13 0xfd 0x97 0x8a 0x6b 0x57 0x79 0xc5 0x9c 0x0a 0xb0 0x04 0xcb 0x8f 0x84 0x24 0xd6 0x64 0x0d 0x46 0x0c 0x7f 0x72 0x54 0x66 0x75 0xbc 0x0d 0x3d 0x32 0xc8 0x20 0xad 0x62 0xf8 0xac 0xce 0x48 0xbc 0x82 0x14 0x36 0x49 0x5a 0x31 0x55 0x31 0x5b 0xa6 0xd8 0xfa 0xf9 0x27 0x8a 0x8a 0xf7 0x7b 0x3e 0xb6 0x19 0xbd 0xed 0xd1 0x55 0x2d 0x19 0xb0 0xf3 0x7d 0xb9 0xa8 0xd5 0x9f 0x2e 0x90 0xb1 0xcb 0xd7 0xbd 0x03 0x39 0xd8 0x1a 0x62 0x40 0xfd 0x1a 0xf0 0xca 0x63 0x70 0x0a 0x5a 0x60 0xc9 0xa1 0x5d 0x5c 0x4b 0x07 0x6d 0xcd 0xba 0xaa 0x2a 0xe7 0xbb 0xa5 0x8c 0x5e 0x56 0x54 0x2e 0x41 0xe3 0x86 0xa3 0x2e 0xeb 0x17 0x8f 0xb2 0x9c 0xca 0x68 0x08 0x07 0x05 0x83 0x4f 0x7c 0x4f Next message from server 0xb6 0xe3 0x4b 0x09 0xfd 0x73 0x6c 0xc0 0x95 0xbd 0x3c 0xee 0x82 0x06 0x48 0x01 0x39 0x3c 0xc5 0x06 0xc4 0x9d 0x0a 0x2c 0x68 0xe9 0x98 0x19 0x83 0xcb 0xd3 0x9f 0xd0 0x7c 0x7e 0x60 0xeb 0x37 0x0c 0x7d 0xfa 0xd6 0xe8 0x70 0x1c 0xbf 0xb8 0x90 0x68 0x23 0x4f 0x99 0x33 0xdf 0x10 0xfd 0x08 0x7b 0x93 0xe5 0xe8 0x74 0x39 0xd7 0xa9 0x3b 0xc6 0x99 0xae 0xcf 0x23 0xfb 0xea 0x80 0x9a 0xfe 0x88 0x32 0x4e 0x61 0x2b 0xfa 0x4c 0x01 0x73 0xdb 0xc4 0x77 0x6a 0xff 0x5b 0x73 0x31 0x4e 0xdc 0x7b 0x54 0xc5 0x58 0xa2 0x81 0xcb 0x49 0x5f 0x34 0x9d 0xf6 0xea 0x71 0x74 0x48 0x0c 0xf7 0xc0 0xa7 0x1a 0x38 0x1a 0x1f 0xf1 0x40 0x29 0x54 0xd3 0x50 0x8f 0xd7 0xec 0xa9 0x17 0x83 0xb4 0x85 0xeb 0xb1 0x32 0xc7 0xa5 0xda 0xb1 0xe8 0x61 0x97 0x2e 0x59 0xd3 0xf0 0x28 0x86 0x3a 0x18 0xd7 0x65 0xd5 0xdf 0x87 0xa1 0x7c 0xef 0x35 0x51 0xf2 0xcb 0xbe 0x58 0xb3 0x39 0xa7 0xd6 0x74 0xdd 0xc8 0xa4 0xf7 0x94 0xe0 0xdf 0xbc 0x9a 0x97 0x75 0x32 0xc6 0x2c 0xe3 0x41 0x93 0x3b 0xa1 0xf4 0xa9 0xc6 0x8f 0x30 0xc8 0xdc 0x54 0x23 0xc7 0x6e 0x4d 0x3e 0x83 0xcd 0xbe 0x53 0x9c 0xa8 0x31 0x7c 0x21 0x17 0x58 0xad 0x88 0x75 0x59 0x21 0xd3 0x63 0x2a 0xcb 0x11 0x5b 0xff 0x32 0x1a 0x10 0x1c 0x43 0xd7 0x12 0x09 0x2b 0xff 0xb9 0xa1 0x6c 0x87 0xda 0xb9 0x3a 0x2e 0xc6 0xfa 0x8d 0x8e 0x2c 0xc9 0xab 0x1c 0xad 0x21 0xf2 0xc1 0xe6 0x11 0x63 0x68 0x89 0xad 0x29 0x1f 0x42 0xed 0x39 0x79 0x88 0x58 0x4c 0xd0 0xc7 0x65 0xdf 0x9d 0x10 0xc2 0x91 0xd1 0x67 0xf0 0x48 0x19 0x88 0x14 0xbe 0xf4 0x88 0xb1 0xe2 0xde 0x2e 0x84 0x1d 0xcf 0x95 0xd4 0x9c 0xc8 0xa9 0xfa 0xac 0xfc 0xe0 0x5f 0x24 0xd4 0x2a 0xd3 0x44 0x20 0x2d 0x20 0x39 0x43 0x3d 0xd0 0x12 0xe5 0xf3 0xb1 0x22 0x96 0x5d 0xa1 0xa2 0x3c 0xa2 0x28 0xf3 0x87 0x4e 0x13 0xea 0x36 0x77 0xe0 0x65 0xc8 0xba 0x82 0xe7 0xfc 0x3d 0xe6 0x42 0x95 0xf6 0x29 0x78 0x58 0x7e 0x37 0x42 0x7e 0x5f 0x5a 0xaa 0x1c 0x37 0x1a 0x10 0x69 0x5c 0x90 0x4f 0xbe 0xc3 0x19 0xe1 0x6d 0xcc 0xaf 0x30 0x9c 0x75 0x2e 0x8d 0xc5 0x7c 0x14 0x7b 0x7a 0x17 0x87 0xd4 0xdd 0x7e 0xc4 0xc5 0xb6 0x78 0x1a 0x56 0x15 0x51 0xe1 0x7e 0xb3 0x8a 0xad 0x7e 0x9f 0x9d 0x12 0xcd 0x66 0x51 0x0d 0x6f 0x36 0x49 0x34 0x3b 0x1f 0x2e 0x24 0x3d 0x71 0xf2 0xd3 0x65 0x41 0x70 0x82 0x93 0x98 0x21 0x70 0x40 0x6a 0x7c 0x13 0xd5 0x7c 0xe6 0x1b 0x9e 0x67 0x24 0x21 0x1e 0xcb 0x59 0xa1 0xd9 0xe4 0xdf 0x66 0x29 0xd9 0xf3 0x8d 0x8a 0xc6 0x6f 0x34 0xb2 0xaa 0x45 0xe8 0xf6 0x1f 0x59 0x18 0xec 0x15 0xb3 0xe1 0xae 0xe4 0xd2 0x40 0x78 0xb6 0x95 0x2a 0xf4 0xe3 0x41 0x9a 0x4c 0x1c 0xee 0x8b 0x82 0x83 0xb0 0xde 0x47 0x94 0xa2 0x7f 0x0c 0x63 0xd0 0xd2 0x35 0xc1 0x23 0x1f 0x5d 0x4c 0xeb 0x6f 0x74 0xac 0xad 0xb1 0xae 0x4f 0x89 0x8b 0x50 0x4c 0x62 0x7d 0x31 0x01 0xa5 0x0a 0x79 0x2b 0x3f 0x03 0xa0 0x1e 0x4e 0xfc 0x34 0xff 0x09 0xce 0xa0 0x88 0x27 Next message from server: 0x4f 0x8d 0xb9 0xf5 0x24 0xb7 0xeb 0x32 0x12 0x01 0x58 0x88 0x35 0xec 0xc6 0x22 0x75 0x59 0x21 0xe1 0xa9 0x54 0x69 0x19 0x2b 0xc4 0x42 0xb5 0xe5 0x0f 0x8c 0x86 0xb3 0x35 0x7b 0xa2 0x91 0x8e 0x29 0x94 0x4a 0x9d 0xa2 0x1e 0x1a 0x96 0x71 0xbe 0xe7 0x77 0xad 0x5f 0x45 0xf6 0x8a 0x56 0x89 0xf0 0x61 0xdc 0x88 0x9f 0xde 0xc4 0x2e 0x34 0x3a 0x89 0x6d 0x38 0x5f 0xc4 0x99 0x5c 0x4e 0x5f 0x9e 0x44 0xe4 0x10 0x61 0x1e 0x27 0x8d 0x6b 0x0f 0x4c 0x63 0x5f 0x45 0x81 0x23 0x37 0x33 0x8e 0x36 0xd8 0x26 0x79 0x7c 0x20 0xd8 0xc1 0x90 0xd8 0x22 0x47 0x25 0x3b 0x97 0x58 0xa5 0xdd 0xaa 0xdf 0x71 0xdb 0xe7 0x96 0x6c 0x0f 0xb7 0xcb 0x39 0x0f 0x1d 0x59 0x82 0xb4 0xb1 0xf8 0xb7 0x7c 0xcd 0xd9 0xa2 0x93 0x8d 0xc1 0x02 0x37 0x19 0xc8 0xa3 0x65 0x2b 0x99 0x3b 0x0e 0x0b 0x3e 0x4b 0xb7 0x28 0xaf 0xf4 0xac 0xb6 0xfd 0xc6 0x37 0x8d 0x82 0x1a 0x1c 0x68 0xdf 0x09 0x48 0x9b 0x07 0xd7 0x3c 0xdb 0xb3 0x7f 0x01 0xf6 0x10 0xb1 0xb3 0x24 0x71 0xb0 0xc6 0xdb 0x8b 0x1a 0x28 0xc1 0xbb 0x17 0x73 0x1f 0xe7 0xba 0x45 0xa7 0x96 0x70 0xa3 0x7d 0x20 0xfd 0xff 0x37 0xfb 0x7f 0x72 0x7f 0xe5 0x86 0x06 0xde 0x6a 0x62 0xe0 0x70 0x0a 0x61 0x02 0xac 0x87 0xd0 0x52 0x6f 0x70 0xb9 0x17 0x47 0x7b 0x8d 0x9b 0x2d 0xa4 0x1b 0x3a 0x42 0x52 0x7c 0x46 0xdf 0x25 0x42 0x2e 0x65 0x5c 0x13 0x1c 0x42 0x98 0xc0 0x4c 0xf1 0x36 0x2c 0x79 0xb7 0x32 0x66 0xf5 0xb3 0x15 0x3d 0xee 0xf3 0xc8 0xd4 0x7a 0xf9 0xbe 0x5c 0xc2 0x52 0xf8 0xc2 0x2b 0xaf 0x45 0x18 0xde 0xe7 0x52 0xb4 0x66 0x60 0x3b 0x17 0x4f 0x53 0x35 0xa6 0x29 0x5a 0x3d 0x0a 0x6e 0x46 0x8d 0xaf 0x31 0x82 0x96 0x99 0xf2 0x30 0x37 0x53 0x6b 0xf5 0x8e 0x9d 0x76 0x9c 0x52 0x20 0x89 0x67 0x72 0x46 0x1a 0xd3 0x76 0xb9 0x4d 0x87 0xcf 0xd8 0x2f 0x00 0x1b 0x20 0x19 0xa6 0x10 0xc8 0x65 0x44 0x5e 0xab 0x10 0x51 0x14 0xdc 0x16 0xef 0x89 0x28 0xd8 0x5e 0x52 0x02 0xc8 0x62 0xbc 0xad 0x8d 0x65 0x7f 0x0f 0xae 0x75 0x62 0x6c 0xa7 0x40 0x02 0x6c 0x9d 0xd4 0x60 0x60 0x3e 0x78 0x4b 0xbb 0x52 0xfc 0xf4 0x29 0xe0 0xac 0x0f 0x9f 0xd8 0x01 0x5d 0xfb 0x99 0xfa 0xa4 0x7c 0xd1 0x19 0xb9 0xdd 0x56 0xb5 0x93 0xee 0x6d 0x2f 0xf7 0x6e 0xd2 0xc9 0xd8 0xcb 0x32 0x39 0xe0 0xa8 0xa6 0x6f 0x7a 0xc2 0xf3 0xce 0x62 0x7a 0x14 0x46 0xbd 0xad 0xed 0x9f 0x26 0xfb 0x22 0x3b 0x2c 0x29 0x81 0x6b 0x4f 0x8d 0xef 0x99 0x5c 0xb1 0x15 0x09 0xd3 0x27 0x92 0xc6 0x38 0xb2 0x1a 0xb5 0x7b 0x06 0x98 0x70 0x99 0x36 0xb6 0x43 0xc0 0x5a 0x88 0x41 0xe5 0x90 0x66 0x83 0xee 0x29 0xf4 0x51 0xba 0x24 0xdc 0x59 0x56 0x42 0xea 0x4e 0x27 0xf8 0x9b 0x4f 0x66 0x5f 0x12 0xb1 0x46 0x2e 0x5c 0x81 0x34 0xb8 0xf7 0x50 0xd2 0x9d 0xba 0x33 0x09 0x1c 0xdd 0x60 0x46 0x97 0x12 0xe3 0x63 0xad 0xf7 0xfb 0x6e 0x1c 0x2a 0x51 0xc7 0xe7 0xc6 0xbc 0x0f 0x7a 0x3b 0xb2 0xe8 0x2d 0x90 0xcc 0xac 0xa6 0xa5 0x6f 0x38 0x63 0x80 0xf8 0x39 0xf4 Next message from server: 0x88 0x69 0x56 0x44 0xb6 0x32 0xa3 0x81 0xb7 0x64 0x07 0x32 0xe3 0xe3 0x2e 0x76 0x1a 0x1d 0x39 0x82 0x71 0x24 0xf8 0xe9 0xfe 0x94 0xa3 0xa7 0xfc 0xba 0xce 0x6e 0x18 0xe3 0xa9 0x10 0x7a 0x85 0x35 0xc2 0x72 0xe5 0x90 0x07 0x2e 0x18 0xcb 0x3d 0x4b 0xea 0xb4 0xd8 0xe5 0x10 0xc9 0x65 0xa6 0x5a 0x11 0xfa 0x17 0x73 0x36 0xb1 0x7e 0x83 0x3a 0xc7 0x5b 0x16 0x28 0x42 0x4a 0xc9 0x43 0x58 0xd5 0x3a 0x51 0x4b 0xb0 0xf6 0x91 0x58 0xc7 0xaf 0x8e 0x0a 0xae 0x5d 0xcd 0x52 0xb6 0x8f 0xf7 0xa1 0x02 0x8e 0xb8 0x58 0xbd 0xeb 0xff 0x60 0xa0 0xa7 0xe7 0xce 0x59 0x91 0xdd 0x31 0xb9 0x0e 0xf6 0x83 0x82 0x6d 0x17 0x0a 0x62 0x6a 0xcd 0x62 0x38 0x18 0xc5 0x99 0xf3 0x2e 0x35 0x91 0x04 0xef 0xa0 0x10 0x61 0x15 0x77 0x4a 0xef 0xf0 0xd2 0xce 0x27 0xa8 0x6a 0xb0 0xd0 0xea 0x9e 0x18 0x60 0x0b 0x94 0xf7 0xf3 0x49 0x50 0x8d 0x7e 0xf6 0x2b 0x84 0x5a 0x31 0x35 0x82 0x72 0xd9 0x6a 0x24 0x05 0x1e 0xa0 0x34 0xab 0xb1 0x74 0x7f 0x6d 0x50 0x0f 0x58 0x91 0xce 0x86 0x89 0x64 0xa7 0xc4 0xc1 0xd9 0xf3 0x47 0xea 0x4d 0x8b 0x1d 0xe1 0xe4 0xdf 0xba 0x72 0xd1 0x4e 0x52 0x95 0x30 0x5a 0x88 0x76 0xb4 0xc4 0xf4 0x4b 0xbe 0x10 0xca 0x52 0x66 0x02 0x7a 0x15 0x9a 0xd1 0x6e 0x70 0x00 0x24 0x87 0xe3 0x0b 0x6b 0xff 0x6d 0x71 0x7e 0x14 0x88 0x6b 0xf6 0xd8 0x32 0x63 0x53 0x89 0x91 0xe0 0xde 0x58 0x25 0x5e 0x3a 0x9f 0x28 0x38 0x44 0x1b 0x67 0x78 0x76 0x52 0x98 0x3d 0x19 0x25 0x82 0xe5 0x95 0x27 0xe8 0x62 0xac 0x05 0x02 0xcd 0x7b 0x7f 0xf1 0x76 0xff 0x24 0x4e 0x8f 0x50 0x26 0xef 0xfc 0xa4 0x9f 0x65 0x91 0xa5 0x35 0xbb 0x91 0xdc 0xb4 0xaf 0xa8 0x23 0xf7 0x62 0x48 0x14 0xb6 0x38 0x84 0x81 0x48 0x24 0xaa 0x39 0x4c 0x8f 0x1a 0x99 0xd1 0x1e 0xff 0x22 0x43 0x7c 0x1c 0x70 0xdd 0xd9 0x07 0x30 0x8d 0xb5 0xa3 0x26 0xe2 0x10 0xf1 0xa8 0x27 0x1c 0x3e 0x9f 0x17 0xc9 0x9e 0x95 0x10 0xc7 0x7c 0xb4 0x5f 0x54 0xe6 0x60 0x1b 0xe6 0xe6 0xb0 0xe1 0x2e 0x51 0x08 0x1c 0x26 0x31 0xb1 0x93 0xa6 0x9f 0x13 0xac 0xc6 0x3c 0x54 0x97 0xa3 0xc0 0xb8 0x50 0x83 0x32 0xc8 0xc2 0x16 0x43 0x53 0x15 0x4e 0x9f 0x69 0x19 0xec 0x68 0x22 0xf9 0x13 0xb2 0x19 0x48 0xf9 0xd3 0x31 0x92 0x90 0xe4 0x14 0xaf 0xf8 0xd5 0xcd 0x51 0xaf 0xe3 0x5b 0x39 0x42 0x82 0xb1 0x61 0x98 0x73 0x9b 0xa0 0x27 0xdb 0xde 0x1b 0x3a 0x2f 0x8f 0x67 0xd3 0x63 0x17 0x25 0xf7 0x6c 0x78 0x2c 0xd0 0x35 0xa5 0x61 0x68 0x21 0x48 0x51 0x46 0x78 0x29 0x6b 0x6c 0x88 0x6b 0x0e 0x40 0x67 0xb8 0x17 0xfc 0xff 0xdc 0x6f 0x6a 0x5a 0xe6 0x9f 0xcc 0x4b 0x4e 0xe5 0xcc 0x87 0xcf 0x15 0xe4 0x5f 0x27 0xcc 0xd1 0x37 0x77 0xde 0x6e 0xd1 0x21 0x32 0x44 0x41 0xdb 0x0c 0x6f 0xa6 0x7f 0xa8 0xb8 0xc1 0xbd 0xcc 0xa7 0xc0 0x0f 0x64 0x77 0x5f 0x58 0x54 0x1f 0x1e 0x60 0x9f 0x93 0xbf 0x1b 0x6a 0x04 0xe1 0x61 0x16 0xc2 0xc3 0x1c 0xaf 0xf1 0xb5 0x05 0xed 0xba 0x93 0x78 0x05 0xe3 0xae 0x5c 0xfd 0xa9 Next message from server: 0x96 0x58 0x8d 0x06 0xc9 0xae 0x53 0x95 0x00 0x18 0x6f 0xf5 0x0e 0xae 0x74 0xdf 0x7a 0xe0 0xeb 0x0e 0x73 0x4a 0xe0 0x87 0x7b 0x1a 0xd5 0x1b 0x92 0x41 0x16 0x81 0xef 0xc4 0x5b 0x57 0x3a 0x37 0x8d 0xf3 0xd5 0x4b 0xee 0xdb 0x5b 0x79 0xa0 0xb5 0xcd 0x88 0x4d 0x9d 0x17 0x3b 0xae 0xe2 0xf2 0xbd 0x17 0xa2 0x2c 0xf7 0x30 0xb4 0x50 0xed 0xa1 0x5a 0x61 0x50 0x8a 0x9c 0xb4 0xd8 0xd9 0xfa 0x08 0x26 0xa3 0xfc 0x9e 0xcd 0x69 0x2f 0xd2 0x6d 0x47 0x41 0xcf 0x3d 0x83 0xa1 0xe9 0x3d 0x53 0x94 0xf1 0x0d 0xd5 0x10 0x25 0xcb 0x1f 0xaa 0x0b 0x6b 0x17 0x09 0x8f 0x8d 0x37 0x64 0x5b 0x92 0x74 0xed 0x7b 0x58 0x12 0x39 0xf6 0x00 0x68 0x82 0xd3 0x06 0xc6 0xff 0xaf 0xe8 0x49 0x89 0xae 0x10 0x48 0xc2 0x48 0xfd 0x17 0x35 0x4a 0x03 0x89 0x9c 0x25 0x9f 0x05 0xa7 0x73 0x16 0xaf 0xde 0xd9 0x65 0xf2 0xc8 0x25 0x08 0x6e 0x38 0x52 0xc7 0xa0 0xd6 0xf3 0xe7 0xab 0x48 0xa3 0x6c 0x13 0xa0 0x76 0x64 0xee 0x6f 0x3f 0xfd 0x61 0xda 0x1a 0x15 0x20 0xbd 0xa7 0xf9 0x92 0xe5 0xae 0x6e 0x43 0xb4 0xda 0x46 0xdc 0xc5 0x7b 0x12 0x9c 0xb0 0x78 0x55 0x6b 0x69 0x41 0xfd 0xec 0x20 0x25 0x51 0xc6 0xf4 0x4b 0x17 0x24 0x27 0x8a 0x07 0xaa 0x14 0x6a 0x2e 0x67 0x94 0xc3 0xaa 0x16 0x38 0x1c 0x4d 0x57 0x38 0x4a 0x43 0xc6 0x96 0xa3 0x44 0x6a 0xee 0xe2 0x80 0x08 0x36 0xe2 0xf5 0xf8 0x64 0xe5 0x91 0x75 0x81 0xbe 0xbc 0xd0 0x2b 0x59 0x48 0xd9 0x65 0x79 0xa4 0x16 0xc9 0x8f 0xe4 0xb4 0x9d 0xc8 0xaf 0x2d 0xce 0xfa 0xfb 0x36 0x83 0x5c 0xb2 0xd4 0x10 0x2c 0x86 0x1b 0x8d 0x4d 0xdf 0x35 0xcf 0x11 0x77 0x61 0x3c 0x73 0x7d 0xbd 0xf0 0x37 0xcc 0xf0 0x66 0x31 0x69 0x96 0x02 0x10 0x1c 0x9e 0x31 0x6f 0xd2 0x4e 0x7f 0x31 0x8e 0x9e 0x5f 0xec 0x68 0x86 0x48 0xeb 0x46 0x5b 0x37 0x87 0xe0 0xcc 0xa1 0x68 0x6c 0x39 0x11 0x34 0x69 0x5d 0x27 0x0e 0x15 0xa5 0xbe 0xf0 0xdd 0xed 0xce 0x4e 0x33 0x8e 0x43 0x55 0xcf 0x7c 0x15 0x3d 0x6e 0xe4 0x63 0x5c 0x35 0xc3 0x7a 0x3f 0xde 0xa0 0xb3 0xeb 0xa1 0xd7 0x34 0xd5 0x0b 0x3d 0x66 0xc5 0x3a 0x20 0x64 0xaf 0x61 0xcb 0xa1 0x44 0x6c 0x72 0x52 0xbd 0x68 0xbb 0xb1 0x7a 0x3b 0x58 0x47 0x0b 0x85 0x76 0xeb 0x8c 0x78 0xf9 0x16 0xfc 0x87 0x71 0x2e 0x80 0x4e 0xb9 0x99 0x1b 0x3b 0xe1 0x3c 0x47 0xa7 0x39 0x85 0xf2 0x3e 0xdf 0x84 0x19 0xcc 0xaa 0xb4 0xd0 0x2e 0xd2 0x86 0x1c 0x17 0x8a 0xca 0x5d 0x84 0x46 0x0b 0x32 0x46 0x9a 0xf6 0xe2 0x72 0x28 0xcb 0xfb 0x25 0xb7 0xad 0x65 0x84 0x94 0x15 0x5b 0x25 0x2a 0xe1 0x65 0x14 0x01 0x13 0xee 0x2f 0x05 0x6c 0xf8 0xc6 0xf9 0xd1 0x45 0x46 0xac 0xf9 0x08 0x4b 0x79 0xe2 0x73 0xc8 0x7d 0x8c 0x81 0x66 0x54 0xf0 0x76 0x34 0x84 0x30 0xb0 0xf6 0xb3 0x15 0xe0 0x59 0xbc 0x57 0x91 0xea 0xa8 0xaf 0x35 0x5f 0x27 0x28 0x3b 0x58 0xc9 0x8d 0x76 0x00 0xf3 0x10 0xe2 0x33 0x70 0xad 0x5e 0x34 0x9e 0xa9 0x49 0x98 0x06 0xbd 0x57 0xa9 0x79 0x02 0xf7 0xf2 0xf3 0xcc 0xad 0x26 0xa2 0x63 0x4f 0x43 0x12 0xc8 0x51 0xd0 0xac 0xb8 0x51 0xbe 0xeb 0xf0 0x91 0x02 0xef 0xc7 0x68 0x3f 0xbc 0xff 0xf9 0x73 0x39 0xcb 0x56 0x84 0x5b 0xe7 0x28 0x82 0x22 0xf2 0xc3 0x84 0xb8 0x2e 0x12 0xd5 0xd6 0xf6 0x71 0x91 0xac 0x44 0xc2 0xc9 0xab 0xe0 0x4a 0x26 0xe3 0x8b 0x9f 0x1f 0x2f 0x8f 0x45 0x63 0x86 0x9b 0x96 0xb6 0xa7 0xf0 0xcf 0x8a 0x72 0xe3 0x76 0x03 0xeb 0x1b 0x92 0x58 0xcd 0xeb 0xe4 0xa6 0xc6 0xa4 0xbc 0x46 0x26 0x04 0xa2 0x35 0x21 0x8d 0xa7 0xc3 0x06 0x8f 0x38 0x94 0x8b 0x31 0xd3 0xda 0x50 0xa1 0xbd 0xff 0x36 0xad 0x9b 0xf3 0xb5 0xef 0x12 0x8a 0x14 0xfa 0x0a 0xc7 0xf5 0xd9 0xd3 0x33 0xf1 0xa2 0x97 0x18 0x57 0x59 0x1f 0xb8 0xaa 0xcf 0x81 0x76 0x22 0xe8 0x79 0x74 0x0c 0xf2 0x9f 0xb7 0x8d 0x80 0x26 0xfd 0x3c 0xc5 0x94 0xd3 0x39 0x52 0x3d 0xcd 0x4f 0xfa 0xe3 0x11 0xea 0x14 0x7a 0xe2 0xf3 0x42 0xda 0xb0 0x1b 0xa6 0x5e 0xfd 0x45 0xd0 0x93 0x84 0xb0 0xe6 0xd3 0x56 0x4f 0xd8 0x73 0x7d 0x56 0x70 0xa2 0x36 0x91 0xea 0x0c 0xe5 0x43 0x5e 0x07 0x8f 0x30 0x15 0xbe 0x82 0x2e 0xcc 0x5c 0x55 0x62 0x84 0xd3 0x60 0xc8 0xd4 0xd7 0x45 0x2a 0x63 0x40 0x0a 0xaa 0x04 0xd4 0x3a 0xb2 0xb4 0xdc 0x3e 0x12 0xe2 0x81 0x72 0x1f 0xfd 0xde 0xae 0xb7 0xe2 0x10 0x2e 0xf7 0xf6 0xbe 0x7f 0xa3 0x0b 0xc9 0xa3 0x65 0x6e 0xa4 0x4e 0x56 0x3d 0x7c 0x7f 0xea 0x38 0xd1 0x3c 0x2c 0x2e 0xb1 0x21 0xfa 0xd7 0x58 0xb5 0x06 0xdb 0x2b 0xe1 0x6b 0xee 0xa4 0x9b 0x40 0x7e 0x98 0xe4 0x05 0xf2 0x4a 0x24 0x88 0xe6 0xfa 0x23 0x81 0x52 0xc0 0x34 0x68 0x3d 0x72 0xb6 0xa2 0xba 0x49 0x70 0x4e 0x5d 0xcb 0x02 0x86 0x96 0x16 0x04 0x9e 0xb1 0xb6 0x3b 0x12 0x49 0x25 0x83 0x57 0xb6 0x2a 0xc6 0xff 0x07 0xac 0x38 0x58 0x25 0x57 0x19 0x79 0x6c 0x16 0x8a 0x10 0x63 0x42 0x55 0x09 0xcb 0x26 0x6e 0xb7 0x34 0x67 0xef 0x1d 0xff 0x7a 0x7b 0xaa 0x98 0x4a 0xf0 0x50 0x2b 0xe2 0x90 0x7e 0x92 0x83 0x24 0x9a 0x33 0x3f 0x6c 0x80 0x49 0x9c 0x82 0x8c 0x86 0xc3 0x1d 0xc7 0xbc 0x0c 0xee 0x9c 0x3e 0x49 0x9b 0xa3 0xfc 0x62 0x4b 0xd0 0x81 0xd2 0x5e 0x14 0x58 0x8e 0xbd 0x22 0xa3 0x02 0xfc 0x7f 0x48 0xa3 0x34 0xf0 0xbf 0x4b 0x52 0xb9 0x46 0x60 0x8b 0xda 0x1b 0xf8 0xc8 0x3d 0x28 0x9e 0xc6 0xe6 0x97 0x9d 0x78 0x0c 0x86 0x83 0x65 0x33 0xa5 0x51 0x0b 0xdc 0x60 0x27 0x2f 0x3f 0x37 0x1d 0xf5 0x32 0x33 0x76 0xd6 0xa6 0x97 0x0a 0xfc 0x9c 0x29 0xe1 0x67 0xb6 0x3c 0x74 0x57 0x01 0xc1 0xe9 0x69 0x9c 0x79 0xe5 0x75 0xdd 0x7a 0x2b 0x53 0xea 0x87 0x6a 0x94 0x1d 0x8a 0x0c 0x49 0x9a 0x15 0x1f 0x37 0x63 0x1f 0x98 0xc1 0x1c 0x5e 0x90 0x0c 0xae 0xee 0xb7 0x65 0xd3 0x1b 0xf2 0xf5 0x33 0x46 0x2e 0xaf 0x89 0x35 0x01 0x3a 0x8d 0x33 0x6e 0x39 0xd1 0xe7 0xf7 0xec 0x53 0xb9 0xb5 0xfd 0x46 0xbe 0xc7 0xe2 0xec 0x4e 0x7c 0xe3 0xd1 0x7d 0xe4 0xbd 0x8b 0x1e 0x0d 0x9f 0x7b 0xcd 0x5a 0x47 0x0f 0x0a 0x73 0x8c 0x7a 0x2f 0x5e 0xa4 0xf7 0xf7 0x5a 0x96 0x4d 0x7d Next message from server: 0x0e 0x25 0x18 0x58 0xf5 0x3e 0x6d 0x52 0x52 0x22 0xd5 0x42 0xe3 0xd6 0x85 0x3e 0x88 0x81 0x71 0x1a 0xcd 0xa5 0xea 0x0b 0xd9 0x7f 0x70 0x9b 0x0b 0x18 0xb8 0x3e 0x74 0x6c 0x78 0x3b 0x8d 0xbf 0x60 0xaf 0xa9 0x26 0xd0 0x3b 0xcf 0xe8 0x3c 0x7f 0x5c 0xd5 0xcf 0x15 0x48 0xc4 0x9c 0x5d 0xb9 0xe6 0x12 0x4a 0x3d 0xe0 0x14 0x10 0x9e 0x2f 0xcb 0x57 0xf9 0x39 0xb0 0x1e 0x06 0x5b 0x93 0x0c 0x5e 0x24 0xeb 0xab 0x80 0x5d 0x9b 0xe0 0x06 0xc4 0x82 0x5d 0xe3 0xdb 0xdd 0xc2 0x04 0x8a 0x33 0x78 0x8d 0xdd 0xa8 0xd5 0x2f 0xc7 0xbb 0xc3 0xac 0x2b 0x9c 0x1a 0xc0 0x73 0x97 0x7c 0xe4 0x41 0x39 0x72 0xeb 0xa9 0xb4 0x11 0xbd 0xa8 0xc1 0xc2 0xb9 0x73 0x0a 0x56 0x37 0x01 0x79 0x3d 0xc1 0x87 0x3d 0xdf 0x76 0x7e 0xfe 0xd0 0x88 0xc0 0x59 0xe2 0x0e 0x3a 0xda 0xeb 0xed 0xd7 0x38 0x59 0x91 0xe2 0xea 0xe4 0xa2 0x5c 0xc7 0xc2 0x3f 0x68 0x1f 0x61 0xdd 0xcc 0x11 0x58 0x58 0x56 0x03 0xc3 0xab 0x1c 0xad 0xf6 0x65 0xfc 0x66 0x8d 0x3d 0xc5 0x2f 0x28 0x9a 0xab 0xba 0x70 0x6c 0xdc 0x08 0x38 0xac 0x79 0x80 0x42 0x17 0x13 0xa5 0x0b 0x7e 0xb8 0xe3 0x9e 0x5d 0xe0 0x3b 0x27 0x40 0xdf 0x0a 0x52 0x5d 0x18 0x2b 0x13 0x93 0x01 0x18 0xa0 0xfc 0xde 0x24 0x62 0xb8 0x89 0xf9 0xc3 0xe0 0x94 0xf9 0x8a 0x1d 0x55 0x58 0x62 0xb5 0x92 0xbe 0x60 0xcc 0xfd 0x1b 0x19 0xf3 0x3f 0xc3 0x21 0x16 0xce 0xbc 0x1e 0xfb 0x33 0xea 0xa8 0xf9 0xc5 0xdb 0x01 0xf1 0x55 0xac 0x3f 0xbd 0x78 0x2d 0x1d 0xae 0xbd 0x4b 0x12 0xf6 0xaa 0x00 0x58 0xb7 0x96 0x37 0xb0 0x93 0x4f 0xef 0x07 0xd6 0x02 0x4d 0x65 0xe6 0xa1 0xf5 0x20 0x0a 0xa1 0xaa 0xe7 0x93 0x09 0x31 0xd2 0xba 0xdb 0xab 0x32 0x2c 0x14 0xc1 0x8d 0x64 0xe3 0x05 0x0b 0x23 0x77 0x55 0x28 0x4c 0xe0 0xb8 0x8e 0xbc 0xa1 0x1f 0xec 0xdf 0x13 0xe5 0x44 0xb7 0x5d 0xb2 0xce 0xed 0xef 0x83 0xdb 0x95 0x62 0x8d 0x03 0x95 0x29 0x56 0xf7 0xaa 0x5a 0xdb 0x7b 0x99 0x54 0x77 0xe1 0x8a 0x85 0x98 0x65 0x03 0x24 0xcf 0xda 0x65 0xb1 0xd9 0xdd 0xe2 0xd3 0x9a 0x3b 0xd1 0xef 0x8b 0x12 0x8c 0x77 0xc0 0x2f 0x5f 0x15 0xc6 0x62 0x62 0xe0 0x0d 0x6d 0xd6 0x12 0x42 0x01 0x87 0x35 0x43 0x06 0x6e 0x45 0xcd 0xe7 0xfe 0x69 0xab 0x5a 0x97 0x99 0xe9 0xef 0xb3 0x52 0x3f 0xa9 0x01 0x88 0xd7 0xa5 0x1b 0x85 0x79 0xc6 0x18 0xfa 0x59 0x65 0x57 0xb7 0xfb 0x97 0x5d 0xde 0x5c 0x6d 0x5e 0x9b 0xa9 0xce 0xa5 0x92 0x79 0x6f 0x17 0x11 0x9d 0x0b 0x16 0x27 0xe4 0xc3 0x4d 0xc2 0xf1 0xbc 0x61 0x96 0x22 0xdf 0x90 0x2d 0x69 0x4e 0xb2 0x29 0x3f 0x8e 0x70 0xf5 0x50 0xa4 0xeb 0x0e 0xf3 0xce 0x32 0x26 0x44 0x6d 0xd9 0xa5 0x14 0xce 0x80 0x83 0xe5 0x4d 0x99 0x7a 0x27 0x8c 0xe8 0x72 0x0d 0xd4 0x24 0xaa 0x97 0x07 0x98 0x2b 0x0d 0x7a 0xbd 0x59 0xb7 0xed 0xe5 0x6d 0x18 0xc8 0x08 0x09 0x32 0xfa 0xe8 0x99 0xd8 0xa1 0xde 0x45 0x04 0x01 0xc8 0x04 0x88 0xbe 0x09 0x09 0xbc 0xc7 0x10 0x02 0x1c 0x02 0x2a 0x99 0x68 0x4e 0x40 0x3a 0xe1 0xbd Next message from server: 0xd7 0x8b 0xe0 0xaa 0x46 0x08 0xda 0x7d 0x6e 0x08 0x82 0xbc 0x7e 0xad 0x45 0x86 0xf8 0x79 0x95 0xd9 0x73 0x90 0xb5 0xc9 0xe7 0x7b 0xe5 0x27 0xf2 0x2d 0xbf 0x86 0x2e 0xb9 0x0b 0x15 0x78 0x57 0x24 0xad 0x15 0x3b 0xfd 0xa6 0xfb 0x78 0x47 0x60 0x65 0xe2 0x4b 0x98 0x11 0xa5 0xb7 0x93 0xbe 0xc8 0x28 0x24 0xd6 0xb7 0x4d 0x80 0x79 0x7e 0x05 0xca 0xca 0x43 0x5c 0xbc 0x23 0x97 0x50 0xb1 0xef 0x69 0x65 0x05 0x0f 0x59 0x95 0x19 0x37 0x2c 0xcf 0xae 0xff 0x49 0xaa 0x8b 0xb2 0xe8 0xdc 0x91 0x89 0xf0 0x94 0x3a 0xa7 0x9b 0x56 0xa0 0x90 0xcc 0xcc 0xbf 0x0b 0xa7 0x7a 0x65 0x63 0x9e 0x96 0x37 0x71 0x70 0x43 0xd5 0x2d 0xe7 0x46 0x5e 0x75 0xf5 0x68 0x9e 0x0a 0xa6 0xbb 0xf8 0x26 0xee 0x84 0x74 0x67 0xa7 0x0b 0xe1 0xa6 0x04 0x8b 0x65 0x96 0x9d 0x60 0xc5 0xfc 0x74 0xc9 0xde 0xe2 0xdd 0xfe 0xb1 0xed 0x1c 0x7c 0x2a 0x78 0xaf 0x9b 0x6f 0x3c 0xc0 0x6c 0x77 0x15 0x16 0xfc 0x00 0xd1 0xe2 0x49 0x65 0x6a 0x2a 0x74 0xb6 0xa9 0x00 0x2d 0x7f 0xb4 0x88 0x70 0xba 0x8c 0x81 0xcd 0x97 0xc6 0x06 0x44 0x0a 0xd5 0x99 0xea 0x49 0x81 0xcd 0xd1 0x44 0x6a 0xf8 0x54 0xa8 0x45 0x84 0x84 0x24 0xa7 0x4f 0xc4 0x23 0x0d 0x3b 0x53 0x3e 0xfa 0x74 0x2b 0xea 0x82 0xc9 0x71 0x1c 0xcb 0x5a 0x2b 0x3a 0x22 0x33 0x18 0xce 0x4e 0xa1 0x13 0x0e 0xf8 0x1b 0x94 0x20 0x2b 0xc2 0x3d 0xdd 0xa4 0x88 0xc5 0x69 0x3b 0x37 0x21 0x62 0x2d 0x09 0x02 0xd9 0xeb 0x8e 0x3c 0x46 0x5a 0x18 0x0a 0xe7 0x03 0xc6 0x10 0xb1 0x32 0x34 0x7f 0xf2 0xe3 0xf5 0x66 0xa3 0x79 0x75 0x1c 0xae 0xf6 0x0f 0xaf 0xd2 0xef 0xe0 0xb1 0xe8 0x91 0x9e 0xdb 0x23 0x57 0x0a 0x71 0xcd 0x5f 0x64 0x3d 0xba 0x59 0x7a 0x50 0x78 0xf1 0x23 0x1e 0x51 0x15 0x4c 0x1b 0x0c 0x83 0x4a 0x0e 0x74 0x07 0x8d 0x26 0x45 0x05 0x3c 0x00 0x38 0xb5 0xff 0xbf 0x47 0xd1 0x3a 0x68 0xa1 0x6e 0x40 0xc7 0xa2 0x36 0xd4 0x42 0xcf 0x4d 0x60 0xc8 0x47 0x26 0x63 0x3a 0x9d 0x57 0x4b 0xae 0xcf 0xe8 0xc9 0x39 0x79 0x50 0x8c 0x22 0x0d 0x06 0x31 0xcb 0x3f 0x2d 0xe4 0xbe 0x7d 0x9a 0x2d 0xc6 0x45 0x75 0x8c 0x4f 0xb7 0xcd 0x10 0x3d 0x41 0x93 0x1e 0x4e 0x2e 0xc1 0xb1 0x9d 0x20 0x3d 0x1a 0x10 0x83 0xd2 0x77 0xbf 0x93 0xf9 0x31 0xb0 0x94 0x0e 0xfe 0x11 0xf4 0x9d 0xb4 0x0d 0x4d 0x23 0x37 0xca 0xef 0x5e 0xa9 0x48 0xab 0x9f 0x38 0xb7 0x42 0x10 0xeb 0xba 0xb3 0xa1 0x99 0x8c 0x2a 0xb8 0x6a 0xac 0xe1 0x4b 0x0a 0xdf 0x11 0xd0 0x97 0x99 0xe3 0x6b 0x96 0xff 0xec 0x21 0x6f 0x14 0x36 0x1e 0x57 0xc2 0x81 0xcc 0x49 0xdc 0x7f 0xe7 0xc0 0x91 0xab 0x2c 0x16 0x98 0x93 0xb2 0xb6 0x61 0xc1 0xb5 0x8f 0x14 0x1a 0x6f 0xc6 0x14 0x34 0x8f 0xdb 0x97 0x8f 0x75 0x00 0x05 0xb8 0x77 0x17 0xd0 0x06 0x9b 0xff 0x79 0xf9 0xcb 0x4e 0x5d 0x85 0xd7 0xeb 0x68 0xaf 0x53 0x4f 0x0c 0xd9 0x36 0x96 0x23 0x52 0x41 0xbf 0xc0 0xeb 0x44 0x7c 0x3e 0x78 0x56 0x3b 0x3f 0x8a 0xb1 0x58 0x33 0xf9 0x55 0xdd 0x60 0x1d 0x7b 0x5e 0x46 0x61 0x3d 0x7e 0x4d 0xa0 0xea 0xfc 0x56 0x23 0x61 0xbf 0xc5 0x1f 0x79 0x07 0x3c 0x7d 0xf4 0x9c 0xb1 0xd1 0xaf 0x5a 0x48 0x2c 0xb5 0x1d 0x81 0xcc 0xce 0x2c 0x50 0xa9 0x0e 0x8a 0x9f 0xb4 0xc4 0xb6 0xaf 0x0f 0xce 0x5d 0xb2 0xcc 0xae 0x9b 0x0d 0xbe 0x98 0x2d 0xa1 0x47 0xef 0xce 0x62 0xcd 0x62 0x79 0x3c 0x0f 0xa7 0x05 0xc8 0xcb 0x21 0xf2 0xa9 0x85 0x79 0xae 0x30 0xcb 0x10 0x98 0x65 0xdf 0xe0 0x95 0xe8 0x1a 0x35 0x85 0xb6 0xdc 0x80 0x5f 0x92 0x04 0xa8 0xb8 0xcc 0x13 0x5f 0x5c 0x79 0x8f 0xba 0x56 0x56 0x4e 0x35 0x1f 0xe4 0x63 0x65 0x67 0xaf 0xdb 0xdd 0x42 0x17 0xd5 0x11 0x92 0x23 0x4e 0xea 0x2a 0x43 0x55 0xde 0x22 0x07 0xeb 0x62 0xb9 0x9f 0x83 0x4a 0xaa 0xec 0xc2 0x97 0x52 0xb3 0xf7 0xa7 0x44 0xf6 0x31 0x10 0x23 0xc5 0x56 0xcc 0xbb 0x23 0xa9 0xaa 0x53 0x18 0xff 0x66 0x5e 0x87 0x8f 0xb1 0x6c 0x2e 0xf3 0xcd 0xf2 0xbb 0x0d 0xbc 0x13 0x9a 0xe3 0x3e 0xd2 0x22 0x3f 0x65 0x1c 0x53 0xd6 0x64 0x38 0x5f 0xd8 0x03 0x09 0x19 0x19 0xaf 0x64 0x16 0xc3 0xac 0x35 0x4b 0x99 0xf1 0xd3 0xb9 0xbd 0x09 0xe5 0x60 0x86 0x02 0x8c 0x00 0x99 0x58 0x7b 0x3e 0x69 0x4d 0xc6 0xcd 0x49 0x72 0x65 0xba 0xbb 0xd1 0xb4 0x3a 0x92 0x88 0x5e 0x34 0xea 0xa6 0xd5 0xfb 0xff 0x8f 0x29 0xbf 0x71 0xca 0x5b 0x1c 0xb5 0x06 0x28 0x8a 0x13 0x15 0x9d 0xf1 0xa4 0xb9 0x77 0xb9 0x2d 0xc8 0x37 0x3d 0xb4 0xa9 0x66 0x54 0x7a 0x32 0x21 0xb1 0x6e 0x19 0xb0 0x4e 0xd0 0x57 0x91 0x89 0x68 0x9c 0xb5 0xc3 0x8b 0xc6 0xa8 0xb2 0xc1 0x12 0xf7 0x81 0x78 0x09 0xdd 0x30 0xf2 0x3b 0x4a 0xcd 0xad 0xe2 0x0d 0x02 0x4b 0xf4 0x27 0x71 0xd5 0x06 0x1a 0xc1 0x8f 0x53 0x4f 0xf6 0xf2 0x3e 0xfe 0xb3 0x76 0x94 0x7d 0xea 0x71 0x6a 0x8f 0xb2 0xf6 0x48 0x6a 0xf5 0x18 0x27 0x62 0xa1 0xed 0xc4 0x33 0x82 0x11 0x9d 0x5c 0x68 0xb1 0x7a 0x03 0x9b 0x82 0x68 0xb3 0xda 0x51 0xe3 0x77 0x86 0x90 0xaf 0x11 0x70 0xae 0xba 0x42 0xb6 0x10 0x1a 0xd0 0xca 0x85 0x1e 0xee 0x1a 0x4b 0x0e 0x17 0x2e 0xd9 0x09 0x94 0x1c 0x1e 0x69 0x94 0xe5 0x35 0xdc 0xc6 0xd6 0xcf 0x6f 0xa4 0x37 0x26 0xd7 0xcb 0x3a 0xbc 0xe0 0x9a 0xe4 0x72 0x15 0x16 0xe9 0xf0 0x48 0x14 0xf9 0xa7 0xbf 0xc5 0x51 0xc0 0xf6 0x94 0xfa 0x49 0xef 0x28 0x96 0xd7 0xb3 0x23 0xb6 0xa9 0x35 0xe0 0xc4 0x2b 0xab 0x8c 0x13 0x3d 0x56 0x0a 0xa1 0xdb 0xb6 0x50 0x13 0xf1 0x09 0x21 0x1b 0x4d 0xbe 0x0c 0xb4 0x67 0x81 0x6e 0x2b 0x93 0x65 0x0f 0x90 0xf5 0x77 0xdc 0xf8 0x41 0x1c 0xe4 0x56 0xec 0xa9 0x17 0x77 0xb5 0x7e 0xeb 0x88 0x6f 0xc2 0x4d 0x5f 0xd1 0x54 0xee 0x9b 0x1a 0x35 0xd3 0x5e 0x84 0x47 0x51 0xa7 0x9f 0xe2 0xbc 0xd6 0x46 0x80 0xfe 0xfe 0xf7 0xd6 0xd6 0x93 0x8b 0xa7 0x16 0x35 0x27 0xea 0x24 0x22 0x5f 0x34 0xad 0xf3 0x85 0xbb 0xc0 0x34 0xae 0x2d 0x20 0x3d 0xe7 0xb2 0x5d 0x8a 0xa8 0xc2 0x05 0x80 0x05 0x09 0x3e 0x52 0x63 0x58 0xdd 0x7e 0x18 0x89 0xad 0x01 0x9a 0x19 0xb7 0x55 0x9f 0x0d 0x3a 0xcf 0xbc 0x6b 0xc4 0x6a 0xeb 0x3d 0x1e 0xe3 0x72 0x4a 0x5e 0xe1 0x2e 0xa2 0x7f 0x39 0x72 0xdb 0x06 0x7d 0x46 0xe8 0x21 0x2f 0xaf 0x07 0x23 0x96 0xf7 0x3c 0x92 0x54 0xa4 0xce 0xad 0xe2 0x11 0x7f 0x5c 0x22 0xce 0x1c 0x5b 0x72 0x1a 0x36 0x1d 0xb7 0x58 0x62 0x48 0x3f 0xba 0x2c 0xa7 0xf8 0x07 0x6b 0x32 0x0b 0xf6 0xe2 0x9d 0x2f 0x4f 0x6f 0xdb 0x83 0xf4 0x94 0x0d 0x52 0x25 0xb9 0x6b 0x8b 0x97 0xaa 0x9e 0x9d 0x6a 0xdc 0x1a 0xfa 0x3c 0x01 0x18 0x79 0xb7 0x32 0xda 0x2b 0xae 0xe7 0xfd 0x02 0xa3 0xac 0x0a 0x05 0x62 0x04 0x91 0xc7 0xc8 0x48 0x99 0x8c 0x76 0xe0 0x1a 0x32 0xb7 0xf4 0x6f 0x46 0xc0 0xe7 0x35 0x63 0xa7 0x7a 0x6a 0x3a 0x7c Next message from server: 0x86 0x84 0xc4 0x9e 0x31 0x8a 0xac 0x17 0x2c 0xb6 0x96 0x21 0x4b 0xf9 0x5c 0x29 0xb7 0x05 0xcf 0xc4 0xb6 0x20 0x3e 0xc8 0x8c 0x28 0x66 0x3b 0xa8 0xa6 0xb5 0xf8 0xde 0xd8 0x8d 0x13 0x66 0x39 0x54 0x81 0x49 0xe9 0x0f 0xf6 0x75 0x1d 0x00 0x6c 0xf8 0x27 0xa6 0x24 0xbd 0xa4 0x23 0x5e 0x05 0x54 0x4f 0x9b 0xe1 0x26 0xe2 0xf8 0xb1 0x69 0x49 0xa9 0xd5 0xcc 0x06 0xe8 0xdc 0xf7 0x67 0x77 0xc2 0xae 0x8e 0xdf 0x24 0xc6 0xc8 0x10 0xbb 0x89 0x18 0x8f 0xef 0xef 0x08 0x9b 0x20 0xba 0x90 0xc2 0x8e 0xa8 0xd5 0x74 0x3b 0x12 0x27 0xdf 0x50 0x9f 0xd4 0xdb 0xe2 0x8f 0x8d 0x96 0x70 0xd5 0x43 0x01 0xb8 0x81 0x50 0x74 0x9e 0x41 0x56 0xd1 0x2f 0xcb 0xbd 0xd9 0xe4 0x18 0x02 0x35 0x5e 0x48 0x54 0xd7 0x5e 0x14 0x56 0x8b 0x6c 0x21 0xd1 0xbf 0x09 0x02 0x61 0x72 0x77 0xdc 0xc5 0x1d 0x36 0xb9 0x61 0x67 0x19 0xf4 0x71 0x68 0xd4 0xa3 0xf0 0x02 0x7c 0x5c 0xed 0x9c 0xc9 0x3b 0xac 0x94 0x56 0x1d 0x82 0x44 0xae 0x9a 0x5c 0xa9 0xc5 0x43 0x3e 0xe1 0xc3 0xee 0x0e 0x58 0xcb 0xd3 0x2c 0x18 0x35 0xe4 0x2e 0xcc 0x44 0x38 0xf3 0x0f 0x65 0x0b 0x72 0x16 0x1b 0x40 0xb3 0xb5 0x39 0x50 0xc9 0x36 0xe3 0x46 0xe2 0xf9 0x2f 0x55 0x26 0x07 0xd2 0xfd 0x97 0x45 0x81 0xa0 0x7e 0x4d 0x87 0x7f 0xa3 0xb7 0xcc 0x76 0xe5 0x6f 0x5a 0x5c 0xa1 0x9e 0x11 0x4a 0x55 0xa7 0xce 0xd4 0x31 0xfa 0x90 0xf3 0x6b 0x25 0xef 0xfe 0x17 0x4f 0x2f 0x8b 0xde 0x73 0xde 0x77 0xd7 0x38 0x5e 0x9f 0x45 0x7a 0xd3 0xb4 0xc5 0x11 0xe9 0x8b 0x1a 0x84 0x5d 0x0e 0x41 0x01 0x21 0x6f 0x29 0xc4 0x2e 0x1f 0x0f 0x30 0x15 0x51 0xee 0xad 0x67 0xc3 0x5f 0xe2 0x2d 0xa8 0x78 0xff 0xbc 0xfa 0x02 0x14 0x16 0xd5 0xe1 0xc4 0xb7 0x8b 0x83 0x3d 0xa1 0x6d 0xbc 0x5e 0xa6 0xd4 0x73 0xd0 0x8c 0x19 0x30 0x4c 0x5f 0x14 0x81 0x69 0x59 0x3b 0x6c 0x7f 0x05 0xed 0x11 0x95 0x10 0x98 0x0c 0xc8 0xa8 0x03 0x4a 0x5d 0xc0 0xc4 0x9d 0xbb 0x44 0x2f 0x4d 0xd0 0xf0 0xa7 0x30 0x32 0x8d 0x75 0xad 0xb0 0xcc 0x12 0xcf 0x85 0xde 0x7c 0x3d 0xe8 0x85 0x1c 0xc4 0x45 0xd9 0xa4 0x57 0x23 0x34 0x75 0xf5 0xa8 0x2b 0xc7 0x02 0xfe 0x45 0xee 0xd8 0x6f 0x57 0x64 0x19 0xb2 0x51 0x0e 0x6c 0x88 0xd0 0xb7 0x6c 0x66 0x02 0x47 0x98 0x34 0xa2 0xd4 0x68 0x83 0x3f 0x8c 0x7a 0x03 0xa4 0x1c 0x59 0x17 0xb3 0xcd 0x2c 0x18 0xdf 0xf7 0x6a 0x8c 0xe0 0xb7 0x6c 0xb1 0x1f 0x3e 0x04 0x69 0x18 0x4a 0x64 0x70 0x57 0x78 0xda 0xcb 0xf9 0x98 0xee 0xa0 0x93 0xc8 0xe7 0x9d 0x14 0xb2 0x47 0xd8 0x32 0xa7 0xa2 0xaf 0x12 0xb8 0xe8 0xe7 0x76 0xb0 0xcb 0xcd 0x26 0x80 0x37 0xa2 0xd4 0x69 0x3b 0xc0 0x5c 0x8e 0xa0 0x2c 0xba 0x97 0x4e 0xba 0xc7 0x64 0x05 0x66 0x28 0x9f 0xb2 0x3c 0x4c 0x3a 0xc9 0x27 0x8c 0x5e 0x14 0x9d 0xbc 0x5e 0x2f 0x66 0x42 0xd2 0x6e 0x54 0x52 0xd9 0xa9 0x0c 0x94 0xf2 0x61 0xcf 0x0c 0xa4 0x4e 0x7d 0x83 0x64 0x20 0x1d 0xf1 0xcb 0xab 0x49 0x17 0x92 0x1e 0x49 0x88 0x52 0x59 0x29 0x02 0x04 0xa2 0x4e Next message from server: 0xf2 0xee 0x5e 0x17 0x82 0x91 0x8f 0x05 0x0a 0x47 0x66 0x3b 0x24 0x06 0xd8 0x27 0x52 0xfc 0x77 0xe5 0xc7 0x13 0x39 0x8b 0xb5 0xf7 0x64 0xf0 0xba 0x0f 0xd2 0x92 0x54 0x9e 0xbe 0x3b 0x71 0xef 0x74 0x28 0x94 0x36 0x1b 0xcf 0x31 0xfa 0x04 0xa9 0xb4 0xfc 0x5e 0x65 0x21 0x5a 0xad 0x5f 0xc2 0xe7 0xe0 0xf6 0x64 0x39 0x65 0x43 0x0b 0x61 0x0b 0xcd 0x05 0x73 0xe7 0xda 0xaa 0xec 0x5c 0x8f 0xa4 0x14 0x10 0x79 0x12 0x78 0xe4 0xa8 0x4e 0x03 0x5e 0x9c 0x40 0xe9 0xe2 0x44 0x0e 0x3e 0x53 0xf3 0x2c 0x65 0x14 0xad 0xd7 0xbf 0xc7 0x4c 0xa8 0x18 0xfa 0x6e 0x4c 0x3e 0x2d 0x7f 0x3e 0xfc 0x5f 0x82 0xc3 0x99 0x3a 0xa6 0x28 0x76 0x54 0x74 0x55 0xe0 0xd4 0x6d 0x30 0x5a 0x65 0x5b 0x2a 0x7b 0x65 0x78 0xc4 0xb9 0xfd 0x57 0xc4 0x8d 0xb3 0xf5 0x00 0x27 0x3e 0x45 0x95 0xb4 0x42 0xd7 0x96 0x87 0xa0 0x0c 0x9e 0x29 0xd6 0x59 0xba 0xc2 0xf5 0x27 0xc8 0x4d 0x71 0xd8 0xb7 0xca 0x15 0x8e 0x9a 0xcd 0x51 0x42 0xb8 0x9a 0x98 0xa0 0x79 0xb4 0x44 0x3b 0x53 0xab 0x0e 0x43 0x99 0xbc 0x7a 0xf1 0x09 0x99 0xc9 0x9b 0x5a 0x23 0x66 0x48 0xcd 0x6e 0x77 0x30 0x84 0x31 0xdb 0x69 0xa8 0x6a 0x18 0x1d 0x44 0x64 0x7d 0x18 0xa2 0xae 0x3a 0x76 0x8d 0xe9 0xc6 0x2e 0xfd 0xcf 0xc3 0x8c 0x2d 0x84 0x65 0x32 0xfd 0x07 0xb7 0x73 0x46 0x64 0xb7 0x98 0x89 0xde 0xb5 0x60 0x9a 0x61 0xe7 0x5a 0xd6 0x76 0x29 0xdc 0x6c 0xd2 0xf0 0x14 0xae 0x30 0x9d 0xcb 0x53 0xd4 0xb5 0x2c 0x80 0x40 0x75 0x1a 0x8e 0xd9 0x04 0x08 0x3d 0xe3 0xc9 0xbb 0x97 0xc6 0xac 0x70 0x99 0x91 0xa7 0xfd 0x1e 0xe6 0x41 0x04 0xdf 0x04 0xd2 0x8a 0x59 0xed 0x53 0x11 0x4c 0xbe 0xfa 0x0c 0x4d 0x5c 0x00 0xbd 0x97 0xb4 0x4d 0x6b 0xb2 0x23 0x59 0xff 0x9f 0xea 0x0e 0x9c 0x24 0x47 0x33 0x8d 0xd8 0x3e 0x66 0xaa 0x14 0xed 0xac 0x5a 0xd7 0xdd 0x23 0x17 0x7b 0x07 0x9e 0x88 0xaa 0xcb 0x38 0x7c 0xa6 0xa7 0x47 0x7c 0x7f 0xfa 0xd7 0xa1 0xed 0xb3 0x6d 0x01 0xfa 0xe5 0xaa 0x1b 0x2e 0xc6 0xcd 0x41 0x2f 0x90 0xce 0xc2 0xcd 0xa1 0xce 0x92 0x42 0x7b 0x9f 0x54 0x5f 0x01 0x0b 0xaf 0x39 0x31 0x67 0x65 0x45 0x59 0xa1 0x3e 0xa6 0xac 0x90 0xe1 0x2b 0x1b 0x7c 0x8c 0x3f 0x0b 0xda 0x0e 0x57 0xb7 0x17 0x45 0xba 0xd6 0x72 0x6b 0xbd 0x3e 0x0c 0xa7 0xa3 0xd3 0xb0 0xf4 0x9a 0xe3 0x89 0xbb 0x92 0xa5 0xb9 0x1f 0x42 0xd4 0x89 0xd3 0xba 0x23 0x84 0x81 0x58 0x98 0x4e 0x0a 0xed 0x14 0xcf 0x7a 0x42 0xa8 0xaa 0x0f 0xc0 0x16 0xa3 0x97 0x1b 0x8b 0xf4 0x50 0x83 0x35 0x8a 0xf9 0xaf 0x2e 0xb9 0xe3 0x69 0x72 0x3e 0xb1 0x54 0x1c 0xf3 0x6f 0xcc 0x1c 0xb9 0x34 0x06 0xf3 0xd3 0x67 0x78 0xd3 0xfb 0xdf 0x27 0xe9 0x4f 0xa9 0x8c 0xde 0x67 0xec 0x0d 0xa2 0x8d 0xb9 0xb8 0xcf 0xbe 0x21 0xd9 0x08 0xe6 0xb5 0x5a 0x00 0x07 0x8d 0xe1 0xe1 0x1a 0x4a 0xb8 0x7e 0x76 0xfc 0x49 0x68 0x7a 0xf9 0xc7 0xa6 0x99 0xeb 0xff 0x6f 0xd9 0xf6 0x10 0x78 0x55 0xc2 0x4b 0x6a 0x05 0xa3 0xb1 0x3d 0xce 0x55 0x41 0x8d 0x9c 0x3d 0x18 0xa7 0x90 0x37 0x60 0x90 0x6b 0x60 0xad 0x4c 0x20 0xcd 0x12 0x5c 0x53 0x54 0xff 0x39 0x65 0xff 0xfc 0x0f 0x31 0x80 0x9b 0x58 0xc3 0x7c 0xbe 0x09 0xf7 0x8e 0x67 0x60 0x39 0x4b 0x29 0xdf 0xcf 0x57 0x4a 0x6b 0xf5 0xe4 0xd3 0x5d 0x68 0x45 0xa0 0x87 0x06 0xde 0x05 0x7d 0x00 0xd2 0x3a 0x1a 0x86 0x01 0xbf 0x99 0x29 0x11 0x7f 0xf8 0x56 0x90 0x1f 0xd7 0xfd 0xe5 0x1c 0xd8 0xf6 0x95 0x4e 0xc2 0xfb 0x1f 0x93 0x2d 0x50 0x15 0xa6 0x1b 0x00 0x55 0x94 0x32 0xc6 0x47 0x9f 0xee 0xb5 0xae 0xb8 0x31 0xfc 0x9b 0xe1 0x76 0xd2 0x28 0xf3 0xf3 0xf5 0xbb 0x34 0x48 0x13 0xcb 0x54 0x25 0x0f 0x7b 0xa8 0xd1 0xa7 0x6b 0xcc 0x14 0x5b 0x8e 0xf4 0x43 0x6a 0x80 0x1d 0xad 0x43 0x57 0x90 0x86 0x7b 0x04 0x31 0x1e 0x78 0x88 0xdd 0x5d 0xd9 0xa3 0x02 0x4b 0xdd 0xdf 0x2b 0x95 0x92 0xa3 0xad 0x79 0x47 0xc1 0x34 0x3f 0xb2 0x01 0x89 0x05 0x2d 0x26 0xc4 0x75 0x34 0xaa 0x25 0xb2 0x54 0x2d 0xf1 0x92 0xea 0x9b 0xe7 0x9a 0x38 0xba 0x91 0x65 0x40 0x2e 0xff 0x2b 0x31 0x1d 0xd9 0xaa 0x6e 0x19 0xca 0x49 0xc3 0xda 0x40 0xa1 0x71 0x11 0x98 0xb4 0x02 0xe8 0x16 0xaf 0x51 0x72 0xe9 0xf2 0xf3 0x11 0x6d 0xf6 0x21 0x0d 0x1a 0xb5 0xbe 0xe0 0xbe 0x28 0x54 0xb2 0xb9 0x7c 0xf4 0xf0 0x94 0x32 0xa6 0xdd 0x43 0x94 0x96 0xa9 0x55 0x5a 0x8a 0x96 0x44 0x06 0x30 0x3c 0x74 0x39 0x33 0x01 0x1d 0x29 0x7f 0x0a 0xfd 0xe2 0x65 0x3c 0xf5 0x6b 0xee 0xef 0xa5 0xd6 0x15 0x57 0x93 0xca 0xde 0x46 0xee 0x93 0xb0 0x4b 0x32 0xfb 0xd4 0x6e 0xb4 0xa6 0xd7 0x77 0x40 0x64 0x08 0xd2 0x0e 0x57 0x51 0x5c 0xc9 0x2b 0x9b 0x17 0xcb 0x19 0x1f 0x03 0x23 0xcc 0x99 0x3c 0xfa 0x3d 0x21 0xe1 0x6c 0x83 0x1c 0xce 0x68 0x38 0xff 0x0d 0x53 0xcd 0xdd 0xd3 0xd1 0x78 0x6e 0x1e 0xee 0x01 0xe7 0x71 0x0b 0xab 0xd7 0x55 0x6c 0xbd 0x5b 0xac 0x47 0x2c 0x9f 0x23 0xf2 0xf2 0x27 0x1f 0xb3 0x26 0xd8 0x66 0xa6 0x30 0xb8 0x31 0x5e 0x50 0x35 0xba 0x65 0x9f 0x73 0xae 0x66 0x43 0x87 0x46 0x60 0x79 0x3a 0x29 0x21 0x85 0x9a 0xd9 0xcc 0x7d 0x57 0x13 0x9c 0xfc 0x8f 0xb5 0x98 0x3f 0x7c 0x38 0x4b 0x9f 0x43 0x02 0x8b 0xa0 0x2c 0x40 0x32 0x3b 0x7a 0x2e 0x61 0x5f 0xaf 0x91 0xf3 0x26 0x39 0xf0 0xc5 0x73 0xd0 0x2e 0x00 0x44 0x70 0xc3 0xca 0xdf 0xc6 0x73 0x5f 0x6b 0xd3 0xa5 0x3b 0x24 0xdd 0xd0 0x95 0x20 0x61 0x75 0x25 0xbd 0x30 0xb0 0x5b 0xe8 0xd2 0xe6 0xdd 0x02 0xea 0xc1 0x6f 0x91 0xaf 0xbe 0xb6 0x94 0xf6 0xd7 0x9d 0x5e 0xee 0x1d 0xa5 0x76 0x6c 0x22 0xb7 0x42 0x9b 0xa2 0x9a 0x35 0xfe 0xa4 0xb1 0xcb 0x4b 0xcc 0xb7 0xda 0x2f 0x86 0xd0 0x6a 0x6f 0x85 0x9c 0x7c 0xd5 0xae 0xa5 0x46 0xf0 0x06 0x03 0x23 0x51 0xcb 0xe7 0x7d 0xe4 0xbb 0xeb 0x2b 0x51 0xd6 0x9d 0xb2 0xd9 0x09 0xfe 0xec 0x66 0x43 0x71 0x8d 0x53 0x92 0x6e 0x9f 0xb9 0x1c 0x44 0x2b 0x5e 0xfb 0xe8 0x2a 0x2a 0xbb 0x91 0x48 0xdd 0x14 0x06 0x07 0x99 0xb4 0x88 0x86 0x1d 0xb5 0x37 0xf3 0xeb 0xdd 0xf3 0xfa 0x53 0xbb 0xd1 0xfb 0x6b 0xab 0x23 0x4d 0x30 0x7c 0x92 0x56 0x3e 0x18 0xee 0x19 0xff 0x19 0x26 0x55 0xa6 0x65 0xba 0x6f 0x84 0xc0 0x3a 0xd9 0x25 0x0e 0xf9 0x98 0x3e 0x32 0xd4 0xb8 0x77 0xf5 0x7b 0x55 0xdb 0x1e 0xad 0x42 0x36 0x39 0xb6 0x1e 0x51 0xff 0xef 0x60 0x14 0x2e 0xa1 0x8f 0xd2 0x20 0x0c 0x1e 0xf5 0x3e 0x02 0x47 This completes the communication. From jya at pipeline.com Sat Aug 19 08:45:12 1995 From: jya at pipeline.com (John Young) Date: Sat, 19 Aug 95 08:45:12 PDT Subject: (Fwd) 1995 Nanotechnology Conference Message-ID: <199508191545.LAA16285@pipe4.nyc.pipeline.com> Fourth Foresight Conference on Molecular Nanotechnology SUMMARY: The conference will be held November 9-11, 1995, in Palo Alto. It is a multidisciplinary meeting on molecular nanotechnology, that is, thorough three-dimensional structural control of materials and devices at the molecular level. Attendees will include chemists, materials scientists, physicists, engineers, and computer scientists interested in learning about the field and participating in its development. For further information, contact foresight at cup.portal.com or see the Web page ftp://ftp.parc.xerox.com/pub/nano/nano4.html. From gtoal at gtoal.com Sat Aug 19 08:53:57 1995 From: gtoal at gtoal.com (Graham Toal) Date: Sat, 19 Aug 95 08:53:57 PDT Subject: Has anyone written a 'secure' (ahem) html server? Message-ID: <199508191549.KAA25681@fajita.vt.com> Congrats to the guys who broke the netscape encryption. Now... as someone who would like to use 'lite' encryption for a few non-critical purposes, has anyone taken the code they must have worked out to do the crack and fed it back in to a public domain server? I *really* don't want to pay Netscape 1000's just to play around with this stuff... (I presume the algorithms are public and there wouldn't be any legal problem with this...) G PS Yes, I'm back. Was avoiding all cypherpunkly things until I got my green card. First thing I did when it arrived in the mail was log in to MIT and get an official release of pgp :-) From cme at clark.net Sat Aug 19 09:21:27 1995 From: cme at clark.net (Carl Ellison) Date: Sat, 19 Aug 95 09:21:27 PDT Subject: Export policy change Message-ID: <199508191621.MAA09036@clark.net> >Date: Fri, 18 Aug 1995 23:03:47 -0400 (EDT) >From: JMKELSEY at delphi.com >Subject: Export policy change >I think this is an important and somewhat subtle political move on >the part of the administration. If they can get at least a few >large businesses (the ones who buy into the key-escrow scheme) on >their side, by making it in their economic interests for everyone >to use escrowed crypto, they will have manufactured some >potentially powerful allies in the computer industry. That's not too far from Steve Walker's published intention with the CKE project. See: ftp://ftp.tis.com/pub/crypto/drc/papers/ and below. - Carl From remailer at flame.alias.net Sat Aug 19 09:36:29 1995 From: remailer at flame.alias.net (Flame Remailer) Date: Sat, 19 Aug 95 09:36:29 PDT Subject: Costs of Credit Card Fraud and Brute-Force Codebreaking Message-ID: <199508191631.SAA10338@utopia.hacktic.nl> fc at all.net wrote: >I think a lot of people miss the distinction between automated message >cracking and dumpster diving. Dumpster diving is not free. It costs at >least a dollar each to get credit card slips by dumpster diving. > >Consider that in order to use the information, you have to get the slip, >pull off the numbers, enter them into a computer (or even worse yet, >create a phoney card or make a phone call) in order to use the >information. The break-even point for an automated cracking and usage >system is more than a dollar per stolen card. My parallel processor >is actually more cost effective for crimilar theft via credit card fraud. Well, a few years ago I partially satisfied my phone-phreaking habit in the following manner: I would walk up to a busy intersection in a comercial area and stroll through the various gas stations located there, collecting receipts that careless customers had forgotten to take with them after using the "pay-at-the-pump". Then I would visit the pay phones at the nearby mini-malls. It sure didn't cost me a dollar a number. The cost/value of a card number depends a lot on what you seek to gain. If it's free phone calls, your costs are basically nil. If you want free gas, it'll cost you $500 or so for the card reader/writer and a few old cards. If you have a system for extracting thousands of dollars from each card, economics of scale would probably justify the $10000 rc4-breaker. ...or you could just hack netcom, steal the mother lode and be set for life... (Hi Kevin! drop me a line when you get out; ya gotta love those plea-bargains - 30 year sentence reduced to 8 months! ;-) From blane at guetech.com Sat Aug 19 10:43:46 1995 From: blane at guetech.com (Brian Lane) Date: Sat, 19 Aug 95 10:43:46 PDT Subject: SSL challenge and escrows In-Reply-To: <9508181635.AA23177@all.net> Message-ID: On Fri, 18 Aug 1995, Dr. Frederick B. Cohen wrote: > I think a lot of people miss the distinction between automated message > cracking and dumpster diving. Dumpster diving is not free. It costs at > least a dollar each to get credit card slips by dumpster diving. I think people have been forgetting something else. Getting caught. If I dive dumpsters, grab receipts from where I work, etc. The chances of me being caught, or linked to use of the CC#s is much higher than if I scam them from somewhere on the net, using a cracked account(or several) on machines all over the world. Another thought is an un-ethical ISP. They either sniff the SSL transactions to their web server, or take the numbers from the users directories. If discovered, they blame it on 'hackers'. What happens to the SSL encrypted data after received by the server? Brian ----------------------------------------------------------------------------- "A little rebellion now and then is a good thing." | PGP Key and .plan -- President Thomas Jefferson | email Subj: blane-info ============================================================================= From rsalz at osf.org Sat Aug 19 11:08:02 1995 From: rsalz at osf.org (Rich Salz) Date: Sat, 19 Aug 95 11:08:02 PDT Subject: Load-sharing for Key Cracking Message-ID: <9508191807.AA22499@sulphur.osf.org> Someone should look at Condor, ftp.cs.uwisc.edu. It's designed to share spare cycles. /r$ From rsalz at osf.org Sat Aug 19 11:18:36 1995 From: rsalz at osf.org (Rich Salz) Date: Sat, 19 Aug 95 11:18:36 PDT Subject: Certificates/Anonymity/Policy/True Names Message-ID: <9508191818.AA22531@sulphur.osf.org> I think there are many people who might be willing to use an "anon CA" should it exist: Whistleblowers, perhaps Deep Throat would have used email People writing letters to the editor who don't want to trust the editor to withhold their info People who desire anonymyity yet don't want to trust the gov't to certify their communications as authentic/forged (Unabomber, Om Shin-rkyo) Any number of writers who have used psuedonyms and now want to get paid in ecash; Mark Twain? From fc at all.net Sat Aug 19 11:25:03 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Sat, 19 Aug 95 11:25:03 PDT Subject: Costs of Credit Card Fraud and Brute-Force Codebreaking In-Reply-To: <199508191631.SAA10338@utopia.hacktic.nl> Message-ID: <9508191823.AA23991@all.net> > > fc at all.net wrote: > >I think a lot of people miss the distinction between automated message > >cracking and dumpster diving. Dumpster diving is not free. It costs at > >least a dollar each to get credit card slips by dumpster diving. > > > >Consider that in order to use the information, you have to get the slip, > >pull off the numbers, enter them into a computer (or even worse yet, > >create a phoney card or make a phone call) in order to use the > >information. The break-even point for an automated cracking and usage > >system is more than a dollar per stolen card. My parallel processor > >is actually more cost effective for crimilar theft via credit card fraud. > > Well, a few years ago I partially satisfied my phone-phreaking habit in > the following manner: > I would walk up to a busy intersection in a comercial area and stroll > through the various gas stations located there, collecting receipts > that careless customers had forgotten to take with them after using the > "pay-at-the-pump". Then I would visit the pay phones at the nearby > mini-malls. It sure didn't cost me a dollar a number. But you miss the costs of your time. You have to find the right dumpster, you have to dive, you have to find the slip, you have to walk across the street, you have to make the call. Time, as they say, is money. For a criminal enterprise to make money, they have to not only get the cards, but use them and then resell the goods for cash. The sheer size of a criminal organization that could handle the sort of codebreaking we are talking about would make it possible to buy goods at wholesale prices, so the profit on stealing goods and reselling them on the open market is far less than the savings an individual gains by the effort. Then there is the potential cost of people getting caught, etc. that has to be figured into the overall cost. Criminal enterprises have high overheads. > The cost/value of a card number depends a lot on what you seek to gain. > If it's free phone calls, your costs are basically nil. It costs you 10-15 minutes of time, and it probably saves you a few dollars of phone charges. If the chance is only 1 in 100,000 of getting caught and convicted to 5 years in prison, the amortised time cost is another 25 minutes, not including legal fees. > If you want > free gas, it'll cost you $500 or so for the card reader/writer and a > few old cards. But you still have to get the magic numbers. Maybe it takes a bribe, maybe it takes dumpster diving, but whatever the deal, it all costs money in the form of time, overhead, etc. > If you have a system for extracting thousands of dollars > from each card, economics of scale would probably justify the $10000 > rc4-breaker. The point of the parallel processor is that the cost is about $1.45 (or whatever) per card number, not thousands of dollars. The results are in computer-ready form, so that you can charge directly over the Internet and have a fully automatic system for theft. No large number of employees, no phone bills that get traced by the FBI, only an Internet link that moves from provider to provider, account to account, city to city, country to country. > ...or you could just hack netcom, steal the mother lode > and be set for life... (Hi Kevin! drop me a line when you get out; > ya gotta love those plea-bargains - 30 year sentence reduced to 8 > months! ;-) It's true that breaking into computer systems is cheaper for small numbers, but as a big business, the labor is too high for this sort of attack, and the results are too unpredictable. Taking credit card nuymbers over the net is a lot more ammenable to the economies of scale required for big codebreaking efforts. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From zinc at zifi.genetics.utah.edu Sat Aug 19 11:50:26 1995 From: zinc at zifi.genetics.utah.edu (zinc) Date: Sat, 19 Aug 95 11:50:26 PDT Subject: 64 bit keys breakable by the NSA or just some random key length? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- cpunks, i was thinking about the recent Clinton/LEA proposal regarding exportable crypto. the new rules would allow 64 bit keys to be exported, as long as the master key was made available through some key escrow service. now, we know it is relatively easy to break a 40 bit key. additionally, we know it is nearly impossible to break 128 bits. i'm not so sure how hard 64 bits is (need to brush up on that ol' mathematics some time...). why did the govt pick 64 bits? is this length still within the range of the NSA if they really wanted to read something but didn't feel the need or want the exposure of obtaining a key from escrow? i'm curious if anyone thinks this gives us a little more info on the capabilities of the NSA regarding brute forcing a key. additionally, since this *is* an escrow system, why didn't the gov't just go with the unbreakable 128 bit key length? - -pjf patrick finerty = zinc at zifi.genetics.utah.edu = pfinerty at nyx.cs.du.edu U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA! ** FINGER zinc-pgp at zifi.genetics.utah.edu for pgp public key - CRYPTO! zifi runs LINUX 1.2.11 -=-=-=WEB=-=-=-> http://zifi.genetics.utah.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDYyb03Qo/lG0AH5AQGhDwP/c2NmiU3IwQSAPuYyFgLG3o8Tc+8i9v7b j8+vdT9wwmBM0hMXtIya6Dnb9hHo+oyBJkL+70N44sV7gy+J6LlZQcY/dNICAdD5 lEJ67YEfKp5Mb010MljsEcwMEIhjZ/IWrhSZipg4rkfIutXCIj6iNvOtOgi9WjKW wz1j7FimJpI= =1j3L -----END PGP SIGNATURE----- From zinc at zifi.genetics.utah.edu Sat Aug 19 11:58:08 1995 From: zinc at zifi.genetics.utah.edu (zinc) Date: Sat, 19 Aug 95 11:58:08 PDT Subject: Costs of Credit Card Fraud and Brute-Force Codebreaking In-Reply-To: <9508191823.AA23991@all.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 19 Aug 1995, Dr. Frederick B. Cohen wrote: > Date: Sat, 19 Aug 1995 14:23:14 -0400 (EDT) > From: Dr. Frederick B. Cohen > To: Flame Remailer > Cc: cypherpunks at toad.com > Subject: Re: Costs of Credit Card Fraud and Brute-Force Codebreaking > > > > But you miss the costs of your time. You have to find the right > dumpster, you have to dive, you have to find the slip, you have to walk > across the street, you have to make the call. Time, as they say, is > money. For a criminal enterprise to make money, they have to not only howdy, time is not money if you're a high school student with nothing else to do. time is not money if you're a grad student. i spend approx 14 hrs or more a day in the lab seven days a week. there's no way my stipend adds up to anything close to minimum wage at that rate. the value of time is subjective. if i had a wife and a couple of kids AND i was a grad student, my time would be worth more. as it is, my time is not worth a whole lot. you're assessment that this cost our anon friend some money to obtain these cc numbers is simply not true. when you have nothing else to do, choosing one thing over another involves no cost. if anything, he made money by using the cc numbers to make long dist calls instead of using any cash he might have from working or an allowance. my $0.02, - -pjf patrick finerty = zinc at zifi.genetics.utah.edu = pfinerty at nyx.cs.du.edu U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA! ** FINGER zinc-pgp at zifi.genetics.utah.edu for pgp public key - CRYPTO! zifi runs LINUX 1.2.11 -=-=-=WEB=-=-=-> http://zifi.genetics.utah.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDY0T03Qo/lG0AH5AQEmuwP9F30sfk4PrGRqf5kqsKs1lcX67CSctU/z hJEM8a1IFpPQL+FHRfy2eRueWNa1OiuyQZN8qt8EiP93MzScEJCEomxaTKowQjQk p9cQKg2SsFmxgc4whS4Ny22x3Aw1FinB2DzlhPrDB6jLAT1cWkQrE7K85VSCcC+j AVjV0CS0ufM= =7tS0 -----END PGP SIGNATURE----- From shamrock at netcom.com Sat Aug 19 12:09:49 1995 From: shamrock at netcom.com (Lucky Green) Date: Sat, 19 Aug 95 12:09:49 PDT Subject: Cypherpunks on IRC? Message-ID: <199508191906.PAA27899@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Where do the CPs hang out on IRC? I am just giving IRC another try and there was no CP channel (There is now). Perhaps we are too busy writing code? - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDY13yoZzwIn1bdtAQHe7QF8CyJJsrUtP7RPckKwRegQ1yTUbL7wreip moqo7qqcehtE5efi4aCHPMleBU7eZNH/ =DWBj -----END PGP SIGNATURE----- From shamrock at netcom.com Sat Aug 19 12:17:13 1995 From: shamrock at netcom.com (Lucky Green) Date: Sat, 19 Aug 95 12:17:13 PDT Subject: 64 bit keys breakable by the NSA or just some random key length? Message-ID: <199508191913.PAA27964@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article , zinc at zifi.genetics.utah.edu (zinc) wrote: >why did the govt pick 64 bits? is this length still within the range >of the NSA if they really wanted to read something but didn't feel the >need or want the exposure of obtaining a key from escrow? > >i'm curious if anyone thinks this gives us a little more info on the >capabilities of the NSA regarding brute forcing a key. additionally, >since this *is* an escrow system, why didn't the gov't just go with >the unbreakable 128 bit key length? I think the obvious conclusion would be because 64bits is crackable if need be and if you have the resources the goverment has. Not for routine monitoring of undesirables, but for those special cases where they don't want to expose their activities by requesting a warrant. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDY3jSoZzwIn1bdtAQGV3gGA26/BZOnXiuMuO8IDgGCnnONVhVtL4/o1 5HVVD3Mqfjp3Sr7QJMQMrfD4JRWRphTL =evHi -----END PGP SIGNATURE----- From blane at guetech.com Sat Aug 19 12:17:33 1995 From: blane at guetech.com (Brian Lane) Date: Sat, 19 Aug 95 12:17:33 PDT Subject: Apologies Message-ID: Sorry, the group of SSL related files wasn't supposed to go to the list. Its been one of those weeks, you know? Brian ----------------------------------------------------------------------------- "A little rebellion now and then is a good thing." | PGP Key and .plan -- President Thomas Jefferson | email Subj: blane-info ============================================================================= From tcmay at got.net Sat Aug 19 12:39:55 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 19 Aug 95 12:39:55 PDT Subject: Economic Model for Key Cracking Message-ID: At 10:29 PM 8/18/95, Howard Cheng wrote: >We need to make sure that someone did do the work honestly, but I don't know >how to check this (other than doing the work yourself to confirm the results, >but this defeats the whole point of the system). Perhaps we should require >that people buy the work first, and when they report the results, they get >the money back + some profits. The "abstract protocol" that works in many economic transactions is simple: _spot checks_. That is, random samples. You don't have to do all the work yourself. "Quality Control" (QC) is based on this. The "Inspected By: Foobar" tags on manufactured items provided traceability/feedback to a manufacturer--a reputation system, if you will. Lot numbers, seals, etc. Yes, this is an obvious point, but it's interesting because the "spot check" is a kind of protocol that is almost like "cut and choose" in its crypto connotations. >Assuming everyone is honest, I am sure many people in businesses As the Great Leader once said, "Trust, but verify." There is no reason to make assumptions about honesty: just spot check the work and downgrade the reputation of anyone who slacks off or is deceitful. (This "web of distrust," in terms of black marks in reputations, is as important as the web of trust. The same, really. And yet another reason why one doesn't want government=root, as they would undoubtedly frown on anything that was "discriminatory" or "hurtful to the differently abled.") --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Sat Aug 19 12:40:00 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 19 Aug 95 12:40:00 PDT Subject: Liability for Key Cracking in Idle Hours? Message-ID: I have a feeling that many businesses will set policies to try to stop their workstations and computers from being used in key cracking attempts. They don't now, mainly because for one thing they don't even know about it, and for another thing, it would be a headache to try to administer such a ban. However, the notion that "IBM Corporation" or "Bank of America" will say "Sure, use our idle CPU time to try to crack keys!" seems farfetched. California is one jurisdiction that has made "hacking" a crime. Not clear what this means, but some construe it to mean that any attempts to break into the account of another--or crack a key--is a crime. Not tested in court, etc. But will Bank of America want to decide whether a key cracking effort is a "legitimate academic exercise" (such as the SSL Challenge was, as it involved no damage to any party) or an attempt to use their computers to break into an account or to otherwise compromise a transaction? (I am NOT saying that key-cracking = hacking, in the negative sense of "hacking," but I can certainly imagine cases where it would be. And when Microsoft Network comes out, soon, I think a lot of people will want to poke holes in its security, as we've already seen a bit of. Corporations will not likely take kindly to being involved in something like this.) Thus, I expect something in between the extremes: -- corporations fear liability and will not openly encourage this, even to make a few extra bucks (and it's not at all clear how such bucks would be made, or if big companies would give a rat's ass about earning a few dollars a night....) -- but people with access to these machines will continue to use them for key cracking, factoring, etc. challenges. Could I be wrong in this? Sure. Maybe companies will not care. I doubt this, though. Damien may be able to tell us if Ecole Polytechnique has raised any questions about his highly-publicized attack on the SSL Challenge key. I will _speculate_ that the normally-security-conscious French are considering policies against this. After all, this is one of the countries that bans private possession of strong crypto. (Or, as a French computer scientist told me recently, "Sure, one can apply for a license for crypto...the procedure is the same as applying for a license for your own private Exocet missile.") --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jya at pipeline.com Sat Aug 19 12:59:56 1995 From: jya at pipeline.com (John Young) Date: Sat, 19 Aug 95 12:59:56 PDT Subject: DAM_lyz Message-ID: <199508191959.PAA08294@pipe4.nyc.pipeline.com> Information Week of August 28 has a cover story on "Internet Theft." It sees security threats in "freeware public-key encryption algorithms and anonymous remailer programs." BlackNet is red-flagged. Laggard law is cited. "This is where all the crime will be in the 21st century," says Joseph Seanor, a federal government intelligence veteran. "Law enforcement officials are trying to get a handle on it, but they really can't stop it." Seanor adds, "When it comes to technology, criminals always seem to be one step ahead of law enforcement." If you can't steal the damthing: DAM_lyz From mfroomki at umiami.ir.miami.edu Sat Aug 19 13:07:45 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Sat, 19 Aug 95 13:07:45 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: <9508191818.AA22531@sulphur.osf.org> Message-ID: But this is precisely the issue: what does the *certificate* get any of these people that a simple digital signature does not provide? On Sat, 19 Aug 1995, Rich Salz wrote: > I think there are many people who might be willing to use an > "anon CA" should it exist: > Whistleblowers, perhaps Deep Throat would have used email > People writing letters to the editor who don't want to trust > the editor to withhold their info > People who desire anonymyity yet don't want to trust the gov't > to certify their communications as authentic/forged > (Unabomber, Om Shin-rkyo) > Any number of writers who have used psuedonyms and now want to > get paid in ecash; Mark Twain? > A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm From mch at squirrel.com Sat Aug 19 13:19:04 1995 From: mch at squirrel.com (Mark C. Henderson) Date: Sat, 19 Aug 95 13:19:04 PDT Subject: So, NSA can break 64-bit keys In-Reply-To: <199508191040.GAA20763@panix.com> Message-ID: <9508191318.TE26772@squirrel.com> On Aug 19, 6:40, Duncan Frissell wrote: > I guess this means no source code. Are there any software encryption > systems that can't be modified after the fact? Undoubtedly, they'll set things up so that if one modifies the software to break the escrow feature, one won't be able to interoperate with "legitimate" users (i.e. those who haven't disabled the escrow feature). -- Mark Henderson -- markh at wimsey.bc.ca, henderso at netcom.com, mch at squirrel.com PGP 1024/C58015E3 fingerprint=21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 cryptography archive maintainer -- ftp://ftp.wimsey.com/pub/crypto ftp://ftp.netcom.com/pub/he/henderso/change-sun-hostid-1.4.8.tar.gz From iagoldbe at calum.csclub.uwaterloo.ca Sat Aug 19 13:42:32 1995 From: iagoldbe at calum.csclub.uwaterloo.ca (Ian Goldberg) Date: Sat, 19 Aug 95 13:42:32 PDT Subject: SSL Challenge #2 Message-ID: <199508192042.QAA29044@calum.csclub.uwaterloo.ca> Is there a standard way we're supposed to get together to divvy up the keyspace? Not knowing of any, I'll just announce that I'm working on those keys that start with "a", from 0xafffffffff down to 0xa000000000. I seem to be getting about 200000 to 400000 keys/sec, so it should take about another 2 days (assuming the machines stay up that long...). If anyone wants to join in, feel free. Get original source from http://pauillac.inria.fr/~doligez/ssl/slave.c (Damien's code), and patch it with the diff at the bottom. Note: I don't think there's any crypto in the diff, and the rest of the sources are in France, so this should be OK with the spooks. But you never know... Compile the patched source on anything you can get, and run ./slave -t -d csclub.uwaterloo.ca 9114 The IP is 129.97.134.11 if you need it. You can add -v or -V for more verbosity, and -n num if you have num processors. - Ian "REALLY hoping I didn't screw up the code..." --- dist/slave.c Thu Aug 17 15:19:52 1995 +++ slave.c Sat Aug 19 13:54:25 1995 @@ -297,18 +297,18 @@ register int i; /* set up the block of data */ -#define x0 0xb894890e -#define x1 0x2eb90ebf - x2 = 0x00074450 + ((~stpoint << 4) & 0xff000000); -#define x4 0xa784af30 -#define x5 0x6913f879 -#define x6 0x539b2520 -#define x7 0x75ae60a0 -#define x8 0x90ebbf51 -#define x9 0xe10c2cf8 -#define x10 0x11ac18ea -#define x11 0x2114834c -#define x12 0x000080b6 +#define x0 0x9109c0fb +#define x1 0x15a61060 + x2 = 0x00368f3f + ((~stpoint << 4) & 0xff000000); +#define x4 0x7bea0730 +#define x5 0x61eb659d +#define x6 0x7441bbfa +#define x7 0x5f3a45e8 +#define x8 0x38e6d5c6 +#define x9 0xa1a88cd6 +#define x10 0xf82ecaae +#define x11 0x0296e2c8 +#define x12 0x000080a4 #define x13 0x00000000 #define x14 0x00000188 #define x15 0x00000000 @@ -506,7 +506,7 @@ int w; strcpy (progname, "worker"); - nice (40); + nice (5); while (1){ sock = open_socket (); if (sock == -1){ @@ -547,7 +547,11 @@ Verb1 ("SIGCHLD received\n"); while (1){ +#if 0 pid = wait3 ((void *) &chldstat, WNOHANG, NULL); +#else + pid = waitpid ((pid_t)-1, (void *) &chldstat, WNOHANG); +#endif if (pid <= 0) break; Verb2 ("got child: %ld\n", pid); for (i = 0; i < nproc; i++){ @@ -610,6 +614,7 @@ } } if (!ignore_ttys){ /* then look at ttys */ +#if 0 d = opendir ("/dev"); if (d == NULL) fatal ("opendir"); while (1){ @@ -629,6 +634,7 @@ } } if (errno) fatal ("readdir"); +#endif } } @@ -901,7 +907,7 @@ if (entry == NULL) fatal ("gethostbyname"); memcpy (&serverhost, entry, sizeof (serverhost)); - sanity_check (); + /* sanity_check (); */ speed_test (); init_devices (); supervisor (); From jya at pipeline.com Sat Aug 19 13:43:44 1995 From: jya at pipeline.com (John Young) Date: Sat, 19 Aug 95 13:43:44 PDT Subject: Spooks and Hackers Inc Message-ID: <199508192043.QAA11639@pipe4.nyc.pipeline.com> Eye-catching quote in the Info Week story on Internet theft: Another threat is the growing number of information brokers who use online communications to match buyers and sellers. An increasing number of these brokers -- many of whom are former government intelligence employees in the United States and Eastern Europe -- work closely with hackers dealing in illicit data. "The biggest security problem organizations face today is information brokers," says Dan White, national director of information security at Ernst & Young in Chicago. "Since the end of the Cold War there have been a lot of people trained in espionage who don't have a lot to do." From stripes at va.pubnix.com Sat Aug 19 14:04:00 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Sat, 19 Aug 95 14:04:00 PDT Subject: Liability for Key Cracking via Java scripts? In-Reply-To: Message-ID: Tim May's post got me thinking... Assume that Java became "trusted" by most people on the Internet. (Java is a safe subset of the Oak language, it can be intrpereted, or compiled. One of the proposed uses is to embed it in Web browsers. The compiled form is roughly as fast as C++ code.) Assume that there is some sort of secure low transaction cost fund tranfer system is available. I beleve that's all the technology you need for selling idle CPU cycles. Would it take off? Raytracing (and other types of rendering) and key cracking are the only two uses I can think of off the top of my head (you need a relitavly low amount of communication between processes, the ability to survive some results never coming back (and coming back out-of-order), and preferabbly the script and data it works on need to be smallish) Then I thought some more... if Java really does get embeded in web browsers (Netscape announced that they were going to do it... it is somewhere on their press release page), what's to prevent the Java anamited icon widget things from doing more then just animating the dancing stick figure? What if it cracks keys while dancing? I think Java "applets" are allowed to make some form of IP connections, if they are what's the liability for _inadvertant_ key cracking? From Chris.Claborne at SanDiegoCA.ATTGIS.COM Sat Aug 19 14:31:12 1995 From: Chris.Claborne at SanDiegoCA.ATTGIS.COM (Chris Claborne) Date: Sat, 19 Aug 95 14:31:12 PDT Subject: 64 bit keys breakable by the NSA or just some random key length? Message-ID: <9508191730.aa02322@ncrhub1.ATTGIS.COM> At 12:51 PM 8/19/95 -0600, zinc wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >cpunks, > >i was thinking about the recent Clinton/LEA proposal regarding exportable >crypto. the new rules would allow 64 bit keys to be exported, as long >as the master key was made available through some key escrow service. [good stuff deleted] >since this *is* an escrow system, why didn't the gov't just go with >the unbreakable 128 bit key length? This is the kicker! If what I heard is true, anyone can escrow the keys under this new plan. We know that the govt has no problem breaking it's one rules by saying the magic words "matter of national security", so why don't they require the keys be held by the govt? ... You know they can break it. ... I guess they assume the middle american will buy it! Just kills me. ... __o .. -\<, Chris.Claborne at SanDiegoCA.ATTGIS.Com ...(*)/(*). CI$: 76340.2422 http://bordeaux.sandiegoca.attgis.com/ PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. PGP-encrypted e-mail welcome! From Chris.Claborne at SanDiegoCA.ATTGIS.COM Sat Aug 19 14:39:42 1995 From: Chris.Claborne at SanDiegoCA.ATTGIS.COM (Chris Claborne) Date: Sat, 19 Aug 95 14:39:42 PDT Subject: The Official Cypherpunks Screen Saver? Message-ID: <9508191738.ab02416@ncrhub1.ATTGIS.COM> At 11:49 AM 8/17/95 -0700, you wrote: >At 5:11 PM 8/17/95, Jim Gillogly wrote: > >>I would hazard a guess that 90% of the compute cycles in the world are used >>running screen savers... this gives a of slack for people who would >>like to harness them to perform productive work like making points about >>the strength of security. > >It would really be cool to have a screen saver that did useful work while >displaying pretty pictures. > >Imagine a screen saver, maybe with code modules running in "After Dark," >that updates the screen with keys tried...could be a nice demonstration of With the strength of today's NT workstations (Multi-processor pentium and Alpha chips) this would be a great idea. Every NT workstation ships with a screen saver built in. I'd use that one. Too much fun! ... __o .. -\<, Chris.Claborne at SanDiegoCA.ATTGIS.Com ...(*)/(*). CI$: 76340.2422 http://bordeaux.sandiegoca.attgis.com/ PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. PGP-encrypted e-mail welcome! From sdavidm at iconz.co.nz Sat Aug 19 14:45:22 1995 From: sdavidm at iconz.co.nz (David Murray slIP) Date: Sat, 19 Aug 95 14:45:22 PDT Subject: The greater socio-economic good Message-ID: <199508192145.JAA09259@iconz.co.nz> I came acreossoss this in the july Law UPdate of Phillips Fox, an Auastralasionan law firm. This edition was entitled 'Your money or your E-cash', and hasd a section entitled 'Privacy' which said/says: At the moment, your cahsh transactions cannot be recorded in the same way as your cheque, credit cards or Eftpos spending. This means that your cash spending cannot be readily traced, checked, investigated or analysed. The big excitement for banks, marketing consultants and governments is being able to do all these things. On the other hand, toatally untraceable e-cash will enable huge amounts of money to be moved (laundered) outside the bankiongng systyeem. Consumers will need to make a decision whether they want untraceable e-cash, or to contribute to the greater socio-economic good. I think they're being serious? DM From cdaemon at goblin.punk.net Sat Aug 19 15:45:23 1995 From: cdaemon at goblin.punk.net (Checkered Daemon) Date: Sat, 19 Aug 95 15:45:23 PDT Subject: SSL Challenge #2 In-Reply-To: <199508192042.QAA29044@calum.csclub.uwaterloo.ca> Message-ID: <199508192242.PAA18690@goblin.punk.net> -----BEGIN PGP SIGNED MESSAGE----- >Is there a standard way we're supposed to get together to divvy up the >keyspace? Not knowing of any, I'll just announce that I'm working >on those keys that start with "a", from 0xafffffffff down to 0xa000000000. Thought the idea was to demonstrate how FAST we could all do this together, rather than how SOON. 'Course, I could be wrong ... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDZoYYQO/w1Q7FIdAQG9FQP/ed4ZZrL5L1drbLb7pYGoxdSoL3GJ3m09 nxq3IK82ItCftC5l5/AlU324DpeSr4ZyXFTs0SrfpqGaX4EqDTqac40MWSjCpIGG 8+ROsVFx4sJJJwBeXgy0yIJU3hh67I/fT2DUhqJXtxB5yroHF8X2go51rVLFNmwd lNI8v42bWvw= =vokW -----END PGP SIGNATURE----- -- The Checkered Daemon cdaemon at goblin.punk.net From Richard.Johnson at Colorado.EDU Sat Aug 19 16:19:59 1995 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Sat, 19 Aug 95 16:19:59 PDT Subject: Certificates/Anonymity/Policy/True Names Message-ID: The certificate gets their messages into systems that demand a certification, whether for transport or display. >But this is precisely the issue: what does the *certificate* get any of >these people that a simple digital signature does not provide? > >On Sat, 19 Aug 1995, Rich Salz wrote: > >> I think there are many people who might be willing to use an >> "anon CA" should it exist: >> Whistleblowers, perhaps Deep Throat would have used email >> People writing letters to the editor who don't want to trust >> the editor to withhold their info >> People who desire anonymyity yet don't want to trust the gov't >> to certify their communications as authentic/forged >> (Unabomber, Om Shin-rkyo) >> Any number of writers who have used psuedonyms and now want to >> get paid in ecash; Mark Twain? >> From abacard at well.com Sat Aug 19 16:24:55 1995 From: abacard at well.com (Andre Bacard) Date: Sat, 19 Aug 95 16:24:55 PDT Subject: EFF, Mike Godwin, Cliff Stoll Message-ID: <199508192318.QAA27920@well.com> *** PLEASE REDISTRIBUTE FREELY *** Hello CyberFolks, Wednesday, August 16th BayFF (Bay Area Chapter of EFF) held a meeting in San Francisco with speakers Mike Godwin and Cliff Stoll. Attached are a few notes for those of you who missed the opportunity to attend. See you in the future, Andre Bacard ====================================================================== abacard at well.com Bacard wrote "The Computer Privacy Stanford, California Handbook" [Intro by Mitchell Kapor]. http://www.well.com/user/abacard Published by Peachpit Press, (800) Enjoy your privacy... 283-9444, ISBN # 1-56609-171-3. ======================================================================= Notes from the BayFF Semi-Underground Authorized by Andre Bacard Wednesday, August 16, 1995, I found myself cruising through Golden Gate Park. Suddenly I swerved into the right lane and shouted "Eureka." For those who don't know, Eureka is the California state motto which, in the tradition of the Gold Rush, means "I found it!" In San Francisco IT means a parking place. Feeling euphoric about my good fortune, I started the short walk long on memories towards the Haight-Ashbury district. It was delightful and fogless. The salty air was cool. The smell of grass (the type that city gardener's mow) was fresh. Passing a guitarist, I thought of the Grateful Dead's Jerry Garcia, recently deceased. My mind flashed back twenty-five years ago when I first visited Haight-Ashbury. Twenty- five years ago at the dawn of the Computer Age... So many silicon chips under the bridge... I thought of all the people in the Haight mourning Garcia and donating to the Haight-Ashbury Free Clinic in Garcia's memory. I flashed back upon my first meeting with John Perry Barlow, lyricist for the Grateful Dead and co-founder of EFF. That meeting helped inspire me to write COMPUTER PRIVACY HANDBOOK. Such were a few of the images that danced through my mind as I entered the Cole & Page Street Public Library... It was appropriate to be attending an EFF meeting. John Gilmore, EFF Board Member, was the first person I saw. Gilmore reminds me of a lean Chesire cat. He has a mischievous smile as if to say, "You won't believe what just happened." Maybe we'll never discover what just happened with John, since he's so much into crypto. In any case, Gilmore introduced Mike Godwin as "The first lawyer in Cyberspace and EFF's first employee." Mike Godwin ("a cool guy who survived law school with his personality intact" according to an anonymous EFF publicist) spoke for 90 minutes about how to deal with reporters and, more specifically, about his role in trying to correct the damage done to cyberspace by TIME's infamous "CyberPorn" cover story. Godwin detailed many flaws in Carnegie Mellon University undergraduate Mr. Rimm's study of cyberporn that led to the "CyberPorn" piece. Godwin said of Rimm's paper: "It's as if you surveyed the bookstores in Times Square in Manhattan and generalized to all bookstores in America." Cliff Stoll ("a wild and crazy guy with interesting hair" according to the same anonymous EFF publicist) is the author of the best-selling book SILICON SNAKE OIL. Stoll personifies the eccentric heritage of the San Francisco counter-culture. With lots of humor and drama, Stoll presented a critical view of the Internet. "The Internet is a perfect diversion from learning" and "The Internet opens many doors that lead to empty rooms" were two of his many memorable lines. Stoll noted that wisdom and experience play little role in the Computer Cult (i.e., all the Hype surrounding the Information Superhighway). The EFF events that I've attended at WIRED's office in the San Francisco Mission District and last night are well worth the hassle of hunting down a parking place. To learn more about future monthly BayFF meetings, send this e-mail: To: listserv at eff.org Subject: [ignore] subscribe BayFF See you at future events, Andre Bacard P.S. I'm the guy with the fedora hat who people mistake for Indiana Jones. From bdolan at use.usit.net Sat Aug 19 18:11:31 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Sat, 19 Aug 95 18:11:31 PDT Subject: Spooks and Hackers, etc. Message-ID: ---------- Forwarded message ---------- Subject: Internet Police According to an AP story, Wisconsin Attorney General James Doyle says that police must monitor the Internet to stop child porn, drug trafficking, and fraud. "We need to see that police are surfing the Internet just as other people are," Doyle said. "This is a good example of where the law is slower than technology." Doyle made his comments in a speech to the Wisconsin Chiefs of Police Association Conference. From jcaldwel at iquest.net Sat Aug 19 18:24:02 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Sat, 19 Aug 95 18:24:02 PDT Subject: Export policy change In-Reply-To: Message-ID: In article , David Neal wrote: -=}On Fri, 18 Aug 1995, David K. Merriman wrote: -=}> I will cheerfully escrow keys for 1$ ecash/key. Please be advised, however, -=}> that key storage will be on an old 40M RLL drive on an 8088 machine, so -=}> retrieval may be a bit slow and unreliable....... -=}Same here -- I have an original Compaq "Sewing Machine" Portable with -=}a 40MB hard card. Of course the HD sticks and needs a good whacking -=}sometimes, and the last floppy came out of the drive smoking and -=}covered in grease. (You DO have a 5 1/4" 360K floppy don't you?) -=} -=}My service, however is $2. That's because all keys are encrypted against -=}my key, which is unfortunately escrowed with the fellow listed above. -=} -=}Sorry about having to pass along the extra costs. :-) I'll escrow my key with David, encrypt yours with it then print it out and store it in a secure filing cabinet in the salt mines near detroit. I'll need to charge $3.00 per key, overhead you know. From merriman at arn.net Sat Aug 19 19:16:18 1995 From: merriman at arn.net (David K. Merriman) Date: Sat, 19 Aug 95 19:16:18 PDT Subject: Costs of Credit Card Fraud and Brute-Force Codebreaking Message-ID: <199508200224.VAA11815@arnet.arn.net> -----BEGIN PGP SIGNED MESSAGE----- >you're assessment that this cost our anon friend some money to obtain >these cc numbers is simply not true. when you have nothing else to do, >choosing one thing over another involves no cost. if anything, he made >money by using the cc numbers to make long dist calls instead of using >any cash he might have from working or an allowance. > >my $0.02, > There's also the factor that the dumpster diver is - if s/he continues the practise in a certain area - going to learn which dumpsters are more likely to contain valuta, thus reducing the 'overhead'. My ha'penny :-) Dave Merriman -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDZ9h8VrTvyYOzAZAQGQvgP+L/Zq5BChW1Y3ZkN5N0XCe2fw/QbWrgtt 2/6Mxdpg96ureHYfaPaxDTxstCC9pTyD6lrOqkCeu5/Pr/GZ8FFPRzPOx1xDdqmO iufGGeUzRqcTcqRjOFBkBJ9GcZLgsZ3FZ4XtCCwQZ7w5aumBnA8xvfoP7DgCRrp1 55noMpWFwmk= =g27w -----END PGP SIGNATURE----- This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From usura at replay.com Sat Aug 19 20:05:41 1995 From: usura at replay.com (Alex de Joode) Date: Sat, 19 Aug 95 20:05:41 PDT Subject: Spooks and Hackers, etc. Message-ID: <199508200305.AA18530@xs1.xs4all.nl> Brad Dolan sez: : ---------- Forwarded message ---------- : Subject: Internet Police : According to an AP story, Wisconsin Attorney General James Doyle says that : police must monitor the Internet to stop child porn, drug trafficking, and : fraud. : "We need to see that police are surfing the Internet just as other people : are," Doyle said. "This is a good example of where the law is slower than : technology." "Stop Wisconsin Internet Police" "Your'e speeding" "Get Lost" "Get Real" -- Alex de Joode Fear Uncertainty Confusion and Kaos, Inc. From poodge at econ.Berkeley.EDU Sat Aug 19 21:33:12 1995 From: poodge at econ.Berkeley.EDU (Sam Quigley) Date: Sat, 19 Aug 95 21:33:12 PDT Subject: Economic Model for Key Cracking In-Reply-To: <199508190800.BAA26793@ix9.ix.netcom.com> Message-ID: <199508200433.VAA07070@quesnay.Berkeley.EDU> >>>>> "Bill" == Bill Stewart writes: > Alternatively, you could do a model where everybody gets paid, > but only after the answer is found, which discourages scammers > (since they don't get paid if they lie about searching the range > that has the real key.) If a Bad Guy lies about the key not > being in his range, people do have an incentive to look for it > if the first pass fails, and have an incentive to finger him if > they do find the key on a later pass. But the scammer who has done his or her math homework will recognize that it's reasonably unlikely that his or her assigned range contains the true key (depending, of course, on the size of the assigned range...). Thus, on the average, if everyone gets paid, a scammer will make money by not actually searching the range assigned (perhaps actually using the CPU time on a different key search). I think it'd also be important to reward those who throw more compute power at the task more than those who just sic a desktop on the job. This is handled elegantly by the first method -- the person who dedicates some giant supercomputer to the task is that much more likely to find the key and be rewarded... -sq From monty.harder at famend.com Sat Aug 19 21:53:55 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Sat, 19 Aug 95 21:53:55 PDT Subject: Certificates/Anonymity/Policy/True Names Message-ID: <8AF7577.0003000342.uuout@famend.com> TC> This happens all the time, though "I am not a lawyer," in disputes about TC> whether a contract was signed properly, about whether the signer had the TC> right authority, etc. And it is apparently not necessary to have the TC> "state" establish itself, for example, as the keeper of signatures. But the state does establish Notaries Public, and courts put special credence in the validity of signatures witnessed by them. Which is to be expected, of course, having the King's X being good in the King's courts. I don't see this as an either/or binary at all. To me, the natural thing to do is for a person who is already a Notary under the laws of a state to offer digital notary services. I would expect the State of California or Commonwealth of Massachussets to have the Secretary of State's office (or whoever is in charge of Notary Credentials there) to digitally sign the public keys of any Notaries commissioned thereby. In fact, I would like to see provision made for a digital signature to have an expiration date included, so that the SoS office could have its signature on a key set to expire along with the Notary's commission. Thus the existing state framework for verification of identity and consent on contracts is extended into the electronic sphere seamlessly. None of which prevents you or I from doing business without the services of the Royal Notary. * ZenCrafters - Total Enlightenment in about an hour --- * Monster at FAmend.Com * From rugosa at escape.com Sat Aug 19 23:41:05 1995 From: rugosa at escape.com (rosaphil) Date: Sat, 19 Aug 95 23:41:05 PDT Subject: Red Shift In-Reply-To: <199508190140.DAA01774@utopia.hacktic.nl> Message-ID: any mericans involved? could somoen please post the jeapordy questions posed in the game played at cybercon? also, anyhone know how to hack axxess passwords? just curios? (Better Living Thru Better Living) *************************************************************************** * SNAIL ME + GABRIELLI'S *ZINFANDEL* (RED) & * * YER ROSEHIPS + * * IF YOU LIKED THIS POST! + *ASCENZA* (WHITE-BLEND)---YUMMY! * *************************************************************************** [Ask Fer *Gabrielli Wine* at yer local liquor store if'n ya want to tend yer rugosa] Let your voice be heard in the campaign to save the life of Mumia Abu Jamal ++++ stop de execution of Mumia Abu-Jamal ++++ ++++ if you agree copy these 3 sentences in your own sig ++++ ++++ more info: http://www.xs4all.nl/tank/spg-l/sigaction.htm ++++ From shamrock at netcom.com Sat Aug 19 23:42:50 1995 From: shamrock at netcom.com (Lucky Green) Date: Sat, 19 Aug 95 23:42:50 PDT Subject: Netscape to copyright URLs? Message-ID: <199508200639.CAA03066@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Today's surf of Netscape's home page yielded an interesting question. Is Netscape trying to licence links to their products? To me http://home.netscape.com/comprod/mirror/netscape_now_program.html seems to suggest tha you can only display certain logos and info if you are licensed by Netscape. You could for example not put up a link to their "Download Netscape NOW" page without prior approval by Netscape. This seems to be a new development on the web. Since when does one need a license to include certain URLs in one's home page? Comments? - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDbYcCoZzwIn1bdtAQHE1gF/WoY8jEAv16lL1pGylJKp4MZnVsKYRfMe SzgQcpGouFnT6Ij+zwlS7dkuudQIJyvX =b88z -----END PGP SIGNATURE----- From shamrock at netcom.com Sat Aug 19 23:51:07 1995 From: shamrock at netcom.com (Lucky Green) Date: Sat, 19 Aug 95 23:51:07 PDT Subject: Would it be legal for a foreign site to carry Netscape? Message-ID: <199508200647.CAA03141@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- If someone would export the full 128 bit version of Netscape, would it be legal to make it available on a foreign site? After all, Netscape is a copyrighted product. TIA, - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDbaNioZzwIn1bdtAQEb/gF+JJ9e3FqwEwIboLX7ISW6X4QWjcO6QCkt gMuEghppSrv2G2sPmzyDzOoweTlglfi/ =Y7nR -----END PGP SIGNATURE----- From ghio at cmu.edu Sun Aug 20 07:50:27 1995 From: ghio at cmu.edu (Matthew Ghio) Date: Sun, 20 Aug 95 07:50:27 PDT Subject: Would it be legal for a foreign site to carry Netscape? In-Reply-To: <199508200647.CAA03141@bb.hks.net> Message-ID: Lucky Green asked: > If someone would export the full 128 bit version of Netscape, would > it be legal to make it available on a foreign site? After all, Netscape > is a copyrighted product. It would depend on what the license agreement said. But why not just write a wrapper which strips out the 88 bits of plaintext key? (A "leaf blower" if you like:) If you could get the author of slirp to include it in his distribution, it would definately get used. All you would have to say is "This is a patch to ensure that netscape encryption is properly secure when using slirp, and here are the diffs..." From harveyrj at vt.edu Sun Aug 20 08:11:41 1995 From: harveyrj at vt.edu (R. J. Harvey) Date: Sun, 20 Aug 95 08:11:41 PDT Subject: Netscape to copyright URLs? Message-ID: <9508201511.AA06361@toad.com> At 02:39 AM 8/20/95 -0400, Lucky Green wrote: >Today's surf of Netscape's home page yielded an interesting question. Is >Netscape trying to licence links to their products? To me >http://home.netscape.com/comprod/mirror/netscape_now_program.html seems to >suggest tha you can only display certain logos and info if you are >licensed by Netscape. You could for example not put up a link to their >"Download Netscape NOW" page without prior approval by Netscape. > >This seems to be a new development on the web. Since when does one need a >license to include certain URLs in one's home page? > >Comments? > My reading of that page suggests a somewhat different motive and interpretation: what they seem to be doing is copying the Microsoft approach with respect to setting criteria that must be met before you can use their logo on your page/product. It doesn't prohibit putting links to their download page; it just prohibits using their "Netscape Now!" logo without their permission. Note the criteria for being allowed to use their logo: you have to design your server to break with the current "standards" (e.g., CGI) and embrace Netscape's extensions (e.g., backgrounds; client pull/server push, SSL encrypted transactions), which they would like to foist on us as the new "standard." Essentially, they want us to help them create the perception that if you don't show the "Netscape Now!" flag (didn't Nixon have a similar slogan?) on your page, that you're just not a high- quality operation. Or maybe they're trying to change the subject from the unfortunate publicity from the success of SSL Challenge... rj ------------------------------------------------------------ R. J. Harvey email: harveyrj at vt.edu WWW for job analysis/personality: http://harvey.psyc.vt.edu/ PGP key at http://harvey.psyc.vt.edu/RJsPGPkey.txt From Andrew.Spring at ping.be Sun Aug 20 09:27:56 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Sun, 20 Aug 95 09:27:56 PDT Subject: NSA into antigravity? Message-ID: : >> >>On July 19, Gerald Ollman and Robert Wayne, two researchers from the >>University of Maryland geophysics department were detained in Fort Meade, >>Maryland, apparently by agents of the National Security Agency, whilst >>taking measurements of the Earth's gravitational field. After 18 hours of >>questioning, they were released after being instructed not to discuss the >>incident. Their equipment and results were not returned. >> >>Neither the University nor the NSA has commented on the incident. However, >>it is believed that Ollman and Wayne were investigating a slight anomaly >>in the Earth's gravitational field centered around Fort Meade. No reason has >>been given for their detention. Missile targeting software depends on good models of the earth's gravity for accuracy, both for design and for simulation purposes. Since Ft. Meade was doubtless the target of many nukes during the cold war (and probably still is), that may account for them having a bug up their asses on the subject. 'Course you know the NSA; the world's largest employer of mathematicians, the largest purchaser of computer hardware, and the largest consumer of Thorazine. -- Thank you VERY much! You'll be getting a Handsome Simulfax Copy of your OWN words in the mail soon (and My Reply). PGP Print: 0529 C9AF 613E 9E49 378E 54CD E232 DF96 Thank you for question, exit left to Funway. From bdolan at use.usit.net Sun Aug 20 10:03:33 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Sun, 20 Aug 95 10:03:33 PDT Subject: MSN hackers heaven (fwd) Message-ID: ---------- Forwarded message ---------- Subject: The MSN is Hacker Heavan As most of us are aware, the commercial online services, such as AOL, Compuserve and Prodigy, represent certain risk to the unsophisticated user. Unfortunately, the Microsoft Network (MSN) raises the vulnerability of such users to unprecedented heights. Key to this vulnerability is the richness and complexity of the MSN/Windows 95 environment. What is most dangerous is the ability for the author of an e-mail or (certain) BBS documents to embed "objects" in that document. These objects can be readily disquised to appear totally benign to the casual user and be nothing more than MSN navigational aids. Once double-clicked by the recipient, these objects can readily infect the recipient's PC with a virus. Worse, what this object could do is only limited by one's imagination. It is worthwhile noting that MSN appears to be migrating to an open architecture, with the MSN user connecting through the Internet. If this is true, there is nothing which prevents an object, once activated, from transmitting information stored on the user's PC to any other location on the Internet. In theory, embedded objects can be interrogated to ensure their validity. Unfortunately, this interrogation process is not likely to be carried out by the average user. Even if it is, the user is not likely to understand what they are looking at. It is like warning automobile drivers to look under the hood of their car before starting it to make sure there is not a bomb inside. Most drivers would assume that the odds were with them. Those that did check would have no idea what they were looking at. (At least that's my feeling when I look under the hood of my car :-). Microsoft's position appears to be that the MSN user is no more vulnerable than one who uses a competing system. I would maintain that this position is just not true. With system complexity comes excessive vulnerability. MSN rates a 9 in complexity. The other services a 4. The bottom line: Users of MSN are placing themselves at significant risk. If one must use MSN, avoid at all cost activating (double-clicking) objects in e-mail messages and BBS posts. Sophisticated users may think they know what they are doing, but it probably won't be long before they are outwitted by someone who figures out how to totally disguise an object's true purpose. From sandfort at crl.com Sun Aug 20 10:51:44 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 20 Aug 95 10:51:44 PDT Subject: NSA into antigravity? In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sun, 20 Aug 1995, Andrew Spring wrote: > Missile targeting software depends on good models of the earth's gravity > for accuracy, both for design and for simulation purposes. . . Not so much a model as an exact map of earth's gravity field. Twenty years ago, I was friends with a scientist who had worked for the US government some years before that. He sailed around the North Atlantic in a ship that contained extremely sensitive gravity measuring devices. He was mapping masscons on the ocean floor so that their effect on intercontinental ballistic missiles could be taken into account when targetting the missiles. The equipment was sensitive enough to measure the gravity gradient between sea level and altitude of a meter or two. Since the ship on which he sailed regularly experienced swells of that magnitude or greater, other equipment was used to measure the swells and to mathematically cancel out their effect. Cool. I can see why the folks at Ft. Meade would be hinkie about such measurements being made around them. No need to hypothisize micro-singularities or anti-gravity experiments. Occam's Razor in action. S a n d y Who must secretly work for the NSA's disinformation department. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From perry at piermont.com Sun Aug 20 11:58:23 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 20 Aug 95 11:58:23 PDT Subject: NSA into antigravity? In-Reply-To: Message-ID: <199508201857.OAA03000@frankenstein.piermont.com> Andrew Spring writes: > Missile targeting software depends on good models of the earth's gravity > for accuracy, both for design and for simulation purposes. Since Ft. Meade > was doubtless the target of many nukes during the cold war (and probably > still is), that may account for them having a bug up their asses on the > subject. More likely if you were working for the NSA and some people were driving about your place with expensive electronic monitoring equipment you would get nervous, too, until you knew precisely what they were doing. .pm From shamrock at netcom.com Sun Aug 20 12:13:42 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 20 Aug 95 12:13:42 PDT Subject: A glance at the future of missing child identification Message-ID: <199508201909.PAA07003@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- We all read the stories. "Infant stolen from crib in Hospital", "Thousands of children abducted every year". Many parents would jump at the anything that might increase the chance of recovering their children should they be abducted. Just take a look at lines during "Child Fingerprint Days" at you local mall. The solution? Transponder implants at birth. Modern transponders can be injected into an infant where they grow into the tissue, unable to be removed without major surgery. If schools make implants a requirenment, such as vaccinations are today, children can be routinely scanned when entering kindergarden. Later in life, the same transponders can be used to verify legal age for obtaining a driver license or purchasing alcohol. The transpoders also provide ID for the ATMs and credit card termials of the future. No criminal can loot your account. You can leave the ATM card at home. How convenient! How do you prevent the dead from voting? Simple. One transponder, one vote. Even better, childmolesters, individuals out on bail or parole, and other "security risks" can be similarily tagged to prevent escape from US jurisdiction. A combination metal detector/scanner for airport and border use is just one of the obvious ideas to increase the value of this technology. For an example of such a transponder see http://www.dfw.net/~tqg/eid/tx1400l.html I predict that you will see the first such implants in children within five years. An enterprising Cypherpunk who has become disillusiond that the statists can be stopped could make a fortune by offering a "Children's Safety Identification Service." Any idea if offering such a service would require an M.D. or only a R.N.? Perhaps even a cosmetology licesnse would suffice, since "body piercers" do similar insertions every day. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDeIayoZzwIn1bdtAQFo3QGAzU13qIy4qIeKQ7F13JtmnRE4Oo4AsXpt RktLZfE/8K8EauRuisl/MxU23oMkTgD0 =Vm+o -----END PGP SIGNATURE----- From alano at teleport.com Sun Aug 20 12:19:48 1995 From: alano at teleport.com (Alan Olsen) Date: Sun, 20 Aug 95 12:19:48 PDT Subject: MSN hackers heaven (fwd) Message-ID: <199508201919.MAA20699@desiree.teleport.com> >The bottom line: Users of MSN are placing themselves at significant risk. >If one must use MSN, avoid at all cost activating (double-clicking) objects >in e-mail messages and BBS posts. Sophisticated users may think they know >what they are doing, but it probably won't be long before they are outwitted >by someone who figures out how to totally disguise an object's true purpose. It it just Microsoft's way of guaranteeing "good times" for all. ];> (Its a cheap shot, but someone has to take it.) | What mime type is Marcell Marceu? | alano at teleport.com | |"Would you rather be tortured by the government | Disclaimer: | |forces or the people's liberation army?" -mklprc | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From tcmay at got.net Sun Aug 20 12:58:17 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 20 Aug 95 12:58:17 PDT Subject: NSA into antigravity? Message-ID: (No, I see no relevance for "coding in C," but even critics of "off-topic" posts have commented on this, so I will too, especially as how physics was my old career and in 1974 I interviewed with a Santa Barbara company doing ICBM geogravitic trajectory work.) At 5:50 PM 8/20/95, Sandy Sandfort wrote: >I can see why the folks at Ft. Meade would be hinkie about such >measurements being made around them. No need to hypothisize >micro-singularities or anti-gravity experiments. Occam's Razor >in action. I can't. At least not with regard to microgravity measurements. If you mean missile trajectory stuff, this is extremely implausible. A missile targetted at Fort Meade is not going to be deflected by more than a few centimeters (if that much) by nearby variations...the missile is moving very fast and there's little "integration time" for slight errors in trajectory to build up. (Also, but related to this, the closing trajectory is near vertical, so it's doubly hard to imagine local g-field anomalies affecting the point of impact.) As to what the folks were doing with their equipment, I have no idea. Maybe measuring water tables in and around the Chesapeake Bay (only a few miles from the Fort). The NSA people probably were upset with the equipment itself, not the idea that Meade was being more precisely targetted for ICBMs. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From perry at piermont.com Sun Aug 20 13:03:19 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 20 Aug 95 13:03:19 PDT Subject: NSA into antigravity? In-Reply-To: Message-ID: <199508202002.QAA03115@frankenstein.piermont.com> Timothy C. May writes: > > (No, I see no relevance for "coding in C," but even critics of "off-topic" > posts have commented on this, Because it isn't off topic. It was small and reasonably on-topic. So are discussions of personal privacy, clipper, electronic cash, NSA proceedure, and similar stuff. Its the long conspiracy theory rants about Waco that are pure noise. Furthermore, Tim, no one ever suggested that coding in C was the only possible way people could contribute to the efforts we are making. Popularization, lobbying, legal work, are all important. It was the constant stream of posts about militias, Vincent Foster's shoe size, and the like, which we were flaming. Perry From jya at pipeline.com Sun Aug 20 13:12:42 1995 From: jya at pipeline.com (John Young) Date: Sun, 20 Aug 95 13:12:42 PDT Subject: MSN hackers heaven (fwd) Message-ID: <199508202012.QAA26057@pipe1.nyc.pipeline.com> This is a variation on Brad's forward of the MSN security hole: Information Week, August 28, 1995, p. 24. Risk Looms On Microsoft Network. E-mail icons can hide viruses. A feature designed to make electronic mail easy to use on the Microsoft Network online service may also make it easier for hackers to trick users into running destructive software programs on their PCs. When a Microsoft Network user sends a binary file embedded in an E-mail message, the file appears as an icon on the recipient's screen. The recipient can double-click on the icon to automatically download the embedded file and execute it. To download the file without executing it, the recipient must use the mouse's right button, which has been rarely needed until now. Though other online services offer automatic downloading of files, Microsoft's goes one step further in allowing the file's automatic execution. That file could be a virus or other malicious program that could erase files or reformat a hard disk, according to Mike Wyman, VP and chief technical offficer of Interactive Data Corp., an investment information firm in Lexington, Mass., and a Microsoft Network beta user. "On the Microsoft Network, I can disguise an icon so that it looks innocuous," says Wyman. "The analogy I like to use is the Unabomber. If you get a package in the mail that's wrapped in duct tape and brown paper, you'd regard it as suspicious. But if it's a plain white envelope with Ed McMahon's picture on it, you wouldn't think twice about opening it." Microsoft says the feature is a convenience, not a security hole. "There are risks of getting [data] off the network in any form," says George Meng, group product manager for the Microsoft Network in Redmond, Wash. "People have to be aware of what the source of information is." Winn Schwartau, president of Interpact Inc., a computer security consulting firm in Seminole, Fla., disagrees. "If the ability to execute programs bypasses conventional filtering and virus controls, then you certainly have a security hole," he says "Potential 'Trojan horse' programs could be sent by anyone." By Mitch Wagner and Clinton Wilder [End] From fmouse at fmp.com Sun Aug 20 13:50:44 1995 From: fmouse at fmp.com (Lindsay Haisley) Date: Sun, 20 Aug 95 13:50:44 PDT Subject: Netscape to copyright URLs? Message-ID: <199508202050.PAA19345@zoom.bga.com> At 02:39 AM 8/20/95 -0400, you wrote: >Today's surf of Netscape's home page yielded an interesting question. Is >Netscape trying to licence links to their products? To me >http://home.netscape.com/comprod/mirror/netscape_now_program.html seems to >suggest tha you can only display certain logos and info if you are >licensed by Netscape. You could for example not put up a link to their >"Download Netscape NOW" page without prior approval by Netscape. > >This seems to be a new development on the web. Since when does one need a >license to include certain URLs in one's home page? The Netscape general info document specifically states .... >Aside from the ftp mirrors we list on our home page, we do not allow >redistribution of our software. This means that it is not legal to put >our software on your ftp server, nor to include it on disks you are >distributing, although you're more than welcome to include a pointer to >our home pages so that people can download the latest version for >themselves. They have specifically given permission here for links, at least to their home pages, possibly even to other items such as a downloadable netscape. (______) Lindsay Haisley (oo) "The bull FMP Computer Services /------\/ stops here!" fmouse at fmp.com / | || Austin, Texas, USA * ||---|| (512) 259-1190 ~~ ~~ From danisch at ira.uka.de Sun Aug 20 13:56:38 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Sun, 20 Aug 95 13:56:38 PDT Subject: A glance at the future of missing child identification Message-ID: <9508202052.AA23832@elysion.iaks.ira.uka.de> These transponders are already used for many year. They inject them in pigs and cows to identify them. And some car manufacturers put the into the ignition keys as theft protections. Technology is not new. Perhaps it is already used for criminals? Somewhere I heard that in America criminals are sentenced to stay at home because the jails are overfilled. A sender is attached to their leg and the police is informed if he leaves his home. Perhaps a drug dealer may be more usefull if he moves free and has a transponder inside which he doesn't know about, that having him in jail. Here in Germany most department stores have big antennas at the doors which are normally used to detect thefts. Perhaps these antennas also recognize certain people. You can be sure even criminals go to department stores, undergrounds, or bus stations. Some hidden antennas and it's easy to be on their track. But it might be difficult to hide them on x-ray images... Brrr, disgusting idea... :-{ Hadmut From bdavis at thepoint.net Sun Aug 20 14:10:51 1995 From: bdavis at thepoint.net (Brian Davis) Date: Sun, 20 Aug 95 14:10:51 PDT Subject: Another SSL breakage... In-Reply-To: <7849.9508171510@exe.dcs.exeter.ac.uk> Message-ID: On Thu, 17 Aug 1995 aba at dcs.exeter.ac.uk wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > All hell seems to have broken loose whilst I was lazing on the beach > yesterday. SSL breakings, big name newspaper newsreports (of varying > degrees of accuracy), and much ITAR bashing (yay!) or perhaps that > should be nooooh! 'cos I might be doing myself out of work as a UK > crypto hacker (as John Hemming said in the article Robert Hettinga > forwarded) if we loose the fun advantage of being in the free world, > and not having to follow the ITAR nonsense. > > Anyway, congratulations Damien! I add my congratulations to everyone else's. But, as the list rejoices that this means the "end of ITAR" or, more accurately put the "end of encryption programs as 'munitions'", I've got to play the devil's advocate. Many of you, of course, see me as the Devil's Advocate. Anyway, certain arms of the government want to prevent strong crypto from being exported so that they can easily decode encrypted messages from abroad (at least those using US developed software). Damien's impressive feat is that exportation of weak crypto indeed makes that possible. Some posters have discussed the time and difficulty in decoding strong crypto ... I think all agree that it would take significantly longer (or much more computer time) but is not impossible. So ... has this proven that the banning of strong crypto is the correct way to go, and that, at least to some, credit card transactions using weak crypto will be acceptable to most (given the ease of getting CC#s other ways)? Donning my asbestos suit, And speaking only for myself ... EBD From adam at bwh.harvard.edu Sun Aug 20 14:21:05 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sun, 20 Aug 95 14:21:05 PDT Subject: Another SSL breakage... In-Reply-To: Message-ID: <199508202119.RAA12053@hermes.bwh.harvard.edu> | So ... has this proven that the banning of strong crypto is the correct | way to go, and that, at least to some, credit card transactions using | weak crypto will be acceptable to most (given the ease of getting CC#s | other ways)? No. Banning strong crypto will not help; those darn furriners are using it anyway. What it will mean is that the Information Infrastructure of the future will bypass the United States, as without strong cryptography, it is impossible to build a secure architechture. Should the United States wish to relagate itself to the status of a third world nation becuase of terrorists, druge dealers, child pornorgaphers and money launderers, that is indeed unfortunate. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From bdavis at thepoint.net Sun Aug 20 14:24:33 1995 From: bdavis at thepoint.net (Brian Davis) Date: Sun, 20 Aug 95 14:24:33 PDT Subject: Non-News Govt Announcement on Key Escrow In-Reply-To: Message-ID: On Thu, 17 Aug 1995, Timothy C. May wrote: > At 9:49 PM 8/17/95, Dave Banisar wrote: > >The White House and NIST annouced today that they were planning to hold two > >open meetings next month to develop standards for "acceptable" software key > >escrow. The standards will then be made into a FIPS. The programs cannot > >deletia > One thing I'm hoping for is that Clinton will, as he contemplates his last > year and a bit in office, have an attack of "liberalism." That is, I am > hoping he realizes that any mandatory key escrow system is not only a > massive infringement on the right of people to speak and communicate as > they wish, it is also handing the keys to the Surveillance State to the > likes of Bob Dole, Jesse Helms, Alonse D'Amato, Newt Gingrich, and William > Bennett. > I'm afraid your hope is misplaced; I'm sure he thinks he's got a fighting chance for a second term. And giving up on GAK would be portrayed by the Republican right (I know, that's redundant) as being weak on crime. Not gonna happen. If he's reelected, then you've cause to be hopeful on this and other issues ... > --Tim May > > > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero EBD From loofbour at cis.ohio-state.edu Sun Aug 20 16:59:38 1995 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Sun, 20 Aug 95 16:59:38 PDT Subject: Secure, reliable (Re: Distributed computing) In-Reply-To: <14470.9508181605@exe.dcs.exeter.ac.uk> Message-ID: <199508202359.TAA22611@colon.cis.ohio-state.edu> A couple of months back, someone (Adam Back, perhaps?) made mention of work on secure, reliable distributed computing on untrusted networks of untrusted machines. I seem to remember mention of sending out bogus computations in order to obscure the actual computation being performed. I was never able to follow the reference, since all the info available was the name of a Japanese professor, with no mention of the university or of any publications I could look up. Does this work ring a bell with anyone else? nathan From sunder at escape.com Sun Aug 20 17:11:18 1995 From: sunder at escape.com (Ray Arachelian) Date: Sun, 20 Aug 95 17:11:18 PDT Subject: your mail In-Reply-To: Message-ID: My my, Delweiler rides high! =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From solman at MIT.EDU Sun Aug 20 17:26:47 1995 From: solman at MIT.EDU (solman at MIT.EDU) Date: Sun, 20 Aug 95 17:26:47 PDT Subject: Legality of suverting computational cycles via Microsoft In-Reply-To: Message-ID: <9508210026.AA01067@ua.MIT.EDU> Does anybody here know if it is illegal to get unwiting users to download benign viruses via MSN? Doesn't this sort of hole, by its very nature, make it trivial for people to violate Europes future electronic privacy laws? (despite Microsoft's guarantee that MSN would follow those rules.) JWS From sunder at escape.com Sun Aug 20 17:27:52 1995 From: sunder at escape.com (Ray Arachelian) Date: Sun, 20 Aug 95 17:27:52 PDT Subject: CoS Raid on "Copyright Terrorist" In-Reply-To: <9508151817.AA03464@vail.tivoli.com> Message-ID: On Tue, 15 Aug 1995, Mike McNally wrote: > Ray Cromwell writes: > > Nowadays, a $10-20/mo maildrop at places like "Mailboxes, Etc" works fine. > > Mailboxes Etc. insists on getting a picture ID; at least they did last > time I checked. Some smaller mom&pop places will take a business card > (time to break out your Jim Rockford Business Card Fabrication Kit). Please, all you need is to go down to a computer time rental place that has a color scanner and a color printer and you can print any ID you like. Take a picture of you, scan it in, bring it to a word processor or publisher program, write some text next to it like "Anon Y. Mouse Inc. Joe Sixpack, Vice President of Operations, DOB: 4/1/69" print it, cut the edges to make it look round, and get it laminated. Instant I.D. Worth as much as used toilet paper when it comes to your True Name. I can do half the operation right now on my home machine. Just have to get the camcorder out and hook it up to the video capture card to get the picture, then take it into Publish It Easy, write the text and put the picture next to it. Only thing I'm missing is a color inkjet printer and a small laminator, but I can print to a poscript file, take the file to Kinko's or wherever and print it there, buy a laminator for $40 and I'm set. Hell, another $200 and I can get a decent color printer too. =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From monty.harder at famend.com Sun Aug 20 17:41:11 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Sun, 20 Aug 95 17:41:11 PDT Subject: Netscape to copyright URLs? Message-ID: <8AF83E3.000300034C.uuout@famend.com> RJ> Essentially, they want us to help them create the perception RJ> that if you don't show the "Netscape Now!" flag (didn't Nixon have RJ> a similar slogan?) on your page, that you're just not a high- RJ> quality operation. Or maybe they're trying to change the subject Let's just create our own flag, and use it instead, then. * If we had ham, * We could have ham and eggs, * If we had eggs. --- * Monster at FAmend.Com * From shamrock at netcom.com Sun Aug 20 18:40:42 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 20 Aug 95 18:40:42 PDT Subject: A glance at the future of missing child identification Message-ID: <199508210136.VAA09171@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <9508202052.AA23832 at elysion.iaks.ira.uka.de>, danisch at ira.uka.de (Hadmut Danisch) wrote: >These transponders are already used for many year. They inject >them in pigs and cows to identify them. And some car manufacturers >put the into the ignition keys as theft protections. Sure, the technology is nothing new. Still, it deserves our attention. > >Technology is not new. Perhaps it is already used for criminals? >Somewhere I heard that in America criminals are sentenced to stay >at home because the jails are overfilled. A sender is attached to >their leg and the police is informed if he leaves his home. Yes, this is being done. The programs are expected to be extended, because housing an inmate is expensive. >But it might be difficult to hide them on x-ray images... No need to hide them if they are implated voluntary with the first polio shot or required for ex-cons. BTW, is there a futures market that allows you to bet real money? - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDfjCCoZzwIn1bdtAQH7HQGAlqdM9rArQZdn2mYTrOPUHKMQoHPv9sL7 +dwxxBPXSNr0Zr/vdrT/vabc8fHJQSlC =jraT -----END PGP SIGNATURE----- From nobody at REPLAY.COM Sun Aug 20 19:20:11 1995 From: nobody at REPLAY.COM (Anonymous) Date: Sun, 20 Aug 95 19:20:11 PDT Subject: Basically F-C-ed Message-ID: <199508210220.EAA03190@utopia.hacktic.nl> FBI Probing Planted Explosive Orlando, Fla., August 20 (AP) -- Two explosives were planted in a professor's suitcase to test airport security measures in Amsterdam, The Netherlands, and were discovered when he arrived in Orlando, officials said Saturday. The professor, Paul Holloway of the University of Florida, arrived at Orlando International Airport on Friday afternoon and found his suitcase had been torn, said Brian Kensel, a special agent with the FBI in Tampa. He alerted Northwest Airlines security officials who emptied his bag and found the two devices. No detonators or fuses were with the materials, posing no danger to passengers, Kensel said. "We were satisfied that he was unaware of its presence before it was found at the airport," he added. Holloway had been attending a professional conference in Finland and had traveled through Detroit, Michigan, before arriving in Orlando, Kensel said. He had stopped in Amsterdam on the way, and that was where the device was placed, said Kathleen Bergen, spokeswoman with the Federal Aviation Administration in Atlanta. "It was part of a test," she said. "Basically the bag was inadvertently loaded on board with the explosives still inside." Kensel said such security measures were normal for Europe. "Particularly in Europe, there are grave concerns about security issues," he said. "As a result, they do conduct various security programs regularly. This was part of a routine check of their own security systems. "The bag got away from them basically," he said. ----- From usura at replay.com Sun Aug 20 19:28:21 1995 From: usura at replay.com (Alex de Joode) Date: Sun, 20 Aug 95 19:28:21 PDT Subject: Basically F-C-ed Message-ID: <199508210228.AA19298@xs1.xs4all.nl> Anonymous sez: : FBI Probing Planted Explosive : Orlando, Fla., August 20 (AP) -- Two explosives were : planted in a professor's suitcase to test airport : security measures in Amsterdam, The Netherlands, and were : discovered when he arrived in Orlando, officials said : Saturday. [..] : Kensel said such security measures were normal for : Europe. : "Particularly in Europe, there are grave concerns about : security issues," he said. "As a result, they do conduct : various security programs regularly. This was part of a : routine check of their own security systems. : "The bag got away from them basically," he said. Airport police was very quick to point out that such practices were legal, now when they do that ...... -- Alex de Joode Fear Uncertainty Confusion and Kaos, Inc. From mark at lochard.com.au Sun Aug 20 19:31:56 1995 From: mark at lochard.com.au (Mark) Date: Sun, 20 Aug 95 19:31:56 PDT Subject: NSA into antigravity? In-Reply-To: Message-ID: <199508210055.AA27598@junkers.lochard.com.au> >>>Neither the University nor the NSA has commented on the incident. However, >>>it is believed that Ollman and Wayne were investigating a slight anomaly >>>in the Earth's gravitational field centered around Fort Meade. No reason has >>>been given for their detention. The anomaly is just the NSA basements full of buzzing machines emitting all that RFI and putting the Earth off tilt by .004 degrees a year. The nukes actually home in on the emitted radiation like a heat seeking missile. :) Mark From mfroomki at umiami.ir.miami.edu Sun Aug 20 19:50:04 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Sun, 20 Aug 95 19:50:04 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: <8AF7577.0003000342.uuout@famend.com> Message-ID: Monty Harder suggests that what the world needs is a CyberNotary. Fear not; the American Bar Association, in cahoots with the U.S. chapter of the International Chamber of Commerce, is hard at work at creating exactly such a beast. More details in N weeks, when there are more details. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm From tcmay at got.net Sun Aug 20 20:03:00 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 20 Aug 95 20:03:00 PDT Subject: A glance at the future of missing child identification Message-ID: At 8:52 PM 8/20/95, Hadmut Danisch wrote: >These transponders are already used for many year. They inject >them in pigs and cows to identify them. And some car manufacturers >put the into the ignition keys as theft protections. The subcutaneous animal things are only detectable at very short ranges. Typically, a vet (animal doctor) uses a handheld wand to pick up the signal. Useful for tracking pets, farm animals, etc. There has so far been no known uses of this on humans, at least as a matter of routine. Possibly some developers have tried injecting themselves, for the usual reasons. The car system used here in the U.S. is called "Lo-Jack," as in the opposite of "hijack." I don't see how putting the transponders in ignition keys would do much to stop theft, but maybe I'm unaware of European developments. (There are keys with chips in them, acting as electronic keys, or to make the keys harder to duplicate, but not to track the cars.) >Technology is not new. Perhaps it is already used for criminals? >Somewhere I heard that in America criminals are sentenced to stay >at home because the jails are overfilled. A sender is attached to >their leg and the police is informed if he leaves his home. Yes, these exist. Not using the same technology as the transponders used in pets and livestock, though. >Perhaps a drug dealer may be more usefull if he moves free and >has a transponder inside which he doesn't know about, that having >him in jail. Not technologically feasible at this time, but maybe in several years. Even so, it wouldn't be hard for his friends to scan him for bugs. Sure, some will argue that pseudorandom, very intermittent, frequency-agile signals could be emitted...I say it's a hard problem to escape detection by antennas a few centimeters away when the signal has to be detectable by surveillance antennas at least kilometers away, and more likely tens or hundreds of kilometers away. The infrastructure of antennas is lacking. >Here in Germany most department stores have big antennas at the >doors which are normally used to detect thefts. Perhaps these antennas >also recognize certain people. You can be sure even criminals go to >department stores, undergrounds, or bus stations. Some hidden antennas >and it's easy to be on their track. Implausible. The theft detectors are not picking up specific transponders, just the "on" or "off" state of the things attached to clothing, books, CDs, etc. (I say "things" because some of them are strips inserted in books, some are tag-like things clamped to clothing, etc.) Again, the infrastructure is lacking. The simple detectors in stores would have to be upgraded to track more sophisticated transponders. The stores would have to cooperate, etc. Implausible. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jya at pipeline.com Sun Aug 20 20:10:43 1995 From: jya at pipeline.com (John Young) Date: Sun, 20 Aug 95 20:10:43 PDT Subject: Basically F-C-ed Message-ID: <199508210310.XAA03953@pipe2.nyc.pipeline.com> Responding to msg by usura at replay.com (Alex de Joode) on Mon, 21 Aug 4:28 AM >Airport police was very quick to point out that such >practices were legal, now when they do that ...... What, Alex, FC stands for F*cking Counterterrorists, making work for themselves? Oh my, are those bitter out of work XX-cold warriors heeding X-feebie Liddy, prolonging the 60's blame-the-radicals payoffs. From jamesd at echeque.com Sun Aug 20 20:17:19 1995 From: jamesd at echeque.com (James A. Donald) Date: Sun, 20 Aug 95 20:17:19 PDT Subject: (Fwd) 1995 Nanotechnology Conference Message-ID: <199508210317.UAA24109@blob.best.net> At 11:45 AM 8/19/95 -0400, John Young wrote: > >Fourth Foresight Conference on Molecular Nanotechnology And what does this have to do with cryptography? --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jya at pipeline.com Sun Aug 20 20:19:17 1995 From: jya at pipeline.com (John Young) Date: Sun, 20 Aug 95 20:19:17 PDT Subject: A glance at the future of missing child identification Message-ID: <199508210319.XAA04795@pipe2.nyc.pipeline.com> September Wired has an "Updata" on this by Simson Garfinkel, "A Chip for Every Child?" A note says the original story was in Wired 1.6. Excuse the W-word. From tcmay at got.net Sun Aug 20 20:34:02 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 20 Aug 95 20:34:02 PDT Subject: Third World Man Message-ID: (Wow! I just trimmed 7 of the 8 names cc:ed on this message I'm quoting...I think the auto-quoting software most of use is getting out of hand. The trimmed recipients were; To: bdavis at thepoint.net, aba at atlas.ex.ac.uk, davby at ida.liu.se, Damien.Doligez at inria.fr, hfinney at shell.portal.com, asb at nexor.co.uk) Anyway... At 9:19 PM 8/20/95, Adam Shostack wrote: >| So ... has this proven that the banning of strong crypto is the correct >| way to go, and that, at least to some, credit card transactions using >| weak crypto will be acceptable to most (given the ease of getting CC#s >| other ways)? > > No. Banning strong crypto will not help; those darn furriners >are using it anyway. What it will mean is that the Information >Infrastructure of the future will bypass the United States, as without >strong cryptography, it is impossible to build a secure architechture. > > Should the United States wish to relagate itself to the status >of a third world nation becuase of terrorists, druge dealers, child >pornorgaphers and money launderers, that is indeed unfortunate. The U.S. is not likely to find itself relegated to third world status over this issue. Rhetorically, I wish it were so, but it just ain't. This issue--like the McCarthy hearings in the 1950s, the race issue in the '60s, the Vietnam war in the '60s and '70s, to name a few cases, _sounds_ really serious. And it is, as those cases were, but predicting the imminent collapse of American civilization is usually a lose. There is no way the technologlcal and manufacturing prowess of leading American companies will be substantially crippled. I would like to see export laws relaxed, especially as they are seldom effective, and so on. You know my views. But the likeliest outcome if strong crypto export remains hard, but import is unaffected, is that strong crypto will be imported from Europe and elsewhere. (It does not violate any laws that I am aware of to have a product for sale in the U.S. with "hooks" for arbitrary crypto, so long as that product and the hooks are not _exported_. Naturally, companies like Microsoft, Lotus, Novell, etc., do not want to have a U.S. version and an export version. But if they _have_ to, they can. My point is that this would certainly not relegate the U.S. to Third World status, at least not faster than many other trends are already doing.) Several European companies are strong in crypto, of course. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jya at pipeline.com Sun Aug 20 20:38:51 1995 From: jya at pipeline.com (John Young) Date: Sun, 20 Aug 95 20:38:51 PDT Subject: (Fwd) 1995 Nanotechnology Conference Message-ID: <199508210338.XAA07406@pipe2.nyc.pipeline.com> Responding to msg by jamesd at echeque.com ("James A. Donald") on Sun, 20 Aug 8:17 PM >And what does this have to do with cryptography? The topic has come up here several times in connection with development of molecular computers. It has been suggested that there is a link to Len Adelman's work. But maybe that was just a transparent cover story. Perhaps it's actually a molecular part of the Waco Vince Foster Tom Clancy Pat Robertson Nuclear Weapons Material divulgation. Thanks for provoking. What do you think? Your lively disputations have been missed. From perry at piermont.com Sun Aug 20 20:42:15 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 20 Aug 95 20:42:15 PDT Subject: Basically F-C-ed In-Reply-To: <199508210310.XAA03953@pipe2.nyc.pipeline.com> Message-ID: <199508210342.XAA03482@frankenstein.piermont.com> Let me just point out that this is starting to get afield... .pm John Young writes: > > Responding to msg by usura at replay.com (Alex de Joode) on Mon, > 21 Aug 4:28 AM > > > >Airport police was very quick to point out that such > >practices were legal, now when they do that ...... > > > What, Alex, FC stands for F*cking Counterterrorists, making > work for themselves? > > > Oh my, are those bitter out of work XX-cold warriors heeding > X-feebie Liddy, prolonging the 60's blame-the-radicals payoffs. > > > > From tcmay at got.net Sun Aug 20 20:46:09 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 20 Aug 95 20:46:09 PDT Subject: Secure, reliable (Re: Distributed computing) Message-ID: At 11:59 PM 8/20/95, Nathan Loofbourrow wrote: >A couple of months back, someone (Adam Back, perhaps?) made mention of >work on secure, reliable distributed computing on untrusted networks >of untrusted machines. I seem to remember mention of sending out bogus >computations in order to obscure the actual computation being >performed. > >I was never able to follow the reference, since all the info available >was the name of a Japanese professor, with no mention of the >university or of any publications I could look up. > >Does this work ring a bell with anyone else? Joan Feigenbaum, then of Stanford and now of Bell Labs, has worked for many years on what she calls "computing with encrypted instances." The canonical example is one where one wishes to send a problem, e.g., a routing problems a la the Travelling Salesman Problem, to a service for solving. But one doesn't wish to reveal the cities being considered, perhaps for business reasons. (The extension of this concern to crypto should be clear.) So, one transforms the data set, sends it to the compute services, gets back and answer, and reverses the transformation. I've always thought of her work as a kissing cousing to zero knowledge interactive proof systems, but it evolved along a different path. A check of her published papers should reveal several summaries. I know some of her stuff got published in "Crypto Proceedings." --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hal9001 at panix.com Sun Aug 20 20:52:24 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Sun, 20 Aug 95 20:52:24 PDT Subject: Sun's buggy MD5? Message-ID: At 20:45 8/18/95, michael shiplett wrote: >MD5 test suite: >MD5 ("") = f00001c0effffba8429b59d50529097c >MD5 ("a") = f00003c0effffba8aec5fcf4284a8dbe >MD5 ("abc") = f00005c0effffba896fc8af8ca60a911 >MD5 ("message digest") = f00007c0effffba8f373218f317a9558 >MD5 ("abcdefghijklmnopqrstuvwxyz") = f00009c0effffba896b4f24acb3f4738 >MD5 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") >= f0000bc0effffba8cef237a614aa457d There certainly is something VERY wrong. I think that the result is being reported from a location that is 8 positions left of where it should be pointing. Position 9 is where the "random" (ie: Probably correct) data starts. The first 8 positions are f0000Xc0effffba8 (where X increments by 2 for each invocation). Thus this looks like some kind of constant or fixed work area. From jirib at sweeney.cs.monash.edu.au Sun Aug 20 21:05:46 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Sun, 20 Aug 95 21:05:46 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: Message-ID: <199508210400.OAA03317@sweeney.cs.monash.edu.au> Hello Michael Froomkin and Rich Salz and cypherpunks at toad.com Original reason at end (after the reply). > But this is precisely the issue: what does the *certificate* get any of > these people that a simple digital signature does not provide? Protection from spoofing. > On Sat, 19 Aug 1995, Rich Salz wrote: > > > I think there are many people who might be willing to use an > > "anon CA" should it exist: > > Whistleblowers, perhaps Deep Throat would have used email Certification is needed to avoid another person intercepting, re-signing, and substituting hir own key. > > Any number of writers who have used psuedonyms and now want to > > get paid in ecash; Mark Twain? Certification is needed to avoid another person diverting the ecash (a disputed unsigned key practically useless). In fact a much simpler attack is denial-of-service: simply dispute the key (send another one to the keyservers), and let the resulting uncertainty cut off the profits. Also, if you insist on govt-is-root, you need certified pseudonyms to set up a pseudonymous CA (ie a CA whose real identity is unknown). Hope that makes sense... Jiri -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) From bdolan at use.usit.net Sun Aug 20 21:40:54 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Sun, 20 Aug 95 21:40:54 PDT Subject: Basically F-C-ed In-Reply-To: <199508210220.EAA03190@utopia.hacktic.nl> Message-ID: I don't find it too hard to believe that the Dutch would make a test like this. Security at Schipol can be pretty intense. I find it a little harder to believe that they would goof and let the bomb-oid get away, but mistakes happen. What I find difficult to swallow is that they would *tear* the man's luggage to insert the article. In my experience, the Dutch are almost obsessively careful in taking care of their own property and that of others. FWIW, BD On Mon, 21 Aug 1995, Anonymous wrote: > > FBI Probing Planted Explosive > > > Orlando, Fla., August 20 (AP) -- Two explosives were > planted in a professor's suitcase to test airport > security measures in Amsterdam, The Netherlands, and were > discovered when he arrived in Orlando, officials said > Saturday. > > The professor, Paul Holloway of the University of > Florida, arrived at Orlando International Airport on > Friday afternoon and found his suitcase had been torn, > said Brian Kensel, a special agent with the FBI in Tampa. > > He alerted Northwest Airlines security officials who > emptied his bag and found the two devices. No detonators > or fuses were with the materials, posing no danger to > passengers, Kensel said. > [...] From welcome at realaudio.com Sun Aug 20 21:49:43 1995 From: welcome at realaudio.com (RealAudio Welcome Wagon) Date: Sun, 20 Aug 95 21:49:43 PDT Subject: RealAudio website temporary password Message-ID: <199508210449.VAA20788@www.realaudio.com> This is an automatic response to your request for a free user account on the RealAudio site. Welcome to the world of RealAudio. The following temporary password will only be used once, in order to activate the username and password you selected for yourself during signup. To activate your account, please visit our Account Activation page at http://www.RealAudio.com/welcome.html and enter the temporary password in the proper blank. The user name you selected is: cypherpu Your temporary RealAudio password is: Toledo.Francisco If you have trouble with the software, please refer to the RealAudio FAQ and Technical Notes available at http://www.RealAudio.com/help.html You can also contact us through http://www.RealAudio.com/comment.html Thank you for becoming a RealAudio user. From jirib at sweeney.cs.monash.edu.au Sun Aug 20 22:00:14 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Sun, 20 Aug 95 22:00:14 PDT Subject: WhiSSLing in the Dark In-Reply-To: <199508182201.AAA27435@utopia.hacktic.nl> Message-ID: <199508210459.OAA03641@sweeney.cs.monash.edu.au> Hello cypherpunks at toad.com Anybody get the feeling someone is writing off their computers real fast? ... > In home computer terms, Doligez guesses a network of > about 80 Intel Pentium-based machines would be equivalent ... > at around $10,000, meaning there are many more economical ... Okay, 80 Pentiums, at 2000 each, makes 160 000. 8 days per attack, 10 000 per attack, makes cost of attack 1250/day 160 000 / 1 250 = 128 days. Anybody's Pentiums actually wear out after half a year? You could question my 2000 figure, but even at 5000 it'd still be just a year. Cost of capital doesn't change by more than 10% in that time. Hope I'm making sense... and sorry about flogging the dead horse... Jiri -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) From shamrock at netcom.com Sun Aug 20 22:16:24 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 20 Aug 95 22:16:24 PDT Subject: RealAudio website temporary password Message-ID: <199508210512.BAA11614@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199508210449.VAA20788 at www.realaudio.com>, welcome at realaudio.com (RealAudio Welcome Wagon) wrote: >This is an automatic response to your request for a free user account >on the RealAudio site. Welcome to the world of RealAudio. > >The following temporary password will only be used once, >in order to activate the username and password you >selected for yourself during signup. >To activate your account, please visit our Account Activation page >at http://www.RealAudio.com/welcome.html >and enter the temporary password in the proper blank. > >The user name you selected is: > >cypherpu The password has been changed to "cypherpunks" - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDgVmCoZzwIn1bdtAQF6IwF+INj+evDl7CrkIKHTpozs+8yMixV9fEh4 FvaTNdx/Jl/kWoyrjFTk+oYm85DmVv91 =xB75 -----END PGP SIGNATURE----- From nobody at REPLAY.COM Sun Aug 20 22:40:19 1995 From: nobody at REPLAY.COM (Anonymous) Date: Sun, 20 Aug 95 22:40:19 PDT Subject: RealAudio website temporary passwordRe: RealAudio website temporary password Message-ID: <199508210540.HAA04886@utopia.hacktic.nl> The Cypherpunks RealAudio free account is now activated with password "writecode" (case sensitive -- make them letters small). The user name is still "cypherpu". RealAudio.com does not truncate names longer than 8 characters during login (meaning "cypherpunks" fails), but their signup page won't allow entry of more than 8. Silly. Don't have too much fun listening to NPR, now... > Date: Sun, 20 Aug 1995 21:49:23 -0700 > From: RealAudio Welcome Wagon > To: cypherpunks at toad.com > Reply-To: welcome at realaudio.com > Subject: RealAudio website temporary password > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > This is an automatic response to your request for a free user account > on the RealAudio site. Welcome to the world of RealAudio. > > The following temporary password will only be used once, > in order to activate the username and password you > selected for yourself during signup. > To activate your account, please visit our Account Activation page > at http://www.RealAudio.com/welcome.html > and enter the temporary password in the proper blank. > > The user name you selected is: > > cypherpu > > Your temporary RealAudio password is: > > Toledo.Francisco > > If you have trouble with the software, please refer to > the RealAudio FAQ and Technical Notes available at > http://www.RealAudio.com/help.html > > You can also contact us through http://www.RealAudio.com/comment.html > > Thank you for becoming a RealAudio user. From nobody at REPLAY.COM Sun Aug 20 23:00:15 1995 From: nobody at REPLAY.COM (Anonymous) Date: Sun, 20 Aug 95 23:00:15 PDT Subject: RealAudio website temporary passwordRe: RealAudio website temporary password Message-ID: <199508210600.IAA05113@utopia.hacktic.nl> Lucky Green wrote: >>This is an automatic response to your request for a free user account >>on the RealAudio site. Welcome to the world of RealAudio. >> ... >>The user name you selected is: >> >>cypherpu > >The password has been changed to "cypherpunks" > Oops. Thank you for changing the password. Shall we not use writecode unless the site does not allow "cypherpunks" as the password? I get it now. Crypto relevance: http://www.realaudio.com/rafiles/npr/password/nb081801-4.ram The segment is overly optimistically billed as: "Dan Charles reports the Clinton administration has reached a compromise with the security industry about the export of encryption equipment that will protect personal computer files and allow law enforcement agencies access to them if necessary. (3:30)" From tcmay at got.net Sun Aug 20 23:56:49 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 20 Aug 95 23:56:49 PDT Subject: RealAudio website temporary password Message-ID: At 6:00 AM 8/21/95, Anonymous wrote: >Oops. Thank you for changing the password. Shall we not use writecode >unless the site does not allow "cypherpunks" as the password? I get it >now. Hey, this business of signing up the "Cypherpunks" list for a bunch of specialized services is getting old. As guerilla ontology, it's fine. The problem is that all of these messages about what the official, public password is are cluttering up the mail here ( "writecode" is not my idea of an obvious public password). And some of these public sign-ups generate reflecting messages back to the list. In terms of scaling, this sucks. And what's being accomplished? (I confess that when I first saw this announcement that we had been signed up with the name "cypherpu" and the temporary passphrase "Toledo.Francisco," I immediately registered under a different set of names. Now I see that Lucky Green has done the same thing. Hmhhhh, which one came first and is recognized by them?) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jcaldwel at iquest.net Mon Aug 21 01:19:48 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Mon, 21 Aug 95 01:19:48 PDT Subject: A glance at the future of missing child identification In-Reply-To: Message-ID: In article , tcmay at got.net (Timothy C. May) wrote: }At 8:52 PM 8/20/95, Hadmut Danisch wrote: }>These transponders are already used for many year. They inject }>them in pigs and cows to identify them. And some car manufacturers }>put the into the ignition keys as theft protections. } }The subcutaneous animal things are only detectable at very short ranges. }Typically, a vet (animal doctor) uses a handheld wand to pick up the }signal. Useful for tracking pets, farm animals, etc. Yep, and it uses a nine digit number, what convienience. }There has so far been no known uses of this on humans, at least as a matter }of routine. Possibly some developers have tried injecting themselves, for }the usual reasons. Nope, those are in the works, well biotelemetry devices are. }Implausible. The theft detectors are not picking up specific transponders, }just the "on" or "off" state of the things attached to clothing, books, }CDs, etc. (I say "things" because some of them are strips inserted in }books, some are tag-like things clamped to clothing, etc.) They'll need to change those, kids are having too much fun attaching them to the innocent before they leave the store.. }Again, the infrastructure is lacking. The simple detectors in stores would }have to be upgraded to track more sophisticated transponders. The stores }would have to cooperate, etc. Implausible. The infrastructure is in place for the implantable short range devices all that is needed is a reader at a credit terminal. No, I don't see this as being implemented. Check out the pattent office for some interesting new devices in the works. One is has wide bandwidth outgoing channel and a low bandwidth incomming control channel. Range on the outgoing channel is 300 yards. This is through the skin. From bigmac at digicash.com Mon Aug 21 02:27:52 1995 From: bigmac at digicash.com (Marcel van der Peijl) Date: Mon, 21 Aug 95 02:27:52 PDT Subject: Basically F-C-ed In-Reply-To: <199508210220.EAA03190@utopia.hacktic.nl> Message-ID: <199508210927.LAA20988@digicash.com> My $0.02 on the 'strict security' on Schiphol (first one to cash in gets it) based upon personal experience: American airlines (Northwest, United) have very strict security when departing from Schiphol. Interviews, men with rifles, queries on who packed your luggae, etc. But all the crap I drag around (200+ kilo's of exhibition equipment full of custom built hardware, large batteries, transformers etc) has never been opened. However, you should try flying a different airline: KLM, Lufthansa, etc. No interviews, no guns, just friendly people. // Marcel van der Peijl, DigiCash bv, http://www.digicash.com/~bigmac/ // The hottest instruction on a P90? JMP $ @ 2.633A or 52C (with fan) -----BEGIN ECASH PAYMENT----- oLmQgwABBKGgiqCukIEOkIECkIECkIEBkIEBkYQwOFBMkIQwSsVMkIEOkoFAlJS9 6s3VPOknMsxX6gckPyMn5pTcxZSUvidM8tDgBQYJ1/mvUX0btKmF3yuQgRCSik15 IDIgY2VudHOSgJSAkIIB4pGEAAAAAJCBAKGguKCrkIIBIZPAJ83XcZEK8+t+LfQy EXr67l4ronGhdnuPNhuW8cBkDuHcFSX1zLMJasUaMmul7wA79+myPl1/HBRHSdku xEgBBpPAU6yZn9wp1lyDpRVcGh7Hkez5HMwItWcVXKcu9EDLauSMx5yvb5XKb3R6 7vPD6IwSY9nXc9bLRm+PAdZatnDwBJCBAqGhoQ== -----END ECASH PAYMENT----- From rah at shipwright.com Mon Aug 21 04:53:31 1995 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 21 Aug 95 04:53:31 PDT Subject: Third World Man Message-ID: At 11:41 PM 8/20/95, Timothy C. May wrote: >And it is, as those cases were, but predicting the imminent >collapse of American civilization is usually a lose. One of my favorite quotes is supposed to be from Gibbon's _Decline and Fall of the Roman Empire_ . If I write a book about this stuff, it'll go right on the frontispiece. Something like: "It is quite attractive to posit the end of the world in one's analysis of current affairs, but historically, it hasn't proven to be correct." BTW, I've been looking for the exact quote for about 6 months, without having reread the whole damn book. If anyone who has actually *seen* an on-line copy of Gibbon would send me pointer to it, I would be much obliged. I have looked in all the usual places (Gutenberg, etc.) to no avail... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From raph at CS.Berkeley.EDU Mon Aug 21 06:51:22 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 21 Aug 95 06:51:22 PDT Subject: List of reliable remailers Message-ID: <199508211350.GAA04171@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all at chaos.taylored.com This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"vox"} = " cpunk pgp. post"; $remailer{"avox"} = " cpunk pgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp. hash"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub reord"; $remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post ek reord"; $remailer{"rahul"} = " cpunk pgp hash filter"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"syrinx"} = " cpunk pgp reord mix post"; $remailer{"ford"} = " cpunk pgp"; $remailer{"hroller"} = " cpunk pgp hash mix cut ek"; $remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"crown"} = " cpunk pgp hash latent cut mix ek reord"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"spook"} = " cpunk mix pgp hash latent cut ek"; $remailer{"gondolin"} = " cpunk mix hash latent cut ek ksub reord"; $remailer{"rmadillo"} = " mix cpunk pgp hash latent cut"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. 21 Apr 1995: The new version of premail (0.33) is out, with direct posting, perl5 and better MH support, and numerous bug fixes. Last ping: Mon 21 Aug 95 6:00:07 PDT remailer email address history latency uptime ----------------------------------------------------------------------- spook remailer at spook.alias.net +-------+--+ 2:37:07 99.99% portal hfinney at shell.portal.com #.-*#***##*# 20:53 99.99% replay remailer at replay.com *****++**+** 11:22 99.99% alumni hal at alumni.caltech.edu *.-*#******* 26:11 99.99% crown mixmaster at kether.alias.net ------------ 2:20:01 99.99% hacktic remailer at utopia.hacktic.nl *****++**+** 12:14 99.99% hroller hroller at c2.org -##*-***##** 11:48 99.93% syrinx syrinx at c2.org ----------- 2:02:23 99.92% mix mixmaster at remail.obscura.com -++------.. 9:59:29 99.91% c2 remail at c2.org -++++++++++ 47:13 99.90% flame remailer at flame.alias.net ++++++++++++ 55:03 99.83% ideath remailer at ideath.goldenbear.com -.-..----.- 5:50:27 99.75% vox remail at vox.xs4all.nl .--------- 12:10:38 99.99% ford remailer at bi-node.zerberus.de **#***-****# 5:54 99.42% bsu-cs nowhere at bsu-cs.bsu.edu ###*#_.-##+# 3:53:51 99.20% vishnu mixmaster at vishnu.alias.net -- --- ---- 3:01:49 99.07% gondolin mixmaster at gondolin.org *--*-* **+ 31:07 98.87% rmadillo remailer at armadillo.com **__.++++++* 3:57:22 98.33% extropia remail at extropia.wimsey.com . .--._.- 16:59:51 95.74% penet anon at anon.penet.fi +++*---- -++ 4:27:59 90.66% rahul homer at rahul.net ##**#***#*+# 6:58 99.99% rebma remailer at rebma.mn.org - 9:53:43 10.67% For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From aba at exe.ex.ac.uk Mon Aug 21 06:56:54 1995 From: aba at exe.ex.ac.uk (aba at exe.ex.ac.uk) Date: Mon, 21 Aug 95 06:56:54 PDT Subject: NEXT CHALLENGE... Message-ID: <9508211354.AA12454@toad.com> [Please note mail to me may bounce unless you are very careful with using addr aba at exe.ex.ac.uk, or aba at atlas.ex.ac.uk, as there are machines out here due to a physical breakin - a "RAM raid", I tried posting this on Sat, but the mailer was already out and mail is buffered, so may come out twice] A break down of Hal's challenge, could someone please check my logic in deriving an Andrew Roo's style config file for brutessl 1.0 and check my interpretation against Hal's interpretation in the previous challenge. Hal's previous challenge is indexed from his home page: http://www.portal.com/~hfinney/ I think the challenge file should look like this: -------------------------------------8<------------------------------------- # SSLbrute 1.0 parameter file for Hal Finney's 2nd SSL challenge as # posted to Cypherpunks on 19 August 1995. # # file checksum (ignoring # comments and whitespace) is 2977 CLEAR-MASTER fbc009916010a6153f8f36 CHALLENGE 07ea7b9d65eb61fabb4174e8453a5fc6 CONNECTION-ID d5e638d68ca8a1aeca2ef8c8e29602a4 SERVER-VERIFY 006599b6d2f2a736 -------------------------------------8<------------------------------------- Below I will give my resoning for each field. Each field as it is derived will be quoted with >>> Could a few people check that I have made no mistakes. Andrew Roos code is on: http://www.brute.cl.cam.ac.uk/brute/ as "brutessl.tar.gz", use "save next link as" in netscape (hold shift key down and click in Netscape 1.1). Could someone with a PC, and a 32 bit MS Visual C++ compiler handy compile a PC executable from the tarred files, some people won't have access to TAR under DOS, and a precompiled binary would be useful. Please send the binary to Piete if you do this (be sure to turn on all optimisations). I tried but my VC++ is not 32 bit, is it possible to produce 32 bit binaries which can be run from DOS with VC++ at all? Are the binaries you get with win 95 / win NT likely to run under DOS ? The keyserver will not be doling yet but please pickup the software ready to start. There is a unix based client, and a windows NT based client both available from that page. ---------------------------------------------------------------------- First message from client 0x80 0x1c 0x01 0x00 0x02 0x00 0x03 0x00 0x00 0x00 0x10 0x02 0x00 0x80 0x07 0xea 0x7b 0x9d 0x65 0xeb 0x61 0xfa 0xbb 0x41 0x74 0xe8 0x45 0x3a 0x5f 0xc6 0x80 0x1c Length field: 28 bytes follow in the packet. 0x01 MSG_CLIENT_HELLO 0x00 0x02 CLIENT-VERSION-MSB CLIENT-VERSION-LSB 0x00 0x03 CIPHER-SPECS-LENGTH-MSB CIPHER-SPECS-LENGTH-LSB 0x00 0x00 SESSION-ID-LENGTH-MSB SESSION-ID-LENGTH-LSB 0x00 0x10 CHALLENGE-LENGTH-MSB CHALLENGE-LENGTH-LSB 0x02 0x00 0x80 CIPHER-SPECS-DATA SESSION-ID-DATA 0x07 .. 0xc6 CHALLENGE-DATA [16 bytes] CHALLENGE is: >>> CHALLENGE 07ea7b9d65eb61fabb4174e8453a5fc6 first message from server 0x82 0x14 0x04 0x00 0x01 0x00 0x02 0x01 0xf6 0x00 0x03 0x00 0x10 0x30 0x82 0x01 0xf2 0x30 0x82 0x01 0x5b 0x02 0x02 0x01 0x8a 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x04 0x05 0x00 0x30 0x47 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x06 0x13 0x02 0x55 0x53 0x31 0x10 0x30 0x0e 0x06 0x03 0x55 0x04 0x0b 0x13 0x07 0x54 0x65 0x73 0x74 0x20 0x43 0x41 0x31 0x26 0x30 0x24 0x06 0x03 0x55 0x04 0x0a 0x13 0x1d 0x4e 0x65 0x74 0x73 0x63 0x61 0x70 0x65 0x20 0x43 0x6f 0x6d 0x6d 0x75 0x6e 0x69 0x63 0x61 0x74 0x69 0x6f 0x6e 0x73 0x20 0x43 0x6f 0x72 0x70 0x2e 0x30 0x1e 0x17 0x0d 0x39 0x35 0x30 0x37 0x31 0x31 0x32 0x32 0x34 0x31 0x34 0x35 0x5a 0x17 0x0d 0x39 0x37 0x30 0x37 0x31 0x30 0x32 0x32 0x34 0x31 0x34 0x35 0x5a 0x30 0x7f 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x06 0x13 0x02 0x55 0x53 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x08 0x13 0x02 0x43 0x41 0x31 0x16 0x30 0x14 0x06 0x03 0x55 0x04 0x07 0x13 0x0d 0x4d 0x6f 0x75 0x6e 0x74 0x61 0x69 0x6e 0x20 0x56 0x69 0x65 0x77 0x31 0x26 0x30 0x24 0x06 0x03 0x55 0x04 0x0a 0x13 0x1d 0x4e 0x65 0x74 0x73 0x63 0x61 0x70 0x65 0x20 0x43 0x6f 0x6d 0x6d 0x75 0x6e 0x69 0x63 0x61 0x74 0x69 0x6f 0x6e 0x73 0x20 0x43 0x6f 0x72 0x70 0x2e 0x31 0x23 0x30 0x21 0x06 0x03 0x55 0x04 0x03 0x13 0x1a 0x45 0x2d 0x53 0x74 0x6f 0x72 0x65 0x20 0x54 0x72 0x61 0x6e 0x73 0x61 0x63 0x74 0x69 0x6f 0x6e 0x20 0x53 0x65 0x72 0x76 0x65 0x72 0x30 0x5c 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x01 0x05 0x00 0x03 0x4b 0x00 0x30 0x48 0x02 0x41 0x00 0xc7 0x24 0x0d 0xbd 0xfe 0x5f 0x21 0x09 0xb4 0x46 0x12 0xbb 0xc7 0x4c 0xbc 0x0c 0x98 0xe3 0x11 0x19 0x60 0x85 0x86 0x0a 0xa2 0xaf 0xae 0x8f 0xf9 0x43 0x86 0x92 0x1f 0xcc 0xd3 0x38 0xcf 0x92 0x14 0xa7 0x8c 0x89 0x07 0x26 0xd4 0x21 0x55 0xa8 0x43 0x2d 0xb4 0xec 0xce 0x24 0x73 0x5e 0x7c 0xe2 0xbe 0x22 0x2d 0xbd 0x96 0xbf 0x02 0x03 0x01 0x00 0x01 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x04 0x05 0x00 0x03 0x81 0x81 0x00 0x8f 0xbe 0x0c 0xae 0xc8 0xf0 0x22 0xef 0xae 0x83 0xb5 0xb1 0xe3 0xb4 0xd9 0xd6 0xa9 0x4a 0xb6 0x60 0x9c 0x0b 0x00 0x70 0x12 0x88 0x73 0xd1 0xef 0xe2 0x54 0xf6 0x3a 0xc7 0xa5 0xbe 0xe1 0xe0 0xdb 0x4d 0x20 0x10 0x3d 0x68 0x7c 0x8d 0xdb 0x16 0xf6 0x67 0xe7 0x1d 0x51 0xbc 0x19 0xa2 0xf6 0xbf 0x6f 0xa4 0x52 0xc7 0x7e 0x50 0x3d 0xb9 0x3e 0x1e 0x67 0xff 0xf6 0xf2 0x5d 0xe7 0x2b 0x7e 0x3a 0x7e 0x6c 0x40 0xb7 0x04 0x9c 0x2c 0x2b 0x89 0x0f 0x8c 0xb5 0x93 0xd8 0xac 0x94 0xe6 0x5f 0x84 0xe8 0x71 0x75 0x9e 0x10 0x6e 0x36 0xe6 0x14 0xfe 0xba 0xf8 0x11 0x71 0x9d 0x74 0x33 0x48 0x74 0xc1 0xba 0xcb 0xff 0x58 0x86 0x8c 0xba 0x9c 0x08 0xad 0xce 0x8a 0x02 0x00 0x80 0xd5 0xe6 0x38 0xd6 0x8c 0xa8 0xa1 0xae 0xca 0x2e 0xf8 0xc8 0xe2 0x96 0x02 0xa4 This is interpreted as follows: 0x82 0x14 Packet length, 532 bytes follow. 0x04 MSG-SERVER-HELLO 0x00 SESSION-ID-HIT 0x01 CERTIFICATE-TYPE 0x00 0x02 SERVER-VERSION-MSB SERVER-VERSION-LSB 0x01 0xf6 CERTIFICATE-LENGTH-MSB CERTIFICATE-LENGTH-LSB 0x00 0x03 CIPHER-SPECS-LENGTH-MSB CIPHER-SPECS-LENGTH-LSB 0x00 0x10 CONNECTION-ID-LENGTH-MSB CONNECTION-ID-LENGTH-LSB 0x30...0x8a CERTIFICATE-DATA [502 bytes] 0x02 0x00 0x80 CIPHER-SPECS-DATA 0xd5...0xa4 CONNECTION-ID-DATA [16 bytes] CONNECTION-ID is: >>> CONNECTION-ID d5e638d68ca8a1aeca2ef8c8e29602a4 Second message from client 0x80 0x55 0x02 0x02 0x00 0x80 0x00 0x0b 0x00 0x40 0x00 0x00 0xfb 0xc0 0x09 0x91 0x60 0x10 0xa6 0x15 0x3f 0x8f 0x36 0x5a 0x19 0x06 0x8e 0x58 0xc4 0xfa 0xd0 0x73 0xd4 0x6d 0x20 0x97 0x2f 0x85 0x95 0xb3 0xa5 0x97 0xb5 0xe0 0x63 0x91 0x61 0xb7 0x76 0x3c 0x4e 0x62 0x8b 0x02 0x2b 0x05 0x98 0xd4 0x14 0x44 0x63 0xf3 0x43 0x7e 0xa0 0xa8 0x3f 0x16 0xb2 0x43 0x4b 0x24 0x76 0xae 0xba 0x8c 0x89 0x71 0xde 0x25 0x6b 0xce 0x89 0x77 0x8a 0x30 0x2a This is interpreted as follows: 0x80 0x55 Packet length, 85 bytes follow. 0x02 MSG-CLIENT-MASTER-KEY 0x02 0x00 0x80 CIPHER-KIND 0x00 0x0b CLEAR-KEY-LENGTH-MSB CLEAR-KEY-LENGTH-LSB 0x00 0x40 ENCRYPTED-KEY-LENGTH-MSB ENCRYPTED-KEY-LENGTH-LSB 0x00 0x00 KEY-ARG-LENGTH-MSB KEY-ARG-LENGTH-LSB 0xfb...0x36 CLEAR-KEY-DATA [11 bytes] 0x5a...0x2a ENCRYPTED-KEY-DATA [64 bytes] KEY-ARG-DATA So CLEAR-MASTER is: >>> CLEAR-MASTER fbc009916010a6153f8f36 Second message from server 0x80 0x21 0x9a 0xc5 0xf7 0xd1 0x6a 0x5b 0x26 0x43 0x57 0x67 0x65 0xb6 0x3f 0x9a 0xe3 0x82 0x00 0x65 0x99 0xb6 0xd2 0xf2 0xa7 0x36 0xa0 0x7d 0xd9 0x94 0xcf 0xe2 0x33 0xb2 0x1b This is interpreted as follows: 0x80 0x21 Packet length, 33 bytes follow 0x9a...0x82 RC4 encrypted MAC [16 bytes] 0x00 RC4 encrypted MSG-SERVER-VERIFY (0x05) 0x65...0x1b RC4 encrypted CHALLENGE-DATA from CLIENT-HELLO message [16 bytes] Plaintext (MSG-SERVER-VERIFY plus CHALLENGE-DATA): 0x05 0x07 0xea 0x7b 0x9d 0x65 0xeb 0x61 0xfa 0xbb 0x41 0x74 0xe8 0x45 0x3a 0x5f 0xc6 Ciphertext (from SERVER-VERIFY packet): 0x00 0x65 0x99 0xb6 0xd2 0xf2 0xa7 0x36 0xa0 0x7d 0xd9 0x94 0xcf 0xe2 0x33 0xb2 0x1b SERVER-VERIFY is the encrypted MSG-SERVER-VERIFY plus the first seven bytes of the encrypted CHALLENGE-DATA: >>> SERVER-VERIFY 006599b6d2f2a736 So the completed challenge file is: -------------------------------------8<------------------------------------- # SSLbrute 1.0 parameter file for Hal Finney's 2nd SSL challenge as # posted to Cypherpunks on 19 August 1995. # # file checksum (ignoring # comments and whitespace) is 2977 CLEAR-MASTER fbc009916010a6153f8f36 CHALLENGE 07ea7b9d65eb61fabb4174e8453a5fc6 CONNECTION-ID d5e638d68ca8a1aeca2ef8c8e29602a4 SERVER-VERIFY 006599b6d2f2a736 -------------------------------------8<------------------------------------- Adam From lws+ at transarc.com Mon Aug 21 07:04:41 1995 From: lws+ at transarc.com (Lyle Seaman) Date: Mon, 21 Aug 95 07:04:41 PDT Subject: Third World Man In-Reply-To: Message-ID: <8kC8vdaSMUw8I0axsN@transarc.com> tcmay at got.net (Timothy C. May) writes: > The U.S. is not likely to find itself relegated to third world status over > this issue. Rhetorically, I wish it were so, but it just ain't. This > issue--like the McCarthy hearings in the 1950s, the race issue in the '60s, > the Vietnam war in the '60s and '70s, to name a few cases, _sounds_ really > serious. And it is, as those cases were, but predicting the imminent > collapse of American civilization is usually a lose. In all those cases, the critics were right. You just think "imminent" means "in the next year or two". Look at at the signs, man -- literacy and child mortality rates, an imprisoned populace, massive government debt, etc. The US is slipping into the second world as we speak, with no signs of a turnaround ahead. Only the sheer size of the economy keeps people from believing it. The critics _were_ right. (Incidentally, the race issue certainly spans more than a mere decade. The race-related violent demonstrations certainly peaked in the 60s, but the deleterious effects of forced immigration and slavery have been a blight on society every day for almost three centuries.) Go right ahead, fed, ban strong crypto. The coffin only needs a few more nails. From perry at piermont.com Mon Aug 21 07:13:21 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 21 Aug 95 07:13:21 PDT Subject: Basically F-C-ed In-Reply-To: <199508210927.LAA20988@digicash.com> Message-ID: <199508211411.KAA02016@frankenstein.piermont.com> I'm not sure this has much to do with crypto any more... .pm Marcel van der Peijl writes: > My $0.02 on the 'strict security' on Schiphol (first one to cash in > gets it) based upon personal experience: > > American airlines (Northwest, United) have very strict security when > departing from Schiphol. Interviews, men with rifles, queries on who > packed your luggae, etc. But all the crap I drag around (200+ kilo's of > exhibition equipment full of custom built hardware, large batteries, > transformers etc) has never been opened. > > However, you should try flying a different airline: KLM, Lufthansa, etc. > No interviews, no guns, just friendly people. > > // Marcel van der Peijl, DigiCash bv, http://www.digicash.com/~bigmac/ > // The hottest instruction on a P90? JMP $ @ 2.633A or 52C (with fan) > > -----BEGIN ECASH PAYMENT----- > > oLmQgwABBKGgiqCukIEOkIECkIECkIEBkIEBkYQwOFBMkIQwSsVMkIEOkoFAlJS9 > 6s3VPOknMsxX6gckPyMn5pTcxZSUvidM8tDgBQYJ1/mvUX0btKmF3yuQgRCSik15 > IDIgY2VudHOSgJSAkIIB4pGEAAAAAJCBAKGguKCrkIIBIZPAJ83XcZEK8+t+LfQy > EXr67l4ronGhdnuPNhuW8cBkDuHcFSX1zLMJasUaMmul7wA79+myPl1/HBRHSdku > xEgBBpPAU6yZn9wp1lyDpRVcGh7Hkez5HMwItWcVXKcu9EDLauSMx5yvb5XKb3R6 > 7vPD6IwSY9nXc9bLRm+PAdZatnDwBJCBAqGhoQ== > -----END ECASH PAYMENT----- > > > > > From cme at TIS.COM Mon Aug 21 07:13:23 1995 From: cme at TIS.COM (Carl Ellison) Date: Mon, 21 Aug 95 07:13:23 PDT Subject: Export policy change In-Reply-To: <199508181846.LAA12609@comsec.com> Message-ID: <9508211409.AA26815@tis.com> >From: Rich Salz >Date: Thu, 17 Aug 1995 23:48:01 -0400 >The >reporter (Dan Charles?) said something like anyone can hold the keys, >as long as they will be made avail when presented with a court order. >He also said, US citizens will still be able to use strong crypto >without key escrow internally. The real question is whether manufacturers will bother producing multiple versions -- one domestic, one foreign. There's room for cypherpunks yet -- not only writing crypto applications but also generating emergency-access systems (e.g., for PGP) which meet our needs. - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From trei at process.com Mon Aug 21 07:22:30 1995 From: trei at process.com (Peter Trei) Date: Mon, 21 Aug 95 07:22:30 PDT Subject: A glance at the future of missing child identification Message-ID: <9508211422.AA13099@toad.com> > We all read the stories. "Infant stolen from crib in Hospital", "Thousands > of children abducted every year". Many parents would jump at the anything > that might increase the chance of recovering their children should they be > abducted. Just take a look at lines during "Child Fingerprint Days" at you > local mall. > The transpoders also provide ID for the ATMs and credit card termials of > the future. No criminal can loot your account. You can leave the ATM card > at home. How convenient! This is one place where the nutty end of the religious right can actually help preserve liberties - the proposal is so close the the 'mark of the Beast' in Revelations that they can be counted on to oppose it to their dying breaths. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From joelm at eskimo.com Mon Aug 21 07:24:28 1995 From: joelm at eskimo.com (Joel McNamara) Date: Mon, 21 Aug 95 07:24:28 PDT Subject: Legality of suverting computational cycles via Microsoft Message-ID: <199508211423.HAA08515@mail.eskimo.com> >Does anybody here know if it is illegal to get unwiting users to download >benign viruses via MSN? > >Doesn't this sort of hole, by its very nature, make it trivial for people >to violate Europes future electronic privacy laws? (despite Microsoft's >guarantee that MSN would follow those rules.) > >JWS > Yes, the whole MSN virus thing is quite interesting from a privacy standpoint. About 9 months ago (after I'd left Microsoft) I was evaluating the security risks of viruses that could be embedded in Word and Excel documents. It is actually quite trivial to develop a virus or Trojan-horse with macro BASIC that is completely transparent to the user. Once the document is opened, the code executes and does its thing. Many organizations use e-mail software that supports attaching a file to an e-mail message. You double click the file icon, it runs the creator application (i.e. Word, Excel), and loads the document. Everyone at Microsoft, uses MS Mail. An interesting scenario I proposed would be to send e-mail to Bill Gates (anonymously or with a spoofed address) with the text body reading something like "Bill, here's a way to get more marketshare away from Novell. Read the attached document." He'd obviously double click the file icon, which would have some real data in it to make it look legitimate. However, when the document opened, he would have unwittingly executed a macro that scanned his hard drive and e-mailed the directory contents or an interesting looking file or two elsewhere. As e-mail within MSN supports this type of object/file embedding, there are not only risks from destructive viruses but also potential attacks on your privacy (no, not the MSN online registration thing, but a targeted attack by an individual/organization). Concluding note: When I was at MS, the saying "Eat your own dog food" was popular (akin to "some things come back to haunt you"). Last week a friend told me the company was being plagued with a non-destructive version of a Word macro-virus. Let's say in the future someone "get's hurt" because of MSN's embedding feature and decides to sue Microsoft. It will be interesting to see the company's response when they knew that a security flaw existed internally, but did nothing to resolve it externally. Joel McNamara joelm at eskimo.com - http://www.eskimo.com/~joelm for PGP key Thomas Jefferson used strong crypto, shouldn't you? From cme at TIS.COM Mon Aug 21 07:49:15 1995 From: cme at TIS.COM (Carl Ellison) Date: Mon, 21 Aug 95 07:49:15 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: <199508182054.NAA16103@comsec.com> Message-ID: <9508211437.AA29550@tis.com> >Date: Fri, 18 Aug 1995 14:47:55 -0400 (EDT) >From: Michael Froomkin >You have decided to allow the private CAs to issue certificates of varying >degrees of corroberation so long as the degree of verification used is >deducible from the certificate. E.g. a certificate might say "we check >the passport"; or "we check driver's license" or "we took blood, hair, >fingprint, retinal scan and first-born child". It might even say "we >checked nothing". You have also decided that a CA may issue a certificate >in the name of a pseudonym, so long as the CA retains information about >the True Name. Now the issue arises as to whether one should allow the CA >to issue certificates to pseudonyms where it has *no record* of the real >identity of the person proffering the key pair. > >Is there any reason why a person would want such a certificate? I see several reasons, but I don't see a reason for a CA in this case. The key being signed can serve in place of the CA's key. That is, the key can be self-signed. All that needs to be proved in this case is that someone owns the private key which goes with the public key. As for what good that key is -- Prior to our meeting in person this year, all you knew about me was by my postings. If I had signed all of them with the same self-signed key, then you would know that all of those postings came from one "person" (the set of people, presumably only one person, with access to the private key). The postings define the person, in your mind, and you are absolutely certain that they came from that person (defined as I did above). You don't need any further certification to attest to that fact. No economic impact, you say? My postings could have been S/W. You could have tried my S/W and liked it -- hiring me to do work for you privately. In all this process, we need never meet. If we don't meet, it doesn't matter what my blood type is or if I have a driver's license or a passport. I could even be a small, silver-skinned alien who is perpetually in hiding. No money transfer, you say? Wells Fargo bank (an innovator) could initiate public-key bank accounts. I would open the account by sending them a self-signed public key. They would use that key as my bank account number. Anyone would be allowed to deposit money into that account (e.g., using CyberCash transfers). Only I, the person holding the private key, would be permitted to transfer funds out. Again, in the Internet, nobody knows you're a dog-faced alien sea creature. - Carl From danisch at ira.uka.de Mon Aug 21 08:12:39 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Mon, 21 Aug 95 08:12:39 PDT Subject: A glance at the future of missing child identification Message-ID: <9508211509.AA04027@elysion.iaks.ira.uka.de> > The car system used here in the U.S. is called "Lo-Jack," as in the > opposite of "hijack." I don't see how putting the transponders in ignition > keys would do much to stop theft, but maybe I'm unaware of European > developments. (There are keys with chips in them, acting as electronic > keys, or to make the keys harder to duplicate, but not to track the cars.) The computer which controls the engine checks whether there is a transponder in the ignition key. The key sends a 32 bit ID number. If this number was registered in the computer, the engine works, otherwise not. You can't start the engine just by shortcutting some wires. > >Perhaps a drug dealer may be more usefull if he moves free and > >has a transponder inside which he doesn't know about, that having > >him in jail. [ This should have been "than having him...". I was very tired yesterday evening. It's embarrassing to see how many typos I made :-( ] > Implausible. The theft detectors are not picking up specific transponders, > just the "on" or "off" state of the things attached to clothing, books, > CDs, etc. (I say "things" because some of them are strips inserted in > books, some are tag-like things clamped to clothing, etc.) No, the theft detectors don't. But they are big and unsuspicious enough to hide specific detectors for big brothers... > Again, the infrastructure is lacking. The simple detectors in stores would > have to be upgraded to track more sophisticated transponders. The stores > would have to cooperate, etc. Implausible. Why implausible? Stores cooperate. I know about a big department store in Germany (but I don't tell you which one) which has a large secret military hospital and a medical stock below it's basement. None of the employees knows about. If they cooperate in having a complete hospital inside, why shouldn't they cooperate in having some antennas and some wires? Hadmut From altitude at cic.net Mon Aug 21 08:23:36 1995 From: altitude at cic.net (Alex Tang) Date: Mon, 21 Aug 95 08:23:36 PDT Subject: NEXT CHALLENGE... In-Reply-To: <9508211354.AA12454@toad.com> Message-ID: <199508211516.LAA08870@petrified.cic.net> On Mon Aug 21 09:26:50 1995: you scribbled... > > -------------------------------------8<------------------------------------- > # SSLbrute 1.0 parameter file for Hal Finney's 2nd SSL challenge as > # posted to Cypherpunks on 19 August 1995. > # > # file checksum (ignoring # comments and whitespace) is 2977 > > CLEAR-MASTER fbc009916010a6153f8f36 > CHALLENGE 07ea7b9d65eb61fabb4174e8453a5fc6 > CONNECTION-ID d5e638d68ca8a1aeca2ef8c8e29602a4 > SERVER-VERIFY 006599b6d2f2a736 > -------------------------------------8<------------------------------------- I've checked these numbers and I got the same answers. Anyone who feels up to it can check the page http://petrified.cic.net/~altitude/ssl/ssl.challenge.2.long > The keyserver will not be doling yet but please pickup the software > ready to start. Just a question, what's the purpose of this challenge? If it's to do it as fast as we can, then what about the person who already posted to the list saying that they were starting (with keys a000 -> afff). ...alex... From aba at dcs.exeter.ac.uk Mon Aug 21 08:37:01 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Mon, 21 Aug 95 08:37:01 PDT Subject: NEXT CHALLENGE: volunteers to compile brutessl for a few platforms Message-ID: <18518.9508191936@exe.dcs.exeter.ac.uk> Could someone with a few things handy compile Andrew Roos code so that we have a nice handy pre-compiled DOS binary. A must will be a DOS binary, what other platforms? - DOS (Need Microsoft visual C++ I think this is what Andrew used, there is an assembler speed up file) - OS/2? - PowerPC + MAC? Any other architecture you would like to see a binary made available for. Please send binary to Piete (cc line) or me, and it would be nice if you could provide a detatched PGP signature also. The tar file is at: http://dcs.ex.ac.uk/~aba/brutessl.tar.gz There is a pointer to brutessl.tar.gz. You'll need to use save next link ( "shift and click" on URL in netscape 1.1 ), or whatever mechanism your browser provides. You'll also need TAR.EXE and GZIP.EXE for DOS to unpack a .tar.gz file. In case this is a problem I have just created this: http://dcs.ex.ac.uk/~aba/brutessl/ containing these files: 2 -rw-r--r-- 1 aba phd 439 Jul 31 11:14 Makefile 2 -rw-r--r-- 1 aba phd 602 Jul 31 17:19 README 34 -rw-r--r-- 1 aba phd 16450 Jul 31 17:20 assembly.c 42 -rw-r--r-- 1 aba phd 21373 Jul 31 17:21 brutessl.c 6 -rw-r--r-- 1 aba phd 2776 Jul 31 17:21 brutessl.h 26 -rw-r--r-- 1 aba phd 12709 Jul 31 17:21 brutessl.txt 2 -rw-r--r-- 1 aba phd 351 Aug 19 20:31 chal2.pf 2 -rw-r--r-- 1 aba phd 264 Jul 31 17:21 chal1.pf 34 -rw-r--r-- 1 aba phd 16500 Jul 31 17:22 search.c 2 -rw-r--r-- 1 aba phd 296 Jul 31 17:22 test.pf You should be able to access them individually as: http://dcs.ex.ac.uk/~aba/brutessl/Makefile etc. (just in case you can't handle TAR / GZIP files on your DOS machine). chal1.pf is the challenge that Damien just broke, chal2.pf is my first attempt at producing a challenge file for Hal's next challenge. The challenge info will be at: http://www.brute.cl.cam.ac.uk/brute/ when it starts. Adam From aba at dcs.exeter.ac.uk Mon Aug 21 08:37:01 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Mon, 21 Aug 95 08:37:01 PDT Subject: NEXT CHALLENGE: plan of action Message-ID: <18599.9508192006@exe.dcs.exeter.ac.uk> Okay this a bit awkward because Piete doesn't appear to be in today, but there are a few things which need doing first (compiling which I mentioned in the previous message, and a 2nd opinion on the config file which I posted in the previous message to that), so perhaps this is not a problem. What we want to do (what I want to do!) with this latest challenge of Hal's is to try to see how fast it can be brute forced. To this end we need a kind of starting line effect, so everyone gets their software, and has it tested as running correctly. People using the socket doler have their clients ticking over, people using the WWW browser have their fingers poised over the button etc, and then Piete (when he gets back, let's say Monday 12:00 GMT to be safe, he can ammend that time later if necessary when he next gets on line) will start the race. Sound like a good plan? Where to find things... The brutessl software, the unix socket client, and the Windows NT client are on: http://www.brute.cl.cam.ac.uk/brute/ Also I have (temporarily, until Piete has a chance to update www.brute.cl.cam.ac.uk) the brutessl code here: http://dcs.ex.ac.uk/~aba/brutessl/ (both TAR file, and individual files untarred). If and when people compile binaries for architectures which don't typically come with compilers by default - such as DOS, OS/2, Macs, I'll put any binaries sent to me in this directory. When Piete gets back, he'll either make a pointer to this repository, or copy it on to www.brute. UNIX client. How to use the unix client... download brclient from the www page: http://www.brute.cl.cam.ac.uk/brute/ it is a perl program so you may have to edit the path to perl (the 1st line of the program should be #!/full/path/to/perl/binary), and you will have to mark it as executable. You will also need a shell script called brloop which uses brclient. It is on Piete's "sources" page, this page is indexed from the main brute page above, here it is explicitly. http://www.brute.cl.cam.ac.uk/ftp/pub/brute/README.html So get brloop. Get and compile the brutessl.tar.gz file. Run brloop. The brclient perl socket client talks to a machine with a DNS: sksp.brute.cl.cam.ac.uk on port number 19957 At the moment the server is not running so it will fail, but when Piete starts it up, your client will periodically ask for work, before the start time (Monday 12:00 GMT, or later time if this time is changed) your client will just be told to sleep for a while, when it wakes up it will ask for work again. In this way the client can be left ticking over, when work does arrive it will notice, as it will actually recieve some work when it makes the request, and start doing it, and reporting back when it finishes each chunk. For a more detailed description of the socket protocol that Piete's brclient will talk to the key server, have a look at this document "SKSP Simple Key Searching Protocol" an SMTP like protocol for requesting keys to search, and reporting back the results. http://www.brute.cl.cam.ac.uk/ftp/pub/brute/protocol.txt (This is indexed from the main www.brute page under "new protocol".) There is a windows NT socket client written by Andrew Brown, pointers to that also. If you want to write a socket client for another architecture (someone mentioned PowerPC?) the protocol is reasonably straight forward, and documented in the protocol.txt file above. Adam From aba at dcs.exeter.ac.uk Mon Aug 21 08:37:06 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Mon, 21 Aug 95 08:37:06 PDT Subject: NEXT CHALLENGE: please check my config file Message-ID: <18468.9508191922@exe.dcs.exeter.ac.uk> As you may have surmised Hal has given us another challenge to satisfy the people who want to do a challenge to see *how fast* they can do it by involving as many people and their computers as possible. Here's my take on interpreting Hal's data to come up with a configuration file. I think the challenge file should look like this: -------------------------------------8<------------------------------------- # SSLbrute 1.0 parameter file for Hal Finney's 2nd SSL challenge as # posted to Cypherpunks on 19 August 1995. # # file checksum (ignoring # comments and whitespace) is 2977 CLEAR-MASTER fbc009916010a6153f8f36 CHALLENGE 07ea7b9d65eb61fabb4174e8453a5fc6 CONNECTION-ID d5e638d68ca8a1aeca2ef8c8e29602a4 SERVER-VERIFY 006599b6d2f2a736 -------------------------------------8<------------------------------------- Below I will give my resoning for each field. Each field as it is derived will be quoted with >>> Could a few people check that I have made no mistakes. Please check, thanks. Adam >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> A break down of Hal's challenge, could someone please check my logic in deriving an Andrew Roo's style config file for brutessl 1.0 and check my interpretation against Hal's interpretation in the previous challenge. ---------------------------------------------------------------------- First message from client 0x80 0x1c 0x01 0x00 0x02 0x00 0x03 0x00 0x00 0x00 0x10 0x02 0x00 0x80 0x07 0xea 0x7b 0x9d 0x65 0xeb 0x61 0xfa 0xbb 0x41 0x74 0xe8 0x45 0x3a 0x5f 0xc6 0x80 0x1c Length field: 28 bytes follow in the packet. 0x01 MSG_CLIENT_HELLO 0x00 0x02 CLIENT-VERSION-MSB CLIENT-VERSION-LSB 0x00 0x03 CIPHER-SPECS-LENGTH-MSB CIPHER-SPECS-LENGTH-LSB 0x00 0x00 SESSION-ID-LENGTH-MSB SESSION-ID-LENGTH-LSB 0x00 0x10 CHALLENGE-LENGTH-MSB CHALLENGE-LENGTH-LSB 0x02 0x00 0x80 CIPHER-SPECS-DATA SESSION-ID-DATA 0x07 .. 0xc6 CHALLENGE-DATA [16 bytes] CHALLENGE is: >>> CHALLENGE 07ea7b9d65eb61fabb4174e8453a5fc6 first message from server 0x82 0x14 0x04 0x00 0x01 0x00 0x02 0x01 0xf6 0x00 0x03 0x00 0x10 0x30 0x82 0x01 0xf2 0x30 0x82 0x01 0x5b 0x02 0x02 0x01 0x8a 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x04 0x05 0x00 0x30 0x47 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x06 0x13 0x02 0x55 0x53 0x31 0x10 0x30 0x0e 0x06 0x03 0x55 0x04 0x0b 0x13 0x07 0x54 0x65 0x73 0x74 0x20 0x43 0x41 0x31 0x26 0x30 0x24 0x06 0x03 0x55 0x04 0x0a 0x13 0x1d 0x4e 0x65 0x74 0x73 0x63 0x61 0x70 0x65 0x20 0x43 0x6f 0x6d 0x6d 0x75 0x6e 0x69 0x63 0x61 0x74 0x69 0x6f 0x6e 0x73 0x20 0x43 0x6f 0x72 0x70 0x2e 0x30 0x1e 0x17 0x0d 0x39 0x35 0x30 0x37 0x31 0x31 0x32 0x32 0x34 0x31 0x34 0x35 0x5a 0x17 0x0d 0x39 0x37 0x30 0x37 0x31 0x30 0x32 0x32 0x34 0x31 0x34 0x35 0x5a 0x30 0x7f 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x06 0x13 0x02 0x55 0x53 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x08 0x13 0x02 0x43 0x41 0x31 0x16 0x30 0x14 0x06 0x03 0x55 0x04 0x07 0x13 0x0d 0x4d 0x6f 0x75 0x6e 0x74 0x61 0x69 0x6e 0x20 0x56 0x69 0x65 0x77 0x31 0x26 0x30 0x24 0x06 0x03 0x55 0x04 0x0a 0x13 0x1d 0x4e 0x65 0x74 0x73 0x63 0x61 0x70 0x65 0x20 0x43 0x6f 0x6d 0x6d 0x75 0x6e 0x69 0x63 0x61 0x74 0x69 0x6f 0x6e 0x73 0x20 0x43 0x6f 0x72 0x70 0x2e 0x31 0x23 0x30 0x21 0x06 0x03 0x55 0x04 0x03 0x13 0x1a 0x45 0x2d 0x53 0x74 0x6f 0x72 0x65 0x20 0x54 0x72 0x61 0x6e 0x73 0x61 0x63 0x74 0x69 0x6f 0x6e 0x20 0x53 0x65 0x72 0x76 0x65 0x72 0x30 0x5c 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x01 0x05 0x00 0x03 0x4b 0x00 0x30 0x48 0x02 0x41 0x00 0xc7 0x24 0x0d 0xbd 0xfe 0x5f 0x21 0x09 0xb4 0x46 0x12 0xbb 0xc7 0x4c 0xbc 0x0c 0x98 0xe3 0x11 0x19 0x60 0x85 0x86 0x0a 0xa2 0xaf 0xae 0x8f 0xf9 0x43 0x86 0x92 0x1f 0xcc 0xd3 0x38 0xcf 0x92 0x14 0xa7 0x8c 0x89 0x07 0x26 0xd4 0x21 0x55 0xa8 0x43 0x2d 0xb4 0xec 0xce 0x24 0x73 0x5e 0x7c 0xe2 0xbe 0x22 0x2d 0xbd 0x96 0xbf 0x02 0x03 0x01 0x00 0x01 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x04 0x05 0x00 0x03 0x81 0x81 0x00 0x8f 0xbe 0x0c 0xae 0xc8 0xf0 0x22 0xef 0xae 0x83 0xb5 0xb1 0xe3 0xb4 0xd9 0xd6 0xa9 0x4a 0xb6 0x60 0x9c 0x0b 0x00 0x70 0x12 0x88 0x73 0xd1 0xef 0xe2 0x54 0xf6 0x3a 0xc7 0xa5 0xbe 0xe1 0xe0 0xdb 0x4d 0x20 0x10 0x3d 0x68 0x7c 0x8d 0xdb 0x16 0xf6 0x67 0xe7 0x1d 0x51 0xbc 0x19 0xa2 0xf6 0xbf 0x6f 0xa4 0x52 0xc7 0x7e 0x50 0x3d 0xb9 0x3e 0x1e 0x67 0xff 0xf6 0xf2 0x5d 0xe7 0x2b 0x7e 0x3a 0x7e 0x6c 0x40 0xb7 0x04 0x9c 0x2c 0x2b 0x89 0x0f 0x8c 0xb5 0x93 0xd8 0xac 0x94 0xe6 0x5f 0x84 0xe8 0x71 0x75 0x9e 0x10 0x6e 0x36 0xe6 0x14 0xfe 0xba 0xf8 0x11 0x71 0x9d 0x74 0x33 0x48 0x74 0xc1 0xba 0xcb 0xff 0x58 0x86 0x8c 0xba 0x9c 0x08 0xad 0xce 0x8a 0x02 0x00 0x80 0xd5 0xe6 0x38 0xd6 0x8c 0xa8 0xa1 0xae 0xca 0x2e 0xf8 0xc8 0xe2 0x96 0x02 0xa4 This is interpreted as follows: 0x82 0x14 Packet length, 532 bytes follow. 0x04 MSG-SERVER-HELLO 0x00 SESSION-ID-HIT 0x01 CERTIFICATE-TYPE 0x00 0x02 SERVER-VERSION-MSB SERVER-VERSION-LSB 0x01 0xf6 CERTIFICATE-LENGTH-MSB CERTIFICATE-LENGTH-LSB 0x00 0x03 CIPHER-SPECS-LENGTH-MSB CIPHER-SPECS-LENGTH-LSB 0x00 0x10 CONNECTION-ID-LENGTH-MSB CONNECTION-ID-LENGTH-LSB 0x30...0x8a CERTIFICATE-DATA [502 bytes] 0x02 0x00 0x80 CIPHER-SPECS-DATA 0xd5...0xa4 CONNECTION-ID-DATA [16 bytes] CONNECTION-ID is: >>> CONNECTION-ID d5e638d68ca8a1aeca2ef8c8e29602a4 Second message from client 0x80 0x55 0x02 0x02 0x00 0x80 0x00 0x0b 0x00 0x40 0x00 0x00 0xfb 0xc0 0x09 0x91 0x60 0x10 0xa6 0x15 0x3f 0x8f 0x36 0x5a 0x19 0x06 0x8e 0x58 0xc4 0xfa 0xd0 0x73 0xd4 0x6d 0x20 0x97 0x2f 0x85 0x95 0xb3 0xa5 0x97 0xb5 0xe0 0x63 0x91 0x61 0xb7 0x76 0x3c 0x4e 0x62 0x8b 0x02 0x2b 0x05 0x98 0xd4 0x14 0x44 0x63 0xf3 0x43 0x7e 0xa0 0xa8 0x3f 0x16 0xb2 0x43 0x4b 0x24 0x76 0xae 0xba 0x8c 0x89 0x71 0xde 0x25 0x6b 0xce 0x89 0x77 0x8a 0x30 0x2a This is interpreted as follows: 0x80 0x55 Packet length, 85 bytes follow. 0x02 MSG-CLIENT-MASTER-KEY 0x02 0x00 0x80 CIPHER-KIND 0x00 0x0b CLEAR-KEY-LENGTH-MSB CLEAR-KEY-LENGTH-LSB 0x00 0x40 ENCRYPTED-KEY-LENGTH-MSB ENCRYPTED-KEY-LENGTH-LSB 0x00 0x00 KEY-ARG-LENGTH-MSB KEY-ARG-LENGTH-LSB 0xfb...0x36 CLEAR-KEY-DATA [11 bytes] 0x5a...0x2a ENCRYPTED-KEY-DATA [64 bytes] KEY-ARG-DATA So CLEAR-MASTER is: >>> CLEAR-MASTER fbc009916010a6153f8f36 Second message from server 0x80 0x21 0x9a 0xc5 0xf7 0xd1 0x6a 0x5b 0x26 0x43 0x57 0x67 0x65 0xb6 0x3f 0x9a 0xe3 0x82 0x00 0x65 0x99 0xb6 0xd2 0xf2 0xa7 0x36 0xa0 0x7d 0xd9 0x94 0xcf 0xe2 0x33 0xb2 0x1b This is interpreted as follows: 0x80 0x21 Packet length, 33 bytes follow 0x9a...0x82 RC4 encrypted MAC [16 bytes] 0x00 RC4 encrypted MSG-SERVER-VERIFY (0x05) 0x65...0x1b RC4 encrypted CHALLENGE-DATA from CLIENT-HELLO message [16 bytes] Plaintext (MSG-SERVER-VERIFY plus CHALLENGE-DATA): 0x05 0x07 0xea 0x7b 0x9d 0x65 0xeb 0x61 0xfa 0xbb 0x41 0x74 0xe8 0x45 0x3a 0x5f 0xc6 Ciphertext (from SERVER-VERIFY packet): 0x00 0x65 0x99 0xb6 0xd2 0xf2 0xa7 0x36 0xa0 0x7d 0xd9 0x94 0xcf 0xe2 0x33 0xb2 0x1b SERVER-VERIFY is the encrypted MSG-SERVER-VERIFY plus the first seven bytes of the encrypted CHALLENGE-DATA: >>> SERVER-VERIFY 006599b6d2f2a736 So the completed challenge file is: -------------------------------------8<------------------------------------- # SSLbrute 1.0 parameter file for Hal Finney's 2nd SSL challenge as # posted to Cypherpunks on 19 August 1995. # # file checksum (ignoring # comments and whitespace) is 2977 CLEAR-MASTER fbc009916010a6153f8f36 CHALLENGE 07ea7b9d65eb61fabb4174e8453a5fc6 CONNECTION-ID d5e638d68ca8a1aeca2ef8c8e29602a4 SERVER-VERIFY 006599b6d2f2a736 -------------------------------------8<------------------------------------- Adam From aba at dcs.exeter.ac.uk Mon Aug 21 09:30:47 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Mon, 21 Aug 95 09:30:47 PDT Subject: NEXT CHALLENGE: plan of action? Message-ID: <25403.9508211621@exe.dcs.exeter.ac.uk> [First please moderate my previous couple of postings with the knowledge that they may (if they even got out) have been hanging in suspended animation for ~40 hours due to stuffed mail server, and some things have changed since then.] I've been out of things for a couple of days due to aforementioned dead mailer. All's well now (well it's croaking along passably anyway). Just posted a config file for Hals 2nd challenge, which Alex Tang has kindly checked. I read on Saturday Ian Goldbergs post about starting out on the challenge using Damiens code. It doesn't matter a great deal which code is used as such, but the main thing is to ensure that this is a coordinated effort. The aim of the challenge (which I requested and Hal kindly provided just before popping off for a week or so's holiday) was to see how fast a SSL challenge could be broken. Not how *soon*, note the distinction. That means that if for instance we count the time that Ian has been clocking up since Saturday, the real time will be slowed by approx 2 days. We really need to do this with a starting-line like affair, so that someone is running a server, and everyone gets the code compiled etc, and then the server starts offering the challenge and all the clients fire off. That way we have a less straggly start up which makes for better bruteing figures. Agreed so far? If so here's my ideas... Use Andrew Roos client & Piete's socket server / WWW client for the reason that this combination has been designed to operate both an automated sockets master / slave system and offer manual key allocation over WWW for those without direct connectivity, or behind firewalls. All of the software for this system is indexed from the URL: http://www.brute.cl.cam.ac.uk/brute/ or ftp://ftp.brute.cl.cam.ac.uk/pub/brute/ The socket server running SKSP protocol (more ont he protocol later) is at this address: sksp.brute.cl.cam.ac.uk 19957 (ie port no 19957) The clients are setup to use this address by default in any case. The WWW based key doler is indexed from the WWW page above: http://www.brute.cl.cam.ac.uk/brute/ and this (transparently) interacts with the socket server also, so WWW users can via a WWW forms interface take out keyspace to sweep, and return the keyspace after sweeping. The SKSP (Simple Key Searching Protocol) is described in an RFC like document available here: http://www.brute.cl.cam.ac.uk/ftp/pub/brute/protocol.txt for anyone wishing to write clients for other platforms, or with more advanced features, or for those simply wishing to know what language the client is talking. Where to find things... The brutessl software, the unix socket client, and the Windows NT client are on: http://www.brute.cl.cam.ac.uk/brute/ Also I have put an untarred version of the brutessl code here: http://dcs.ex.ac.uk/~aba/brutessl/ (individual files untarred). If and when people compile binaries for architectures which don't typically come with compilers by default - such as DOS, OS/2, Macs, I'll put any binaries sent to me in this directory, and / or send to Piete for a pointer to this repository, or copying to brute.cl. UNIX client. How to use the unix client... download brclient from the www page: http://www.brute.cl.cam.ac.uk/brute/ it is a perl program so you may have to edit the path to perl (the 1st line of the program should be #!/full/path/to/perl/binary), and you will have to mark it as executable. You will also need a shell script called brloop which uses brclient. It is on Piete's "sources" page, this page is indexed from the main brute page above, here it is explicitly. http://www.brute.cl.cam.ac.uk/ftp/pub/brute/README.html So get brloop. Get and compile the brutessl.tar.gz file. Run brloop. The brclient perl socket client talks to a machine with a DNS: sksp.brute.cl.cam.ac.uk on port number 19957 At the moment the server is running and will ask your client to sleep, as the challenge has not been started yet. When Piete starts it up, your client will periodically ask for work, before the start time (Tue 12:00 GMT, or later time if this time is changed) your client will just be told to sleep for a while, when it wakes up it will ask for work again. In this way the client can be left ticking over, when work does arrive it will notice, as it will actually recieve some work when it makes the request, and start doing it, and reporting back when it finishes each chunk. There is a windows NT socket client written by Andrew Brown, pointers to that also. Adam From jya at pipeline.com Mon Aug 21 09:31:07 1995 From: jya at pipeline.com (John Young) Date: Mon, 21 Aug 95 09:31:07 PDT Subject: ENE_mah Message-ID: <199508211622.MAA03823@pipe2.nyc.pipeline.com> 8-21-95. NYPaper: "C.I.A. Re-examines Hiring Of Ex-Terrorist as Agent: Agency Has Misgivings About Some on Payroll." As the Central Intelligence Agency cleans house after the cold war, trimming its roster of foreign agents and writing new rules for hiring them, a retired terrorist who was until recently on the agency's payroll has given it cause for some soul-searching. The case is a classic example of the dilemma the C.I.A. continually faces in recruiting foreign agents. The intelligence agency struggles to balance the demand to obtain information with its desire to keep its own hands clean, though it frames the issue in terms of national security, not morality. The C.I.A. will draw on the experience of the Federal Bureau of Investigation and the Drug Enforcement Administration in dealing with informants in the future. That is a break from the past; the agency has long considered law enforcement procedures an enema. ENE_mah From trei at process.com Mon Aug 21 09:56:20 1995 From: trei at process.com (Peter Trei) Date: Mon, 21 Aug 95 09:56:20 PDT Subject: Third World Man Message-ID: <9508211648.AA17528@toad.com> > The US is slipping into the second world as we > speak, with no signs of a turnaround ahead. Only the sheer size of > the economy keeps people from believing it. Just a nomenclature peeve - I'm not sure of the precise time and place the (first|second|third) world meme originated, but it seems to predate 1970, and until very recently it's meaning was clear: First world: Western (and Westernized) nations - mainly the US, Canada, Western Europe, Japan, Australia, & New Zealand Second world: Communist bloc (I can still remember the Cultural Revolution. Prior to that, the Communists seemed a monolithic force, marching in lockstep.) Third world: The rest, mostly poor nations. Back then, the world was a simpler place. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From zeus at pinsight.com Mon Aug 21 11:09:35 1995 From: zeus at pinsight.com (J. Kent Hastings) Date: Mon, 21 Aug 95 11:09:35 PDT Subject: (Fwd) 1995 Nanotechnology Conference Message-ID: <199508211807.LAA01619@utopia.pinsight.com> -- [ From: J. Kent Hastings * EMC.Ver #2.5.02 ] -- James and cpunx, >At 11:45 AM 8/19/95 -0400, John Young wrote: >>Fourth Foresight Conference on Molecular Nanotechnology >And what does this have to do with cryptography? Doesn't quantum coherence require molecular precision if it is to work on 1024 bit PGP keys? If it works, such keys can be instantly factorized. It would be nice to follow that progress. If human engineered molecular nano works, we'll have much more than PGP to worry about. Copies of copies of replicating disassemblers could rip the Earth apart in three days, assuming doubling every 20 minutes like bacteria, but not limited to proteins. That would have a big impact on digital cash networks! Kent -- "Put pages for your business on the World Wide Web, just $5 per month!" J. Kent Hastings -- zeus at pinsight.com -- http://www.pinsight.com/~zeus/ From tcmay at got.net Mon Aug 21 11:19:02 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 21 Aug 95 11:19:02 PDT Subject: Cypherpunks Santa Cruz meeting/party, Saturday, 26 August Message-ID: This is the last announcement I'll make here on the general Cypherpunks list for this meeting/party at my house. I keep a mailing list for interested folks, with about 35-40 names on it (not all of them local to Santa Cruz and Monterey, needless to say). To be added, send me mail...no special format, as I keep the list manually in Eudora Pro. Here are just a few details. WHAT: Cypherpunks Santa Cruz meeting/party. A chance for locals to meet, and for others who want to vary their routine to visit this area. WHEN: Saturday, August 26th, 1995, beginning at around 6 p.m., but early arrivers can arrive as early as 5 (some are travelling from afar, so...). Several people plan to stay over until Sunday. WHERE: Tim May's house in Corralitos, between Aptos and Watsonville. 427 Allan Lane, 408-728-0152. Detailed directions available from the full announcement. WHO: Anybody who wants to attend. It will be both a meeting and a party, so children and SOs may find it boring--you have been warned. Some local people interested in crypto or related issues are on this list, even if they're not subscribers to the Cypherpunks main list. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From iagoldbe at calum.csclub.uwaterloo.ca Mon Aug 21 11:19:20 1995 From: iagoldbe at calum.csclub.uwaterloo.ca (Ian Goldberg) Date: Mon, 21 Aug 95 11:19:20 PDT Subject: NEXT CHALLENGE: plan of action? In-Reply-To: <25403.9508211621@exe.dcs.exeter.ac.uk> Message-ID: <199508211751.NAA17649@calum.csclub.uwaterloo.ca> > I read on Saturday Ian Goldbergs post about starting out on the > challenge using Damiens code. > > It doesn't matter a great deal which code is used as such, but the > main thing is to ensure that this is a coordinated effort. The aim of > the challenge (which I requested and Hal kindly provided just before > popping off for a week or so's holiday) was to see how fast a SSL > challenge could be broken. Not how *soon*, note the distinction. > > That means that if for instance we count the time that Ian has been > clocking up since Saturday, the real time will be slowed by approx 2 > days. We really need to do this with a starting-line like affair, so > that someone is running a server, and everyone gets the code compiled > etc, and then the server starts offering the challenge and all the > clients fire off. > > That way we have a less straggly start up which makes for better > bruteing figures. > > Agreed so far? Sorry I missed the fast/soon distinction. I've stopped the search after searching keys starting with 0xaf down to 0xa5, and will join the group search after I get settled in after moving to Berkeley tomorrow. I encourage the people who pointed their clients at me (thanks!) to stop them, and to join the group. In the interests of not adding a few days to the time, we should ignore the fact that a bit of the keyspace has already been searched, and start again. - Ian "On your marks, get set, ..." From Ted_Anderson at transarc.com Mon Aug 21 11:23:53 1995 From: Ted_Anderson at transarc.com (Ted_Anderson at transarc.com) Date: Mon, 21 Aug 95 11:23:53 PDT Subject: Partial Key Escrow Message-ID: The recent discussion of the SSL Challenge and the revival of the Software Key Escrow issue brought the following idea to mind. For the purposes of this suggestion let's just assume that the goal is to provide some kind of Government Access to Keys (GAK) for a widely deployed crypto system such as clipper phones. How about if instead of escrowing the whole key with the goverment/escrow agent you only save some of the bits of the key? I am thinking that the goverment would insist that at a minimum all key bits in excess of some N be escrowed. Where N is aournd 48. So if I was using IDEA with 128-bit keys, I'd need to escrow at least 80 bits and reveal all 128 bits only to the receiver. The export version of RC4 is similar except that 40 bits are hidden and 88 bits are "escrowed" as plaintext. I see the advantage of this is that it might just be palatable to the government. In particular, 48 bits wouldn't be any significant burden on the NSA or FBI for legally authorized wiretaps (I recall that something like 1000 were performed in some recent year). It would be a simple matter for the FBI to budget enough hardware to do brute force attacks on a few thousand keys a year with a time-to-crack of a few hours (I doubt most wiretaps are obtained with more time urgency than this). The big advantage to the user is that this provides are well defined limit on the effort required to violate their privacy. The biggest problem with the clipper-type GAK system is that everyone assumes that in the worst case keys could be obtained illegally with essentially zero cost. There are numerous scenarios where the administrative controls that protect keys break down and the public is left with no privacy at all. In this case, however, there is a significant, well-known, and quantitative (but, unfortunately, time-variable) cost in obtaining a key even if the adminstrative controls are completely compromised. While this doesn't make the privacy of any particular target much safer it seems it would significantly improve the safety of the public privacy in aggregate. Ted Anderson From rah at shipwright.com Mon Aug 21 11:23:56 1995 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 21 Aug 95 11:23:56 PDT Subject: Whither Barbados? Message-ID: I've cc'd (former cypherpunk) Vince Cate on Anguilla on this for obvious reasons. I got a bit of blurbuge in the USnail from the Barbados Investment and Development Corporation (BIDC) on their 3rd Barbados Information Services Converence, (Subtitled "Surfing the Global Net from Caribbean Shores" ;-), February 26/27 1996. The headers in the blurb were: Investment Management in Emerging Markets -- Information Technology Challenges, Network Security on the Global Net, New Opportunities in Wireless Communications, Barbados -- the Carribbean hub for Internet Access. They promise a "Full Conference Programme available October 1, 1995", and they seem to have a mailbot at info_bisc at caribnet.net. Having inadvertantly plugged their stuff with no idea whether it's a waste of time or not, I have a few thoughts about this and about data/banking havens in general. First, here's what I know about internet access in the Caribbean, gleaned from discussions with Vince, and by lurking on various caribbean newsgroups (see soc.culture.caribbean), web pages, and mail groups: First off, bandwidth down there sucks. This is probably because there really aren't many people there, the ones that are there are pretty poor, and they can't buy much phone time. This is compounded by monopolies, Cable and Wireless being the biggest, built on cozy relationships with government officials, if not actual creatures of those government officials themselves, amortizing their 30 year old centrex switches with 50 year schedules . To be fair, they have to have long distance lines to the mainland, and those cost, whether they're copper, fiber, or satellite. All the shenanigans of third world politics apply there. Trinidad and Tabago had an attempted coup recently, Barbados, I believe, is in the throes of a constitutional crisis where the speaker of their legislature can't be impeached because she won't conviene the committee to impeach her... Not to mention hurricanes, and in Montserrat, a volcano going off at the moment... The obvious reason I'm interested in this is regulatory arbitrage, of course. If there's a government that will let internet commerce and privacy flourish there, then it flourishes everywhere on the net, national borders or no. I hear tell that Barbados is serious about converting its information technology business from data entry and forms processing to web-cluefullness. Given that their business development people don't have their own domain name, they probably have a bit to go. So, I have a little exercise... If we were to tell the government of Barbados what it had to do to promote the creation of internet commerce, what would we say? Anyone here could probably crank out a prima facie set of reccommendations, but I figure to beat this to death canonically and have a little fun at the same time. So, here a few categories to get started. I'm trying to keep it relevant to this group's charter. Infrastructure Power Long distance Local wire Local wireless Regulatory Financial Privacy Laws Telecommunications Competition Civil/Human Rights Privacy Business Deregulation Government intervention in the economy Culture Religeous/Cultural tolerance (the Netherlands are tolerant, for instance) Education (talent pool) Well, that's a place to start. I'll try to plug in my 2 cents in another posting... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From wilcoxb at nagina.cs.colorado.edu Mon Aug 21 11:56:39 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Mon, 21 Aug 95 11:56:39 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: <9508211437.AA29550@tis.com> Message-ID: <199508211856.MAA08294@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > As for what good that key is -- > No economic impact, you say? > No money transfer, you say? > Again, in the Internet, nobody knows you're a dog-faced alien sea creature. Thank you for posting that. I've been increasingly frustrated with people who assume that they have some need for a one-to-one 'nym<->Real-Life-human-body mapping. I would have been posting on this topic myself, but I am busy. Thanks again, and I hope you go ahead and start PGP-clearsigning your posts so that my high opinion of you can become more firmly fixed. :-) Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDjWw/WZSllhfG25AQFK/AQArnre8FU4fs/w93xHy7MgE0pjbHpSrvmw U2flrQcbr+erwgzzNaFjgM5th2vScgTmLXWkg4IAmLpUM7pz4aVZM/5mj9Pg6T8J fQS1DK7Lt6oAEqzqWjW/7xM1dxIyZkwyjJmO45TnqbBFjUjguqZ39QDacDhywhgr uCErN4fwQ1o= =096y -----END PGP SIGNATURE----- From Damien.Doligez at inria.fr Mon Aug 21 12:02:37 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Mon, 21 Aug 95 12:02:37 PDT Subject: Netscape security Message-ID: <9508211902.AA19391@couchey.inria.fr> >From: altitude at cic.net (Alex Tang) >It seems that one of the problems with Damien's >cracking job was that it was "not sanctioned". Actually, INRIA's PR people are quite pleased with the publicity. They asked me to prepare an official press release to counteract the Wall Street Journal's "evil hacker" story, which was unfortunately reprinted by some papers. The Herald Tribune is particularly bad in this respect. If some media insist on this "evil hacker" thing, they will look more ridiculous than anything else (I hope). The press release will be out as soon as it gets through the red tape (the official opinion of a French administration is not something to be taken lightly, even though it's mostly facts :-) I'll put it on my web page when it's official (which is likely to be too late). -- Damien From ethridge at Onramp.NET Mon Aug 21 12:10:15 1995 From: ethridge at Onramp.NET (Allen B. Ethridge) Date: Mon, 21 Aug 95 12:10:15 PDT Subject: Newton 2 Message-ID: <> >At 8:56 AM 8/21/95, Robert Patoine wrote: > >>Metroworks do Have a C Compiler for the Newton Hardware develloped for >>Sony-Magic Cap OS > >Magic Cap works on Magic Cap PDAs. The newton is not one of them. >Motorola uses magic cap for their PDAs, and I think AT&T does as well, but >that's an uncertainty. > Considering that AT&T markets PersonaLink as an e-mail service for MagicCap users i suspect they do support MagicCap in at least one of their PDAs. PersonaLink is, i believe, related to Telescript, which is the scripting language for MagicCap (OK, it's a bit more than a scripting language, but i'm not that into it). I've heard a few times that not having a C compiler prevents the implementation of PGP. Why? Do the RSA people refuse to license a non-C implementation. If so, can they still enforce their patent against someone who implemented it on a platform that didn't have a C compiler? But then i hear that the Newton will have some support for C development sometime this year. allen From Damien.Doligez at inria.fr Mon Aug 21 12:14:34 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Mon, 21 Aug 95 12:14:34 PDT Subject: Liability for Key Cracking in Idle Hours? Message-ID: <9508211914.AA19431@couchey.inria.fr> >Damien may be able to tell us if Ecole Polytechnique has raised any >questions about his highly-publicized attack on the SSL Challenge key. Well, I asked for permission before I used the machines, so I don't expect any problem. (Actually, I asked for the permission, then launched the processes, then got the permission, but it doesn't make any difference, does it ? I should have also asked permission for putting their name in my announce, though.) It seems that the Herald Tribune called them about a cracker, and they refused to comment. They must have gone in paranoid mode, because they've had lots of trouble with student crackers in the past, and there is currently not even one student on the campus. But now, the situation seems to be in control, although I had no official contact from Ecole Polytechnique. Ecole Normale Superieure did not react at all. They're all on vacation anyway. By the way, "cypherpunks" keep getting mentioned in interviews with the press. I hope that's OK with you all. -- Damien From cme at TIS.COM Mon Aug 21 12:29:22 1995 From: cme at TIS.COM (Carl Ellison) Date: Mon, 21 Aug 95 12:29:22 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: <199508211856.MAA08294@nagina.cs.colorado.edu> Message-ID: <9508211920.AA27347@tis.com> -----BEGIN PGP SIGNED MESSAGE----- >Date: Mon, 21 Aug 1995 12:56:21 -0600 >From: Bryce Wilcox >Thanks again, and I hope you go ahead and start PGP-clearsigning your posts Yes, I've been remiss. It's an old belief -- that signing is expensive. Now that I'm using emacs extensions and RMAIL, it's really easy -- but I still follow the old habit. We really need mailers with auto-cryptography! (as easy as in Lotus Notes) - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDjcS1QXJENzYr45AQEgAwP/RWusaK/C4bcFVaSGRa6WXrrfJMAeeVXL s5E221rx3POtKr6Nq+TZnlFs5uaian8u1XvCCApYEIPdYAcWIUtJJAp5soLhOyi7 ceF8slVJisYyexj1Zo5qHoOV+ajg/YZeRxL72ofQXF4gdsSbGUp4B6nE/ncRp2S+ nnKZyutOo4A= =b09P -----END PGP SIGNATURE----- From tedwards at src.umd.edu Mon Aug 21 13:19:13 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Mon, 21 Aug 95 13:19:13 PDT Subject: NSA into antigravity? In-Reply-To: <199508190533.WAA14801@netcom16.netcom.com> Message-ID: On Fri, 18 Aug 1995, Vladimir Z. Nuri wrote: > >On July 19, Gerald Ollman and Robert Wayne, two researchers from the > >University of Maryland geophysics department were detained in Fort Meade, Neither Ollman nor Wayne have umail accounts (which every faculty member gets), so I think it is very possible that these people do not exist. -Thomas Edwards From ZACH at sesd.ilex.com Mon Aug 21 13:24:34 1995 From: ZACH at sesd.ilex.com (Robert Zach) Date: Mon, 21 Aug 95 13:24:34 PDT Subject: Makes the News! (Was Re: SSL Broken) Message-ID: The first trade mag article I have seen on the Subject has been delivered to my doorstep!! Check out COMMUNICATIONS WEEK August 21 PAGE 1 FYI -Rob From banisar at epic.org Mon Aug 21 13:49:40 1995 From: banisar at epic.org (Dave Banisar) Date: Mon, 21 Aug 95 13:49:40 PDT Subject: EPIC Alert 2.09 Message-ID: ============================================================= @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================= Volume 2.09 August 21, 1995 ------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, DC info at epic.org http://www.epic.org *Special Edition: Crypto* ======================================================================= Table of Contents ======================================================================= [1] "New" Crypto Policy Announced: Clipper II? [2] NIST Announcement on Key-Escrow Workshops [3] Documents: FBI & NSA Want to Ban Non-Escrowed Encryption [4] EPIC Crypto Web Pages Online [5] Upcoming Conferences and Events ======================================================================= [1] "New" Crypto Policy Announced: Clipper II? ======================================================================= The Clinton Administration ended a year of silence on August 17 when it issued a long-awaited statement on the Clipper Chip and key-escrow encryption. Unfortunately, the "new" policy is merely a re-working of the old one -- the Administration remains committed to key-escrow techniques that ensure government agents access to encrypted communications. The only changes are a willingness to consider the export of 64-bit encryption (if "properly escrowed"), the possibility of private sector escrow agents to serve as key-holders, and consideration of software implementations of key-escrow technologies. As EPIC Advisory Board member Whit Diffie observed in an op-ed piece in the New York Times, the new approach won't work. "While other nations may share our interest in reading encrypted messages for law enforcement purposes, they are unlikely to embrace a system that leaves them vulnerable to U.S. spying. They will reject any system that gives decoding ability to agents in the United States." Diffie further notes that "64-bit keys are not expected to be adequate." In a statement re-printed below, the National Institute of Standards and Technology (NIST) announced two public workshops "to discuss key escrow issues." More information concerning these meetings can be obtained from Arlene Carlton at NIST, (301) 975-3240, fax: (301) 948-1784, e-mail: carlton at micf.nist.gov. ======================================================================= [2] NIST Announcement on Key-Escrow Workshops ======================================================================= EMBARGOED FOR RELEASE: NIST 95-24 3 p.m. EDT, Thursday, Aug. 17, 1995 Contact: Anne Enright Shepherd COMMERCE'S NIST ANNOUNCES (301) 975-4858 PROCESS FOR DIALOGUE ON KEY ESCROW ISSUES Furthering the Administration's commitment to defining a workable key escrow encryption strategy that would satisfy government and be acceptable to business and private users of cryptography, the Commerce Department's National Institute of Standards and Technology announced today renewed dialogue on key escrow issues. A Sept. 6-7 workshop will convene industry and government officials to discuss key escrow issues, including proposed liberalization of export control procedures for key escrow software products with key lengths up to 64 bits, which would benefit software manufacturers interested in building secure encryption products that can be used both domestically and abroad. Key escrow encryption is part of the Administration's initiative to promote the use of strong techniques to protect the privacy of data and voice transmissions by companies, government agencies and others without compromising the government's ability to carry out lawful wiretaps. In a July 1994 letter to former Rep. Maria Cantwell, Vice President Gore said that the government would work on developing exportable key escrow encryption systems that would allow escrow agents outside the government, not rely on classified algorithms, be implementable in hardware or software, and meet the needs of industry as well as law enforcement and national security. Since that time, discussions with industry have provided valuable guidance to the Administration in the development of this policy. For example, many companies are interested in using a corporate key escrow system to ensure reliable back-up access to encrypted information, and the renewed commitment should foster the development of such services. Consideration of additional implementations of key escrow comes in response to concerns expressed by software industry representatives that the Administration's key escrow policies did not provide for a software implementation of key escrow and in light of the needs of federal agencies for commercial encryption products in hardware and software to protect unclassified information on computer and data networks. Officials also announced a second workshop at which industry is invited to help develop additional Federal Information Processing Standards for key escrow encryption, specifically to include software implementations. This standards activity would provide federal government agencies with wider choices among approved key escrow encryption products using either hardware or software. Federal Information Processing Standards provide guidance to agencies of the federal government in their procurement and use of computer systems and equipment. Industry representatives and others interested in joining this standards-development effort are invited to a key escrow standards exploratory workshop on Sept. 15 in Gaithersburg, Md. This workshop is an outgrowth of last year's meetings in which government and industry officials discussed possible technical approaches to software key escrow encryption. The Escrowed Encryption Standard, a Federal Information Processing Standard for use by federal agencies and available for use by others, specifies use of a Key Escrow chip (once referred to as "Clipper chip") to provide strong encryption protection for sensitive but unclassified voice, fax and modem communications over telephone lines. Currently, this hardware-based standard is the only FIPS-approved key escrow technique. NIST officials anticipate proposing a revision to the Escrowed Encryption Standard to allow it to cover electronic data transmitted over computer networks. Under this revised federal standard, the Capstone chip and other hardware-based key escrow techniques developed for use in protecting such electronic data also will be approved for use by federal agencies. As a non-regulatory agency of the Commerce Department's Technology Administration, NIST promotes U.S. economic growth by working with industry to develop and apply technology, measurements and standards. ======================================================================= [3] Documents: FBI & NSA Want to Ban Non-Escrowed Encryption ======================================================================= On a related note ... Declassified government documents recently obtained by EPIC show that key federal agencies concluded more than two years ago that the "Clipper Chip" key-escrow initiative will only succeed if alternative security techniques are outlawed. The information is contained in several hundred pages of material concerning Clipper and cryptography EPIC obtained from the FBI under the Freedom of Information Act. The conclusions contained in the documents appear to conflict with frequent Administration claims that use of key-escrow technology will remain "voluntary." Critics of the government's initiative, including EPIC, have long maintained that government-sanctioned key- escrow encryption techniques would only serve their stated purpose if made mandatory. According to the FBI documents, that view is shared by the Bureau, the National Security Agency (NSA) and the Department of Justice (DOJ). In a "briefing document" titled "Encryption: The Threat, Applications and Potential Solutions," and sent to the National Security Council in February 1993, the FBI, NSA and DOJ concluded that: Technical solutions, such as they are, will only work if they are incorporated into *all* encryption products. To ensure that this occurs, legislation mandating the use of Government-approved encryption products or adherence to Government encryption criteria is required. Likewise, an undated FBI report titled "Impact of Emerging Telecommunications Technologies on Law Enforcement" observes that "[a]lthough the export of encryption products by the United States is controlled, domestic use is not regulated." The report concludes that "a national policy embodied in legislation is needed." Such a policy, according to the FBI, must ensure "real-time decryption by law enforcement" and "prohibit[] cryptography that cannot meet the Government standard." The FBI conclusions stand in stark contrast to public assurances that the government does not intend to prohibit the use of non- escrowed encryption. Testifying before a Senate Judiciary Subcommittee on May 3, 1994, Assistant Attorney General Jo Ann Harris asserted that: As the Administration has made clear on a number of occasions, the key-escrow encryption initiative is a voluntary one; we have absolutely no intention of mandating private use of a particular kind of cryptography, nor of criminalizing the private use of certain kinds of cryptography. The newly-disclosed information suggests that the architects of the key-escrow program -- NSA and the FBI -- have always recognized that key-escrow must eventually be mandated. Coming to light on the eve of the announcement of a "new" Administration policy, the FBI documents raise significant questions as to the government's long-term strategy on the cryptography issue. Scanned images of several key documents are available via the World Wide Web at http://www.epic.org/crypto/ban/fbi_dox/ ======================================================================= [4] EPIC Crypto Policy Web Pages Online ======================================================================= EPIC is now making available an extensive series of pages on cryptography policy. Each page highlights an area of controversy and provides links to key documents. Materials include formerly secret government documents obtained under FOIA by EPIC and CPSR, reports from the Office of Technology Assessment, the General Accounting Office and others on cryptography. Topics include: o Efforts to ban cryptography o The Clipper Chip o The Digital Signature Standard o The Computer Security Act of 1987 The pages are available at http://www.epic.org/crypto/ More pages will become available soon. ======================================================================= [5] Upcoming Privacy Related Conferences and Events ======================================================================= Advanced Surveillance Technologies. Sept. 4, 1995. Copenhagen, Denmark. Sponsored by Privacy International and EPIC. Contact pi at privacy.org. http://www.privacy.org/pi/conference/ 17th International Conference of Data Protection and Privacy Commissioners. Copenhagen, Denmark. September 6-8, 1995. Sponsored by the Danish Data Protection Agency. Contact Henrik Waaben, +45 33 14 38 44 (tel), +45 33 13 38 43 (fax). InfoWarCon '95. September 7-8, 1995. Arlington, VA. Sponsored by NCSA and OSS. Email: 74777.3033 at compuserve.com. Business and Legal Aspects of Internet and Online Services. Sept. 14-15. New York City. Sponsored by National Law Journal and New York Law Journal. Contact: (800)888-8300, ext. 6111, or (212)545-6111. The Good, the Bad, and the Internet: A Conference on Critical Issues in Information Technology. October 7-8. Chicago, Ill. Sponsored by CPSR. Contact cpsr at cpsr.org or http://www.cs.uchicago.edu/discussions/cpsr/annual 18th National Information Systems Security Conference. Oct. 10-13. Baltimore, MD. Sponsored by NSA and NIST. Contact: 301-975-3883. Managing the Privacy Revolution. Oct. 31 - Nov. 1, 1995. Washington, DC. Sponsored by Privacy & American Business. Speakers include Mike Nelson (White House) C.B. Rogers (Equifax) and Marc Rotenberg (EPIC). Contact Alan Westin 201/996-1154. 22nd Annual Computer Security Conference and Exhibition. Nov. 6-8, Washington, DC. Sponsored by the Computer Security Institute. Contact: 415-905-2626. Global Security and Global Competitiveness: Open Source Solutions. Nov. 7-9. Washington, D.C. Sponsored by OSS. Contact: Robert Steele oss at oss.net. 11th Annual Computer Security Applications Conference: Technical papers, panels, vendor presentations, and tutorials that address the application of computer security and safety technologies in the civil, defense, and commercial environments. Dec. 11-15, 1995, New Orleans, Louisiana. Contact Vince Reed at (205)890-3323 or vreed at mitre.org. Computers Freedom and Privacy '96. March 27-30. Cambridge, Mass. Sponsored by MIT, ACM and WWW Consortium. Contact cfp96 at mit.edu or http://www-swiss.ai.mit.edu/~switz/cfp96 Australasian Conference on Information Security and Privacy June 24-26, 1996. New South Wales, Australia. Sponsored by Australasian Society for Electronic Security and University of Wollongong. Contact: Jennifer Seberry (jennie at cs.uow.edu.au). (Send calendar submissions to Alert at epic.org) ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send the message: SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname to listserv at cpsr.org. You may also receive the Alert by reading the USENET newsgroup comp.org.cpsr.announce. Back issues are available via http://www.epic.org/alert/ or FTP/WAIS/Gopher/HTTP from cpsr.org /cpsr/alert/ and on Compuserve (Go NCSA), Library 2 (EPIC/Ethics). ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government and Computer Professionals for Social Responsibility. EPIC publishes the EPIC Alert and EPIC Reports, pursues Freedom of Information Act litigation, and conducts policy research on emerging privacy issues. For more information, email info at epic.org, WWW at HTTP://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. (202) 544-9240 (tel), (202) 547-5482 (fax). The Fund for Constitutional Government is a non-profit organization established in 1974 to protect civil liberties and constitutional rights. Computer Professionals for Social Responsibility is a national membership organization of people concerned about the impact of technology on society. For information contact: cpsr-info at cpsr.org If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Your contributions will help support Freedom of Information Act litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan.. Thank you for your support. ------------------------ END EPIC Alert 2.09 ------------------------ _________________________________________________________________________ Subject: EPIC Alert 2.09 _________________________________________________________________________ David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://epic.org Washington, DC 20003 * ftp/gopher/wais cpsr.org From tms at TIS.COM Mon Aug 21 13:54:48 1995 From: tms at TIS.COM (Thomas M. Swiss) Date: Mon, 21 Aug 95 13:54:48 PDT Subject: interesting quote, Baltimore Sun 8/21 Message-ID: <199508212050.QAA05657@ziggy.tis.com> Page 7A of today's _Baltimore Sun_ features an op-ed piece by Carl R. Eisendrath, "a former U.S. foreign-service officer", entitled "Bringing Light to Covert Operations", which cites an interesting quotation: "In the period between the two world wars, Secretary of War Henry Stimson closed the cryptography section of the State Department because, as he reputedly said, "Gentlemen don't read each other's mail." -Tom Swiss / tms at tis.com From warlord at ATHENA.MIT.EDU Mon Aug 21 14:26:21 1995 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Mon, 21 Aug 95 14:26:21 PDT Subject: Newton 2 In-Reply-To: Message-ID: <199508212124.RAA28766@charon.MIT.EDU> > I've heard a few times that not having a C compiler prevents the > implementation of PGP. Why? Do the RSA people refuse to license a > non-C implementation. If so, can they still enforce their patent > against someone who implemented it on a platform that didn't have a C > compiler? The problem is that PGP needs to be compiled from its C sources into a binary. The problem is not RSA not licensing; the problem is that PGP (and all the support routines, including RSA) is implemented in C. Therefore, if you do not have a C compiler, you cannot turn the sources into a binary. If you don't have a c compiler, you could re-implement PGP, but it would be a lot of work, and you would still have the RSA patent issues. Also, it is against the RSAREF license to convert RSAREF into another language, so you can't take that route, either. The easiest way to port PGP to a new platform is to get a C compiler for that platform. -derek From aba at exe.ex.ac.uk Mon Aug 21 14:29:39 1995 From: aba at exe.ex.ac.uk (aba at exe.ex.ac.uk) Date: Mon, 21 Aug 95 14:29:39 PDT Subject: NEXT CHALLENGE... Message-ID: <199508211958.MAA16793@comsec.com> [Please note mail to me may bounce unless you are very careful with using addr aba at exe.ex.ac.uk, or aba at atlas.ex.ac.uk, as there are machines out here due to a physical breakin - a "RAM raid", I tried posting this on Sat, but the mailer was already out and mail is buffered, so may come out twice] A break down of Hal's challenge, could someone please check my logic in deriving an Andrew Roo's style config file for brutessl 1.0 and check my interpretation against Hal's interpretation in the previous challenge. Hal's previous challenge is indexed from his home page: http://www.portal.com/~hfinney/ I think the challenge file should look like this: -------------------------------------8<------------------------------------- # SSLbrute 1.0 parameter file for Hal Finney's 2nd SSL challenge as # posted to Cypherpunks on 19 August 1995. # # file checksum (ignoring # comments and whitespace) is 2977 CLEAR-MASTER fbc009916010a6153f8f36 CHALLENGE 07ea7b9d65eb61fabb4174e8453a5fc6 CONNECTION-ID d5e638d68ca8a1aeca2ef8c8e29602a4 SERVER-VERIFY 006599b6d2f2a736 -------------------------------------8<------------------------------------- Below I will give my resoning for each field. Each field as it is derived will be quoted with >>> Could a few people check that I have made no mistakes. Andrew Roos code is on: http://www.brute.cl.cam.ac.uk/brute/ as "brutessl.tar.gz", use "save next link as" in netscape (hold shift key down and click in Netscape 1.1). Could someone with a PC, and a 32 bit MS Visual C++ compiler handy compile a PC executable from the tarred files, some people won't have access to TAR under DOS, and a precompiled binary would be useful. Please send the binary to Piete if you do this (be sure to turn on all optimisations). I tried but my VC++ is not 32 bit, is it possible to produce 32 bit binaries which can be run from DOS with VC++ at all? Are the binaries you get with win 95 / win NT likely to run under DOS ? The keyserver will not be doling yet but please pickup the software ready to start. There is a unix based client, and a windows NT based client both available from that page. ---------------------------------------------------------------------- First message from client 0x80 0x1c 0x01 0x00 0x02 0x00 0x03 0x00 0x00 0x00 0x10 0x02 0x00 0x80 0x07 0xea 0x7b 0x9d 0x65 0xeb 0x61 0xfa 0xbb 0x41 0x74 0xe8 0x45 0x3a 0x5f 0xc6 0x80 0x1c Length field: 28 bytes follow in the packet. 0x01 MSG_CLIENT_HELLO 0x00 0x02 CLIENT-VERSION-MSB CLIENT-VERSION-LSB 0x00 0x03 CIPHER-SPECS-LENGTH-MSB CIPHER-SPECS-LENGTH-LSB 0x00 0x00 SESSION-ID-LENGTH-MSB SESSION-ID-LENGTH-LSB 0x00 0x10 CHALLENGE-LENGTH-MSB CHALLENGE-LENGTH-LSB 0x02 0x00 0x80 CIPHER-SPECS-DATA SESSION-ID-DATA 0x07 .. 0xc6 CHALLENGE-DATA [16 bytes] CHALLENGE is: >>> CHALLENGE 07ea7b9d65eb61fabb4174e8453a5fc6 first message from server 0x82 0x14 0x04 0x00 0x01 0x00 0x02 0x01 0xf6 0x00 0x03 0x00 0x10 0x30 0x82 0x01 0xf2 0x30 0x82 0x01 0x5b 0x02 0x02 0x01 0x8a 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x04 0x05 0x00 0x30 0x47 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x06 0x13 0x02 0x55 0x53 0x31 0x10 0x30 0x0e 0x06 0x03 0x55 0x04 0x0b 0x13 0x07 0x54 0x65 0x73 0x74 0x20 0x43 0x41 0x31 0x26 0x30 0x24 0x06 0x03 0x55 0x04 0x0a 0x13 0x1d 0x4e 0x65 0x74 0x73 0x63 0x61 0x70 0x65 0x20 0x43 0x6f 0x6d 0x6d 0x75 0x6e 0x69 0x63 0x61 0x74 0x69 0x6f 0x6e 0x73 0x20 0x43 0x6f 0x72 0x70 0x2e 0x30 0x1e 0x17 0x0d 0x39 0x35 0x30 0x37 0x31 0x31 0x32 0x32 0x34 0x31 0x34 0x35 0x5a 0x17 0x0d 0x39 0x37 0x30 0x37 0x31 0x30 0x32 0x32 0x34 0x31 0x34 0x35 0x5a 0x30 0x7f 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x06 0x13 0x02 0x55 0x53 0x31 0x0b 0x30 0x09 0x06 0x03 0x55 0x04 0x08 0x13 0x02 0x43 0x41 0x31 0x16 0x30 0x14 0x06 0x03 0x55 0x04 0x07 0x13 0x0d 0x4d 0x6f 0x75 0x6e 0x74 0x61 0x69 0x6e 0x20 0x56 0x69 0x65 0x77 0x31 0x26 0x30 0x24 0x06 0x03 0x55 0x04 0x0a 0x13 0x1d 0x4e 0x65 0x74 0x73 0x63 0x61 0x70 0x65 0x20 0x43 0x6f 0x6d 0x6d 0x75 0x6e 0x69 0x63 0x61 0x74 0x69 0x6f 0x6e 0x73 0x20 0x43 0x6f 0x72 0x70 0x2e 0x31 0x23 0x30 0x21 0x06 0x03 0x55 0x04 0x03 0x13 0x1a 0x45 0x2d 0x53 0x74 0x6f 0x72 0x65 0x20 0x54 0x72 0x61 0x6e 0x73 0x61 0x63 0x74 0x69 0x6f 0x6e 0x20 0x53 0x65 0x72 0x76 0x65 0x72 0x30 0x5c 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x01 0x05 0x00 0x03 0x4b 0x00 0x30 0x48 0x02 0x41 0x00 0xc7 0x24 0x0d 0xbd 0xfe 0x5f 0x21 0x09 0xb4 0x46 0x12 0xbb 0xc7 0x4c 0xbc 0x0c 0x98 0xe3 0x11 0x19 0x60 0x85 0x86 0x0a 0xa2 0xaf 0xae 0x8f 0xf9 0x43 0x86 0x92 0x1f 0xcc 0xd3 0x38 0xcf 0x92 0x14 0xa7 0x8c 0x89 0x07 0x26 0xd4 0x21 0x55 0xa8 0x43 0x2d 0xb4 0xec 0xce 0x24 0x73 0x5e 0x7c 0xe2 0xbe 0x22 0x2d 0xbd 0x96 0xbf 0x02 0x03 0x01 0x00 0x01 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x04 0x05 0x00 0x03 0x81 0x81 0x00 0x8f 0xbe 0x0c 0xae 0xc8 0xf0 0x22 0xef 0xae 0x83 0xb5 0xb1 0xe3 0xb4 0xd9 0xd6 0xa9 0x4a 0xb6 0x60 0x9c 0x0b 0x00 0x70 0x12 0x88 0x73 0xd1 0xef 0xe2 0x54 0xf6 0x3a 0xc7 0xa5 0xbe 0xe1 0xe0 0xdb 0x4d 0x20 0x10 0x3d 0x68 0x7c 0x8d 0xdb 0x16 0xf6 0x67 0xe7 0x1d 0x51 0xbc 0x19 0xa2 0xf6 0xbf 0x6f 0xa4 0x52 0xc7 0x7e 0x50 0x3d 0xb9 0x3e 0x1e 0x67 0xff 0xf6 0xf2 0x5d 0xe7 0x2b 0x7e 0x3a 0x7e 0x6c 0x40 0xb7 0x04 0x9c 0x2c 0x2b 0x89 0x0f 0x8c 0xb5 0x93 0xd8 0xac 0x94 0xe6 0x5f 0x84 0xe8 0x71 0x75 0x9e 0x10 0x6e 0x36 0xe6 0x14 0xfe 0xba 0xf8 0x11 0x71 0x9d 0x74 0x33 0x48 0x74 0xc1 0xba 0xcb 0xff 0x58 0x86 0x8c 0xba 0x9c 0x08 0xad 0xce 0x8a 0x02 0x00 0x80 0xd5 0xe6 0x38 0xd6 0x8c 0xa8 0xa1 0xae 0xca 0x2e 0xf8 0xc8 0xe2 0x96 0x02 0xa4 This is interpreted as follows: 0x82 0x14 Packet length, 532 bytes follow. 0x04 MSG-SERVER-HELLO 0x00 SESSION-ID-HIT 0x01 CERTIFICATE-TYPE 0x00 0x02 SERVER-VERSION-MSB SERVER-VERSION-LSB 0x01 0xf6 CERTIFICATE-LENGTH-MSB CERTIFICATE-LENGTH-LSB 0x00 0x03 CIPHER-SPECS-LENGTH-MSB CIPHER-SPECS-LENGTH-LSB 0x00 0x10 CONNECTION-ID-LENGTH-MSB CONNECTION-ID-LENGTH-LSB 0x30...0x8a CERTIFICATE-DATA [502 bytes] 0x02 0x00 0x80 CIPHER-SPECS-DATA 0xd5...0xa4 CONNECTION-ID-DATA [16 bytes] CONNECTION-ID is: >>> CONNECTION-ID d5e638d68ca8a1aeca2ef8c8e29602a4 Second message from client 0x80 0x55 0x02 0x02 0x00 0x80 0x00 0x0b 0x00 0x40 0x00 0x00 0xfb 0xc0 0x09 0x91 0x60 0x10 0xa6 0x15 0x3f 0x8f 0x36 0x5a 0x19 0x06 0x8e 0x58 0xc4 0xfa 0xd0 0x73 0xd4 0x6d 0x20 0x97 0x2f 0x85 0x95 0xb3 0xa5 0x97 0xb5 0xe0 0x63 0x91 0x61 0xb7 0x76 0x3c 0x4e 0x62 0x8b 0x02 0x2b 0x05 0x98 0xd4 0x14 0x44 0x63 0xf3 0x43 0x7e 0xa0 0xa8 0x3f 0x16 0xb2 0x43 0x4b 0x24 0x76 0xae 0xba 0x8c 0x89 0x71 0xde 0x25 0x6b 0xce 0x89 0x77 0x8a 0x30 0x2a This is interpreted as follows: 0x80 0x55 Packet length, 85 bytes follow. 0x02 MSG-CLIENT-MASTER-KEY 0x02 0x00 0x80 CIPHER-KIND 0x00 0x0b CLEAR-KEY-LENGTH-MSB CLEAR-KEY-LENGTH-LSB 0x00 0x40 ENCRYPTED-KEY-LENGTH-MSB ENCRYPTED-KEY-LENGTH-LSB 0x00 0x00 KEY-ARG-LENGTH-MSB KEY-ARG-LENGTH-LSB 0xfb...0x36 CLEAR-KEY-DATA [11 bytes] 0x5a...0x2a ENCRYPTED-KEY-DATA [64 bytes] KEY-ARG-DATA So CLEAR-MASTER is: >>> CLEAR-MASTER fbc009916010a6153f8f36 Second message from server 0x80 0x21 0x9a 0xc5 0xf7 0xd1 0x6a 0x5b 0x26 0x43 0x57 0x67 0x65 0xb6 0x3f 0x9a 0xe3 0x82 0x00 0x65 0x99 0xb6 0xd2 0xf2 0xa7 0x36 0xa0 0x7d 0xd9 0x94 0xcf 0xe2 0x33 0xb2 0x1b This is interpreted as follows: 0x80 0x21 Packet length, 33 bytes follow 0x9a...0x82 RC4 encrypted MAC [16 bytes] 0x00 RC4 encrypted MSG-SERVER-VERIFY (0x05) 0x65...0x1b RC4 encrypted CHALLENGE-DATA from CLIENT-HELLO message [16 bytes] Plaintext (MSG-SERVER-VERIFY plus CHALLENGE-DATA): 0x05 0x07 0xea 0x7b 0x9d 0x65 0xeb 0x61 0xfa 0xbb 0x41 0x74 0xe8 0x45 0x3a 0x5f 0xc6 Ciphertext (from SERVER-VERIFY packet): 0x00 0x65 0x99 0xb6 0xd2 0xf2 0xa7 0x36 0xa0 0x7d 0xd9 0x94 0xcf 0xe2 0x33 0xb2 0x1b SERVER-VERIFY is the encrypted MSG-SERVER-VERIFY plus the first seven bytes of the encrypted CHALLENGE-DATA: >>> SERVER-VERIFY 006599b6d2f2a736 So the completed challenge file is: -------------------------------------8<------------------------------------- # SSLbrute 1.0 parameter file for Hal Finney's 2nd SSL challenge as # posted to Cypherpunks on 19 August 1995. # # file checksum (ignoring # comments and whitespace) is 2977 CLEAR-MASTER fbc009916010a6153f8f36 CHALLENGE 07ea7b9d65eb61fabb4174e8453a5fc6 CONNECTION-ID d5e638d68ca8a1aeca2ef8c8e29602a4 SERVER-VERIFY 006599b6d2f2a736 -------------------------------------8<------------------------------------- Adam From adam at bwh.harvard.edu Mon Aug 21 14:41:46 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 21 Aug 95 14:41:46 PDT Subject: Third World Man In-Reply-To: Message-ID: <199508212141.RAA03543@bwh.harvard.edu> Strong cryptography is needed for a secure information infrastructure. If American companies aren't allowed to build secure infrastrucure, then parts of the infrastrucure will move overseas, as insurance, liability, and deployment costs rise for a badly secured network. This issue will not cause the USA to become a third world nation, but it will contribute to large institutions moving their data processing out. Tim, you've talked a lot about how companies will move data centers out of the US to avoid 'expensive' laws; do you see the ITARs as being in a different catagory, than say, the laws on reporting a bankruptcy? Adam Tim May wrote: | At 9:19 PM 8/20/95, Adam Shostack wrote: | > No. Banning strong crypto will not help; those darn furriners | >are using it anyway. What it will mean is that the Information | >Infrastructure of the future will bypass the United States, as without | >strong cryptography, it is impossible to build a secure architechture. | > | > Should the United States wish to relagate itself to the status | >of a third world nation becuase of terrorists, druge dealers, child | >pornorgaphers and money launderers, that is indeed unfortunate. | | The U.S. is not likely to find itself relegated to third world status over | this issue. Rhetorically, I wish it were so, but it just ain't. This | issue--like the McCarthy hearings in the 1950s, the race issue in the '60s, | the Vietnam war in the '60s and '70s, to name a few cases, _sounds_ really | serious. And it is, as those cases were, but predicting the imminent | collapse of American civilization is usually a lose. | | There is no way the technologlcal and manufacturing prowess of leading | American companies will be substantially crippled. -- "It is seldom that liberty of any kind is lost all at once." -Hume From JMKELSEY at delphi.com Mon Aug 21 17:18:13 1995 From: JMKELSEY at delphi.com (JMKELSEY at delphi.com) Date: Mon, 21 Aug 95 17:18:13 PDT Subject: Why 64 bit keys? Message-ID: <01HUCIWH37YW8ZEX8O@delphi.com> -----BEGIN PGP SIGNED MESSAGE----- >Date: Sat, 19 Aug 1995 15:13:35 -0400 >From: shamrock at netcom.com (Lucky Green) >Subject: Re: 64 bit keys breakable by the NSA or just some random key length? >I think the obvious conclusion would be because 64bits is crackable >if need be and if you have the resources the goverment has. Not for >routine monitoring of undesirables, but for those special cases >where they don't want to expose their activities by requesting a >warrant. I think it's much more important to the powers that be (and that eavesdrop) that a key of up to 64 bits includes DES, which means that lots of system designers will use DES instead of (say) 3DES, IDEA, or Blowfish. It's virtually certain that NSA and others have built keysearch machines for DES. This gives NSA, et. al., a way around the key escrow scheme when they want it. Better yet, NSA can tell the FBI and BATF and such agencies where to find the technical papers on how to build one, without releasing any highly-classified information--those agencies can hire someone to build them one. This also keeps NSA from having to dirty its hands with law-enforcement surveilance. Of course, it will be interesting to see whether pressure is applied to keep people from offering "nonstandard" ciphers, especially things like Blowfish and SEAL, which have key scheduling algorithms that need a lot of memory and time. It's really only practical to build keysearch machines for very commonly used ciphers, and even then, it may be complicated. (For example, imagine a DES variant whose key schedule required several exponentiations modulo some 1024-bit prime.) >- -- Lucky Green > PGP encrypted mail preferred. --John Kelsey, jmkelsey at delphi.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDgfl0Hx57Ag8goBAQFa0gP/azECjB06onhSYTvLjkM2I7y2tOpC2BaB RACVMQn+Z5kVGaDM47eIM1TlRnIMlnEucuLryvqR3fMDCt6g90oDXe3rziWJedbH PxXYqgkPu1MmRfep+JWrtQ4wWsXxbPa10spTDFa8vKlGDcoohWU0W5ypgr454tlh KKPaC345vqQ= =td/F -----END PGP SIGNATURE----- From eay at mincom.oz.au Mon Aug 21 17:27:59 1995 From: eay at mincom.oz.au (Eric Young) Date: Mon, 21 Aug 95 17:27:59 PDT Subject: Doing the SSL challenge Message-ID: Boy, go away for a weeks holidays and every-one else has all the fun :-). Just a few quick ramble about my searching of the top half of the key space in the first SSL challenge, please ignore if you are sick of this thread. All these estimates of the cost in CPU time are a bit silly. I started out using a few of our bigger machines at work but when people noticed I just stoped using them. My main workhorse machines became desktop boxes that nobody used at night. Quite a bit of my %50 keyspace was done by 5 dual processor sparc 20's that people around me had on their desktops. Most of the rest was done by about 50 486's that I rsh'ed to each night (I just tried to rsh to every Solaris/x86 box in the company :-). Out of a company of about 300 people, about 2 (who did not know about my attempt on the challenge) asked me about this processing and what was I actually doing, no-one else really noticed :-). I was making no particular effort to use every machine I could but I was still able to do about %2.5 of the key space each 12 hour night and %12.5 each weekend. If I made a real effort to harness the compute power at my work I would have probably been able to run at twice this rate but that would have required work on my part, alot more people would have noticed and it would have had an impact on people doing real work. The way I was seaching had no impact. I will also say that screen-savers running on the above mentioned 486's were a real pain, perhaps we will change xlock so they can only run the blank screen :-). I personally feel that using mas-pars is cheating a bit :-). People are aware that something is going on when a machine that big is grunting away all weekend :-). There is so much CPU sitting on people's desktops that is just unused that there is very little need to use the big central boxes. The relative speed on some of the machines I used is as follows (per CPU is in brackets) 6 CPU SGI challenge 37 (6.1) 5 (1.6) 2 CPU sparc 20 7 (3.5) 1 1 CPU 486 DX50 1 I could never realy get more that 1/2 the SGI but I could always get 5 sparc 20's and 50+ 486's without anyone noticing. So I was getting the 2.5 6CPU SGI challenge's from idle machines on people desks. eric -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups that the message contents :-) From usura at replay.com Mon Aug 21 17:38:28 1995 From: usura at replay.com (Alex de Joode) Date: Mon, 21 Aug 95 17:38:28 PDT Subject: [NOISE] Re: Basically F-C-ed Message-ID: <199508220038.AA10242@xs1.xs4all.nl> I wrote earlier: [..] : : Orlando, Fla., August 20 (AP) -- Two explosives were : : planted in a professor's suitcase to test airport : : security measures in Amsterdam, The Netherlands, and were : : discovered when he arrived in Orlando, officials said : : Saturday. : [..] : : Kensel said such security measures were normal for : : Europe. : : "Particularly in Europe, there are grave concerns about : : security issues," he said. "As a result, they do conduct : : various security programs regularly. This was part of a : : routine check of their own security systems. : : "The bag got away from them basically," he said. : Airport police was very quick to point out that such practices : were legal, now when they do that ...... The Dutch Department of Justice stated that there was no legal basis for such practises, Airport Police are forbidden to use 'innocent travelers' as decoy. -- Alex de Joode Fear Uncertainty Confusion and Kaos, Inc. From fc at all.net Mon Aug 21 17:44:34 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Mon, 21 Aug 95 17:44:34 PDT Subject: NEXT CHALLENGE: plan of action? Message-ID: <9508220043.AA25405@all.net> I would like to offer all.net as a repository for the sources and executables for all platforms. We can put them in the gopher server for all to access. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From eay at mincom.oz.au Mon Aug 21 17:51:03 1995 From: eay at mincom.oz.au (Eric Young) Date: Mon, 21 Aug 95 17:51:03 PDT Subject: Netscape security In-Reply-To: <9508211902.AA19391@couchey.inria.fr> Message-ID: On Mon, 21 Aug 1995, Damien Doligez wrote: > >From: altitude at cic.net (Alex Tang) > >It seems that one of the problems with Damien's > >cracking job was that it was "not sanctioned". > > Actually, INRIA's PR people are quite pleased with the publicity. > They asked me to prepare an official press release to counteract the > Wall Street Journal's "evil hacker" story, which was unfortunately > reprinted by some papers. The Herald Tribune is particularly bad in > this respect. Yes, this is all quite silly. For my part, I've implemented SSL on my work machines (in my own time) and released it under my own copyright and my boses don't mind (mind you, I'm not trying to make money from the code). I've participated in trying to break the 40bit key on work machines (using only idle machines) and they don't mind. I've run network raytracing programs (using only idle machines) and they don't mind. Most places of work give employees quite a bit of lattitude as long as they don't do things that reflect badly on the company and if it generates publicity that is positive they don't mind. If Joe Bloggs who works at Widgets Inc get's mentioned in the paper, thats free publicity for Widgets Inc and indicates that Widgets Inc may have some-one with some brain cells working for them (depending if they call Joe Bloggs an 'evil hacker' or not :-). eric -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups that the message contents :-) From tcmay at got.net Mon Aug 21 18:14:42 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 21 Aug 95 18:14:42 PDT Subject: Third World Man Message-ID: At 9:41 PM 8/21/95, Adam Shostack wrote: > Strong cryptography is needed for a secure information >infrastructure. If American companies aren't allowed to build secure >infrastrucure, then parts of the infrastrucure will move overseas, as >insurance, liability, and deployment costs rise for a badly secured >network. > > This issue will not cause the USA to become a third world >nation, but it will contribute to large institutions moving their data >processing out. Tim, you've talked a lot about how companies will >move data centers out of the US to avoid 'expensive' laws; do you see >the ITARs as being in a different catagory, than say, the laws on >reporting a bankruptcy? Sure, they will move some parts of their operations to other jurisdictions. They already are, for various reasons. Most large U.S. companies are of course "multinationals." I didn't cite examples, and won't now. (But you can imagine a few of the many successful U.S. companies: Sun, Intel, Microsoft, SGI, Qualcomm, Altera, Merck, and on and on.) I am not saying that things are as they should be. And I am not a U.S. chauvinist. I really don't care which countries do well, so long as my investments continue to do well. My point was that hyperbole about the U.S. being on the verge of becoming a Third World nation is wrong. As Sternlight might put it, "arrant nonsense." --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Mon Aug 21 18:19:04 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 21 Aug 95 18:19:04 PDT Subject: Quantum Computers for the 12th Time Message-ID: At 7:00 PM 8/21/95, J. Kent Hastings wrote: >Doesn't quantum coherence require molecular precision if it >is to work on 1024 bit PGP keys? If it works, such keys can >be instantly factorized. It would be nice to follow that progress. > >If human engineered molecular nano works, we'll have much >more than PGP to worry about. Copies of copies of >replicating disassemblers could rip the Earth apart in three >days, assuming doubling every 20 minutes like bacteria, >but not limited to proteins. > >That would have a big impact on digital cash networks! I urge all those interested in quantum computers to consult the CP archives. Also, my FAQ has a couple of pages on it. Grep for the main topic, or for Shor. This comes up every 3-4 months and produces the same speculations. I think nanotech and quantum computers have even less to do with real concerns than Waco and Foster do. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From wilcoxb at nagina.cs.colorado.edu Mon Aug 21 18:40:36 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Mon, 21 Aug 95 18:40:36 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: <9508211920.AA27347@tis.com> Message-ID: <199508220140.TAA12229@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > >Thanks again, and I hope you go ahead and start PGP-clearsigning your posts > > Yes, I've been remiss. It's an old belief -- that signing is expensive. > Now that I'm using emacs extensions and RMAIL, it's really easy -- but I > still follow the old habit. > > We really need mailers with auto-cryptography! (as easy as in Lotus Notes) I have a pretty easy-to-use set-up... Not to seem picky or anything, but now that I have a clearsigned message from you, I need your public key in order to verify it. :-) Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDk1evWZSllhfG25AQGEVgP9HKxRWdvroE1KdMUEI7zAogwVpeViLaL0 v2Al/lJQIjqiUKFASFuFw6zfR/5d3myL3mhJ0b7Yb/mu2u4wj2zIrmui+8h8qBmw +L2GoeJFnOVrkX32Dt9uZ6ckS66hbSDkYQ6rVY2dTii8lszPjEC7f6gE7/fl8Ky0 zC/f2+pUUko= =Q0tW -----END PGP SIGNATURE----- From jya at pipeline.com Mon Aug 21 18:42:34 1995 From: jya at pipeline.com (John Young) Date: Mon, 21 Aug 95 18:42:34 PDT Subject: Newsweek on PGPfone Message-ID: <199508220142.VAA16607@pipe5.nyc.pipeline.com> Newsweek, August 28, 1995, p. 10. Encryption: Pretty Good Phone Privacy [Photo] 'This is what I do': Cryptomaster Zimmermann In the wake of reports that the Clinton Administration is considering another Clipper-like scheme to ensure government access to encrypted conversations and e-mail, Phil Zimmermann is striking again. The 41-year-old author of the notorious PGP (Pretty Good Privacy) software program that scrambles e-mail so snoops can't read it is about to release a sequel: PGPfone, which allows people to use their computers as secure telephones. If you have a recent Macintosh (a Windows verson comes next month) and a fast modem, you and a friend can speak in total privacy. As with its predecessor, Zimmermann is giving the software away, via MIT's Internet sites. Meanwhile, he's still waiting to hear whether the Feds will indict him for export violations in the distribution of PGP. Does Zimmermann worry that releasing PGPfone -- which can theoretically frustrate law- enforcement wiretaps -- will further inflame those who wish him arrested? "I'm a cryptographer, " he says. "This is what I do." [End] From wilcoxb at nagina.cs.colorado.edu Mon Aug 21 18:47:07 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Mon, 21 Aug 95 18:47:07 PDT Subject: No Subject Message-ID: <199508220146.TAA12445@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Here is an article that I just posted to alt.security.pgp and sci.crypt. Having had a couple of hours to calm down, it seems a little frenetic, but there is enough truth in it that I will now repost it to cypherpunks. Context: Someone was asking how he could go about verifying the identity of an anonymous interlocutor, so that he could sign his public key. - -----BEGIN PGP SIGNED MESSAGE----- Look, I don't have a lot of time here, but I need to say that this whole "certifying anonymous keys" idea is misled. The fact is, *I* *don't* *care* what your True Name is. I can only think of two reasons why you would need a person's True Name, and I doubt that anybody here can apply either of these reasons to anyone else here. Reason Number Uno, why you might want a person's True Name: Because you want to physically hurt them, or effectively threaten to hurt them. (Or send someone else to do it, like a hit man, policeman, etc.) Reason Number Dos, why you might want a person's True Name: Because you want to have sex with them. (Or as above, if you prefer to do it through proxies...) Okay now does anyone want to do any of the above two things to me? If not then *don't* *worry* about whether my public key is signed by anyone or not. It makes zero difference to you until such a time as one of the above motivations acquires. Zimmermann et al. were/are naive to emphasize the Web of Trust as a means of introducing strangers. With very few exceptions, strangers don't *need* to verify each other's physical identities! This fact is central to some of the more interesting social evolutions that information technology promises to cause. In retrospect, the emphasis in "pgpdoc1.txt" on verifying True Names via mutually trusted introducers will seem quaint. Bryce Announcement: I have had technical difficulties. If you sent me e-mail between Aug 5 and Aug 20 and didn't receive a response, please re-send. signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDkLf/WZSllhfG25AQFhxwP6AzS0nus2QK8UEF5rvyqhFrwpzeAEE/Vr BwRXJtstk5ln2f3SRh7BSYfda/TQDJe2VRt0qMF1xNCt1VLP+QCyr06LqZ0i/qv0 /CpC85/QRAgpQtrgyFKR6v3Ryi3MbeiUQuEOSgU+OelvZ5XcoRP3o5WDp18N4+Pv 5ddGzIVXQEk= =5rxb - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDk3AfWZSllhfG25AQGQCgQAld0FFtRVZgDKZ1ofok4pK9zAAqlJHCiO A+eLsSolfIvvfpTiE0viJUOuXIywnWzBT50js4LodwsQI4cKSVfnHdYNI4aoyQJf G2P7dy7BaryOj8C74U2gYYq8Lys6Mh/i640KEa77EV4ZEDpLhSi25R+LB58qjvwJ l705Z8I/Bhs= =+xrs -----END PGP SIGNATURE----- From mfroomki at umiami.ir.miami.edu Mon Aug 21 18:48:55 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Mon, 21 Aug 95 18:48:55 PDT Subject: Partial Key Escrow In-Reply-To: Message-ID: A disadvantage of this ingenious proposal is that it makes it even more difficult to spot rogue key-cracking efforts. If you are an honest government employee and you come across a key cracking program today, and you work for a domestic TLA you know something funny is going on. "Just routine" will be line henceforth... A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm From FKnobbe at ix.netcom.com Mon Aug 21 18:56:09 1995 From: FKnobbe at ix.netcom.com (Frank Knobbe) Date: Mon, 21 Aug 95 18:56:09 PDT Subject: Crack some code... Message-ID: <199508220153.SAA17152@ix6.ix.netcom.com> Howdy folks. Who would be willing to try to crack a code that I implemented in one of my programs? The file is a simple index file containing ASCII characters besides pointers. If someone is interested in cracking that agorithm, simply send me a mail. I'm curious of how good that algorithm is... Greetings from Tennessee, Frank ----------------------------------------------------------------------------- Frank Knobbe: FKnobbe at ix.netcom.com (preferred), Frank at TechEx.com PGP 1024/26639025 fingerprint=7A EA FF 87 BF EA 00 CD 83 B1 89 81 7E D2 69 96 http://www.techex.com/~frank/home.html (<- Under Construction!) IPhone: Elwood at iphone.vocaltec.com, Ch: Tennessee ----------------------------------------------------------------------------- Signature Space for Rent! Imagine your signature here. For more info contact: Don at twr.ite.us From sw at tiac.net Mon Aug 21 20:07:52 1995 From: sw at tiac.net (Steve Witham) Date: Mon, 21 Aug 95 20:07:52 PDT Subject: Eric Hughes? Message-ID: <199508220307.XAA29459@zork.tiac.net> Eric Hughes, if you're listening, please send me a note so I can update my address file. I don't receive cypherpunks right now. --Steve Witham :o)-: - From hallam at w3.org Mon Aug 21 20:14:13 1995 From: hallam at w3.org (hallam at w3.org) Date: Mon, 21 Aug 95 20:14:13 PDT Subject: DES & RC4-48 Challenges Message-ID: <9508220313.AA20225@zorch.w3.org> Hello all, Lets face it the real challenge is DES, but those 56 bits are quite a bit harder than 40. 65536 times harder in fact. But if people broke 48 bits then maybe they might start to see 56 as being in reach. After all everyone wants to be in for the biggie. So before the NSA fobs us off with 48 bits can we crack it? Wind up the 40 bit code a tad and set to work. It sounds as if it is comparable to the RSA-129 prime that was cracked (OK its probably a touch harder but machines are faster now). So who wants to make an RC-48 and a DES challenge? Phill. From stewarts at ix.netcom.com Mon Aug 21 20:39:23 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 21 Aug 95 20:39:23 PDT Subject: signing keys for nyms Message-ID: <199508220335.UAA17520@ix7.ix.netcom.com> At 07:46 PM 8/21/95 -0600, Bryce Wilcox wrote: >Look, I don't have a lot of time here, but I need to say that this whole >"certifying anonymous keys" idea is misled. The fact is, *I* *don't* *care* >what your True Name is. > >I can only think of two reasons why you would need a person's True Name, >and I doubt that anybody here can apply either of these reasons to anyone >else here. > >Reason Number Uno, why you might want a person's True Name: > >Because you want to physically hurt them, or effectively threaten to hurt >them. (Or send someone else to do it, like a hit man, policeman, etc.) > >Reason Number Dos, why you might want a person's True Name: >Because you want to have sex with them. (Or as above, if you prefer to do it >through proxies...) > >Zimmermann et al. were/are naive to emphasize the Web of Trust as a means of >introducing strangers. With very few exceptions, strangers don't *need* >to verify each other's physical identities! This fact is central to some of >the more interesting social evolutions that information technology promises >to cause. In retrospect, the emphasis in "pgpdoc1.txt" on verifying True >Names via mutually trusted introducers will seem quaint. Reason number 0 why you'd want someone's True Nym - Because you've met them in person, or are a friend of a friend, and want to make sure that the key you think is for Mr. X isn't really the key for an imposter - if you've done Lefty Politics over the last few decades, this is not unrealistic. COINTELPRO may have been unreal and UnAmerican, but it happened. Now, trusting people based on mutually trusted introducers may have seemed quaint back in the 60s, and it certainly wasn't foolproof, and planting the suspicion that someone _might_ be a cop was almost as destructive as if they actually _were_ a cop. But it's what there was. (Ok, you had some extra sources of information, like whether the person actually paid all their organization dues (COP!) or smoked dope with you (and inhaled) or started advocating unreasonable violence (probable cop)...) That doesn't mean you checked government-issue ID from people or necessarily even used True Names; you could be dealing with people in person who you only knew as "Bill from Delaware" or "Bear" or "Jeanie from the Sierra Club", but at least if you only trust keys from introducers who know people in person, you're limiting your electronic conspiracy to people you would have conspired with in person as well. (Now, _I_ never bought drugs from Bear, and at this point I don't even remember his True Name - but I didn't turn him in, either...) #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- "The fat man rocks out Hinges fall off Heaven's door "Come on in," says Bill" Wavy Gravy's haiku for Jerry From monty.harder at famend.com Mon Aug 21 20:41:01 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Mon, 21 Aug 95 20:41:01 PDT Subject: Divide and Conquer Message-ID: <8AF9533.0003000356.uuout@famend.com> O > As you may have surmised Hal has given us another challenge to satisfy O > the people who want to do a challenge to see *how fast* they can do it O > by involving as many people and their computers as possible. Here's a thought or twelve: Precompute the divsion-of-keyspace problem, in advance of the actual issue of challenge. Use whatever criteria of estimating spare mips (idle_percentage * mips_rate) and allocating slices, then issue each participant a [start..end] space (and a direction flag. More on this later). That way, when the challenge is issued, there is no fumbling about, but rather a simple: "Gentlemen, start your programs." Divide the participants into two roughly equal groups of total spare mips, so as to address reliability and trust issues. Then allocate the entire keyspace twice. Later... For more fun, if the cracker can be coded to read a direction flag from the config file, so that the main loop can go ++ or --, the lists of keyspace could alternate thusly: Red Team Blue Team 0000++ 0000++ --iiii --jjjj This method of allocating keyspace iiii++ jjjj++ puts the key in the space of 4 --kkkk --mmmm different people at once, but only kkkk++ mmmm++ increases average search time by a . . . factor of 2 to protect against holes. / --0000 --0000 since the direction flag is independent of / \ (FFFF--) (FFFF--) team, it reveals nothing to a Bad Guy. / Two ways of saying the same thing. In effect, the ranges computed by the allocator are paired up, and the two people who share the range play "meet in the middle". If there are n participants in the group, and b of them are Bad Guys, the probablity of failure would be roughly (b/n)**4. * On a clear disk you can seek forever --- * Monster at FAmend.Com * From jlasser at rwd.goucher.edu Mon Aug 21 20:51:12 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Mon, 21 Aug 95 20:51:12 PDT Subject: Third World Man In-Reply-To: <9508211648.AA17528@toad.com> Message-ID: On Mon, 21 Aug 1995, Peter Trei wrote: > > The US is slipping into the second world as we > > speak, with no signs of a turnaround ahead. Only the sheer size of > > the economy keeps people from believing it. > > Just a nomenclature peeve - I'm not sure of the precise time and > place the (first|second|third) world meme originated, but it seems to > predate 1970, and until very recently it's meaning was clear: > > First world: Western (and Westernized) nations - mainly the US, Canada, Western Europe, > Japan, Australia, & New Zealand > > Second world: Communist bloc (I can still remember the Cultural > Revolution. Prior to that, the Communists seemed a monolithic force, > marching in lockstep.) > > Third world: The rest, mostly poor nations. Erm, nope. The "First World" (or old world) was Europe and Asia; the "New World" (not frequently referrred to as the second world, but hey...) The third world was the developing nations. THAT (as far as I was taught in history class, so it MIGHT be a lie...) was how the terms originated... Jon ------------------------------------------------------------------------------ Jon Lasser (410) 494-3253 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From dan at milliways.org Mon Aug 21 21:12:15 1995 From: dan at milliways.org (Dan Bailey) Date: Mon, 21 Aug 95 21:12:15 PDT Subject: DES & RC4-48 Challenges Message-ID: <199508220411.AA13217@ibm.net> On Mon, 21 Aug 95 23:13:06 -0400 you wrote: > >Hello all, > > Lets face it the real challenge is DES, but those 56 bits are quite a >bit harder than 40. 65536 times harder in fact. > >40 bit code a tad and set to work. It sounds as if it is comparable to the >RSA-129 prime that was cracked (OK its probably a touch harder but machines are >faster now). > > So who wants to make an RC-48 and a DES challenge? Not having my copy of The Differential Cryptanalysis of the Data Encryption Standard handy, I'd like to know about the distributability of this type of DES attack. Done right, we could significantly reduce the time complexity. The main problem, of course, would be coordinating such an effort. I seem to recall this attack requiring lots of known plaintexts. Time to review the text, I suppose.... Does the Federal Reserve still use single-key DES? Dan ****************************************************************************** "I think, therefore I am" - Descartes Dan Bailey "I don't think, therefore I'm a moustache." - Sartre dan at milliways.org Worcester Polytechnic Institute and The Restaurant at the End of the Universe ****************************************************************************** From buster at klaine.pp.fi Mon Aug 21 21:16:19 1995 From: buster at klaine.pp.fi (Kari Laine) Date: Mon, 21 Aug 95 21:16:19 PDT Subject: Article in Time Magazine Message-ID: <199508220416.AA03981@personal.eunet.fi> > How many exported software products might have backdoors, > vulnerabilities, and hidden procedures which are harmfull if ever > activated? I am not saying it is so I am just speculating Windows ? Microcode of big host systems like the one from IBM? Each mainframe comes with a line attached. Customer typically don't have the faintest idea what is going on that line. I know one customer who stuck a printer there and though - now we will see ... well he ended up with printouts he did not have the faintest idea of their context. Now does anyone has real evidence of possible backdoors? Best Regards Kari Kari Laine buster at klaine.pp.fi LAN Vision Oy Tel. +358-0-502 1947 Sinikalliontie 14 Fax +358-0-524 149 02630 ESPOO BBS +358-0-502 1576/1456 FINLAND From wfrench at interport.net Mon Aug 21 21:21:25 1995 From: wfrench at interport.net (Will French) Date: Mon, 21 Aug 95 21:21:25 PDT Subject: your mail Message-ID: <199508220417.AAA29302@interport.net> > Thanks again, and I hope you go ahead and start PGP-clearsigning your posts > so that my high opinion of you can become more firmly fixed. > :-) > Regards, > Bryce If I don't PGP-sign my message, you can't prove I sent it. But if you don't put your name and e-mail address at the bottom of your message, I don't even know who you are! (Your message was hit by the "three screens of Apparently-To: headers" bug, and the From: line says "owner-cypherpunks at toad.com". The Subject: line also got lost.) Let's get the basics straight first, okay? This has been part of netiquette since before there was a net! Will French From solman at MIT.EDU Mon Aug 21 21:43:33 1995 From: solman at MIT.EDU (solman at MIT.EDU) Date: Mon, 21 Aug 95 21:43:33 PDT Subject: DES & RC4-48 Challenges In-Reply-To: <199508220411.AA13217@ibm.net> Message-ID: <9508220443.AA03977@ua.MIT.EDU> Dan wrote: |Not having my copy of The Differential Cryptanalysis of the Data |Encryption Standard handy, I'd like to know about the distributability |of this type of DES attack. Done right, we could significantly reduce |the time complexity. | The main problem, of course, would be coordinating such an effort. I |seem to recall this attack requiring lots of known plaintexts. Time |to review the text, I suppose.... | Does the Federal Reserve still use single-key DES? The forms of differential cryptanalysis that I'm aware of require The cracker to adaptively atack the encrypting or decrypting device. I therefore do not believe that they are especially applicable to financial transactions schemes, most of which change keys quite frequently. JWS From tcmay at got.net Mon Aug 21 21:56:58 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 21 Aug 95 21:56:58 PDT Subject: Third World Man Message-ID: At 3:46 AM 8/22/95, Jon Lasser wrote: >On Mon, 21 Aug 1995, Peter Trei wrote: > >> > The US is slipping into the second world as we >> > speak, with no signs of a turnaround ahead. Only the sheer size of >> > the economy keeps people from believing it. >> >> Just a nomenclature peeve - I'm not sure of the precise time and >> place the (first|second|third) world meme originated, but it seems to >> predate 1970, and until very recently it's meaning was clear: >> >> First world: Western (and Westernized) nations - mainly the US, Canada, >>Western Europe, >> Japan, Australia, & New Zealand >> >> Second world: Communist bloc (I can still remember the Cultural >> Revolution. Prior to that, the Communists seemed a monolithic force, >> marching in lockstep.) >> >> Third world: The rest, mostly poor nations. > >Erm, nope. The "First World" (or old world) was Europe and Asia; the "New >World" (not frequently referrred to as the second world, but hey...) The >third world was the developing nations. THAT (as far as I was taught in >history class, so it MIGHT be a lie...) was how the terms originated... Then you should sue your history teacher for giving you a defective education :-}. Perhaps she or he was of my generation and was at Woodstock when she should've been doing her homework. By convention, the First World is the set of "Western" nations, the democratic, capitalist nations. The Second World, though not often used as a term, is the set of Communist bloc nations. The Third World, by far the most commonly used term here, is the set of nations not formally affiliated with either the First or Second Worlds. These nations are often poor, though not necessarily poor, and so the "Third World" is often (incorrectly) associated with poverty. And, to confuse things further, the "lesser-developed countries," or LDCs, are often equated to the Third World. When a certain character in a television show referred to "Third World mutants," he was also referring to "your basic brown types." (His words, not mine. Ten credits to anyone who can identify the t.v. show and the character.) The term "Fourth World" has in the last 20 years come to refer to the countries which are so impoverished as to be almost hopeless. Bangla Desh is the canonical Fourth World nation. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hallam at w3.org Mon Aug 21 22:30:28 1995 From: hallam at w3.org (hallam at w3.org) Date: Mon, 21 Aug 95 22:30:28 PDT Subject: DES & RC4-48 Challenges In-Reply-To: <199508220411.AA13217@ibm.net> Message-ID: <9508220529.AA20429@zorch.w3.org> I don't think the differential Cryptanalysis attack helps very much. You need a somewhat improbable quantity of chosen plaintext to attempt it. You would get further with a direct attack I suspect. In any case lets do RC4-48 or RC4-44 first as proof of ability. Another idea, lets crack CMDF, IBMs weakened key DES. After DES the only other crack of interest thats in range is the meet in the middle attack on two key DES. Clipper looks a bit off in the distance still. (We will get it one day, probably not until 2010 though). I think we can probably do DES within two years. Phill From tcmay at got.net Mon Aug 21 23:01:48 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 21 Aug 95 23:01:48 PDT Subject: True Names and Webs of Trust Message-ID: Just a comment on this business of whether we need certification of the True Names of people we deal with: I've dealt with "in person" maybe 60 to 100 of the people on this list (at one time or another). In no cases--not a single one--have I made elaborate checks to confirm that people are who they claim to be. A few driver's licenses have been flashed at meetings, but I didn't look closely. Maybe a passport was even displayed, but, again, I didn't look. And documents are readily forged. This has relevance to the thread Michael Froomkin raised, as well. To wit, none of the people I've met has been "certified." And yet it doesn't bother me. As Bill Stewart correctly claimed is my view, the "key is the identity." Or, more accurately, a _persistent personna_ is what matters. Thus, I don't need to "verify" that "Eric Hughes" is "really" Eric Hughes, and is not actually Fritz Doppelganger, assigned to Berkeley by the BND. I really don't care about the so-called "reality." (Sorry for all of the "quotes," but all of these terms are heavily laden with connotations which bear deconstructing.) My experiences are the norm, I think. Identity credentials are rarely checked, and most people don't care too much. (An important point is that in a cash economy, identity is almost irrelevant. It's only in non-cash, or "account-based," economy that True Names are demanded. Lots of interesting issues to discuss here, which I won't now.) The "web of trust" model is really the normal way people go about their business. I knew someone once introduced to me as "Hugh Daniel," and he eventually introduced me to someone calling himself "Eric Hughes," and so on. Introducers, webs of trust, etc. What their "real names" are makes little difference. (Besides, their Real Names were written on flat stones on the 3rd day after their births and placed in a safe place known only to the Great Bird.) I never use the web of trust model in PGP. I get so few PGP messages that it's enough that people I know give me their keys. So I concede that the web of trust model in the PGP world may or may not scale well. (In the sense of tens of thousands of folks establishing a "web of trust.") But the _basic_ idea of self-arranged transfers of keys and local networks of friends is right on. This is why I don't worry too much about the need for government-authenticated keys and True Names. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Mon Aug 21 23:24:07 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 21 Aug 95 23:24:07 PDT Subject: DES & RC4-48 Challenges Message-ID: At 5:29 AM 8/22/95, hallam at w3.org wrote: >I think we can probably do DES within two years. > > Phill I strongly doubt it, and may be willing to bet money against it happening. (If "we" means someone or some group on this mailing list. If "we" means the Net, I still doubt it will happen.) If the "idea futures" and betting markets we've talked about here (which exist) ever take off, this may be a way to make some money for someone. For example, if someone was laying 10:1 odds that SSL would not be cracked in 1995.... And for the "do DES" bet, you need to differentiate (no pun intended) between a chosen plaintext attack and a more general attack. The differential cryptanalysis ("DC" gets another overload) method needs chose plaintext to cut the search space down to 2^47 keys. Wiener's hypothesized "million dollar DES cracker" may do the general attack, but I doubt anyone on our mailing list will do it. That is, the number of workstations and even supercomputers which would have to be lashed-together would be, ballpark, about 2^16 times greater than what was lashed-together for the SSL challenge. Maybe a factor of ten could be cut out with increased cleverness. Maybe. Call it a factor of "only" 6000 times harder than the SSL challenge. Hard to imagine this happening in the next two years. Maybe if much of the Net community was energized to run DES crackers instead of Flying Toasters, but a hard effort to organize...for fleeting reward. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tbyfield at panix.com Tue Aug 22 02:19:21 1995 From: tbyfield at panix.com (Ted Byfield) Date: Tue, 22 Aug 95 02:19:21 PDT Subject: DES & RC4-48 Challenges Message-ID: At 11:52 PM 8/21/95, Timothy C. May wrote: >Call it a factor of "only" 6000 times harder than the SSL challenge. Hard >to imagine this happening in the next two years. > >Maybe if much of the Net community was energized to run DES crackers >instead of Flying Toasters, but a hard effort to organize...for fleeting >reward. Given the rate at which news of the prior cracks seems to have spread among people quite new to these questions, I think you'd be surprised: I've heard mention of it from no less than ten people who, to my knowledge, had never before taken any interest whatsoever in crypto questions. Granted, ten people a-laboring away on Pentiums and PPCs ain't much--but, who knows?, my experience might just scale quite well. Yes, I know: Life is short and art is long. Still, I think it's worth a try: failure seems likely and success remote, but how much sweeter victory if the project were to succeed. The key, I think, would lie in making participation in the project extremely accessible: developing simple platform-specific apps that'd make sweeping space nearly idiot-proof. If joe.anne.net could DL an app appropriate to hir platform then fill out field in a web page that would delegate keyspace according to the question "I can let my [platform] run for [n] hours," and easily report back the results, the response might be quite strong. How long it would take to succeed, _if_ it did, is anyone's guess: it could be a day or a decade. Obviously, the preparation would be a labor-intensive; the trade-off, a good one imho, is that this labor having been performed, the reservoir of potential contributors would expand manifold. If we could increase the reservoir by a factor of 1000, which isn't at all unlikely, that advance would be nothing to sneeze at. Cracking something that for now seems beyond reach would up the ante in a pretty big way, and would put that much more pressure on policymakers to jack that bit-limit up. And that's exactly what we want. Ted From patl at skyclad.lcs.mit.edu Tue Aug 22 07:12:08 1995 From: patl at skyclad.lcs.mit.edu (Patrick J. LoPresti) Date: Tue, 22 Aug 95 07:12:08 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: <199508220140.TAA12229@nagina.cs.colorado.edu> Message-ID: <199508221411.KAA00910@skyclad.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "wilcoxb" == Bryce Wilcox writes: >> Yes, I've been remiss. It's an old belief -- that signing is >> expensive. Now that I'm using emacs extensions and RMAIL, it's >> really easy -- but I still follow the old habit. wilcoxb> I have a pretty easy-to-use set-up... Probably not as easy as Carl's. wilcoxb> Not to seem picky or anything, but now that I have a wilcoxb> clearsigned message from you, I need your public key in wilcoxb> order to verify it. :-) Assuming Carl is using Mailcrypt under Emacs (as he suggests above), then he doesn't have the same problem. When the signature fails to verify for lack of a key, Mailcrypt will parse the PGP output and offer to fetch the needed key automatically (and instantly) via HTTP to the keyservers. But then, Emacs only runs on "ghettoized" operating systems like Unix, VMS, OS/2, and Windows 95... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMDnljnr7ES8bepftAQEFLwP/b9TE5QphAhJl1PyhdAsbyE3Vx58TuwGD dAJf2fpThN9wYgQ3b0K+QxYbLVcQTbof5v8/AvYyM32JrsEzRQXZmjguoOT0BnLz gjxTS5qLhOmcOhbUc6G3iEPQTuusWU59PPqp1TYPkZ0zVopDvPjay2O60whl4t/a bARjHknf+es= =bAX+ -----END PGP SIGNATURE----- From patl at skyclad.lcs.mit.edu Tue Aug 22 07:47:03 1995 From: patl at skyclad.lcs.mit.edu (Patrick J. LoPresti) Date: Tue, 22 Aug 95 07:47:03 PDT Subject: True Names and Webs of Trust In-Reply-To: Message-ID: <199508221446.KAA00931@skyclad.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- tcmay> As Bill Stewart correctly claimed is my view, the "key is the tcmay> identity." Or, more accurately, a _persistent personna_ is tcmay> what matters. These discussions are missing the entire point of the Web of Trust. Key signatures exist for one reason and one reason only: To thwart man-in-the-middle attacks. Whether your "persistent persona" is a True Name (tm) or a pseudonym is irrelevant. Suppose a sysadmin on your site installed a filter on your mail and news that translated everything between your real public key and one of her choosing. Such a transformation could be done automatically quite easily. How long before you would notice? Depending on how careful you are, it could take quite a while. Key signatures avoid this attack. What a key signature *means* is that the signer is personally vouching that no such attack has taken place. Each signer has his own level of paranoia, and you need some knowledge of that paranoia level to evaluate the worth of a signature. Requiring a True Name backed by state-appoved photo ID is a pretty high level of paranoia. (It would take a lot of effort to monitor this exchange, edit it to arrange a meeting between us, show up with photo ID for "Tim May", and continue editing every time one of us mentioned our personal meeting...) Pseudonyms *do* pose a problem here. The problem is not whether someone tries to use a name that "really" belongs to someone else. Who cares? The problem is making sure that your conversation with the entity at the other end of the wire is secure. This is what the Web of Trust provides. If I take the time to have a long conversation with a pseudonym (so that I "get to know him"), then I arrange a personal or telephone meeting, and the person I talk to is totally consistent with the person I know electronically, then I can feel safe signing his key. ("The entity calling itself 'Patrick J. LoPresti' asserts that the entity it knows as 'John Doe' uses this public key.") Of course, I need to know him pretty well before I can do this, lest the man-in-the-middle deceive us. The beauty of the Web of Trust is that once I have done this, everyone else who trusts me can use the pseudo's key with confidence and without going through the same trouble. Zimmermann clearly understood all of this, but I don't think he documented it properly. In my opinion, everyone should always think in terms of man-in-the-middle attacks when signing a public key. Mandating "True Names" is just an overconservative approach suitable for people who don't fully understand the issue. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMDntwHr7ES8bepftAQFyyAQAnFtDh4UxHOtFoykCFVyK4s0CXqXhku+k T8n/881R0F1lL+qKMlkxCd0qRmYXueeYGCO6oXAMWgVjVBQ4PluAdw7Ad4b9GxDA FzkuN5oasKbyKyyCRguRq7DszKWW0nyjGbsToq0udtX0fsY33ZtU3btbsjawBFgI Kk7TEeHBT+8= =pndj -----END PGP SIGNATURE----- From lws+ at transarc.com Tue Aug 22 08:19:01 1995 From: lws+ at transarc.com (Lyle Seaman) Date: Tue, 22 Aug 95 08:19:01 PDT Subject: Partial Key Escrow In-Reply-To: Message-ID: Michael Froomkin writes: > A disadvantage of this ingenious proposal is that it makes it > even more difficult to spot rogue key-cracking efforts. If you are an > honest government employee and you come across a key cracking program > today, and you work for a domestic TLA you know something funny is going > on. "Just routine" will be line henceforth... Yeah, but that _doesn't matter_. The domestic TLA can't afford to embark on massive, wholesale fixing expeditions this way, even _with_ the escrowed part. The point is to fix the unescrowed part at such a size that they can afford to crack a limited number of keys in a reasonable interval. Say, at a cost of about $10000 / key. That's peanuts for an OKBomb or WTC bomb case, but it gets to be expensive (hard to hide the expense) if you're fishing for dirt on members of the opposition party, or investigating 14 year-old Black Panthers. It also suggests some interesting (and admittedly, abusable) TV shows. "type this number into your ``America's Most Wanted'' official Screen Saver key finder..." From rah at shipwright.com Tue Aug 22 09:02:00 1995 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 22 Aug 95 09:02:00 PDT Subject: e$: The Book-Entry/Certificate Distinction Message-ID: At 2:30 AM 8/22/95, Timothy C. May wrote: > (An important point is that >in a cash economy, identity is almost irrelevant. It's only in non-cash, or >"account-based," economy that True Names are demanded. Lots of interesting >issues to discuss here, which I won't now.) I'd like to vamp on this for a while. I think Tim's talking about what I call the book-entry/certificate distinction. It goes right to the heart of finance, and it's why I think that the strong crypto/Moore's law combination is going to do more to free people than any political system ever could. (How's that for a wind-up to a rant?) Accounting, well, double-entry bookeeping anyway, was invented in the late middle ages so people could measure their financial progress, but most importantly, so that people could trust other people doing the measurement for them: their bookeepers. This allowed the Renaissance entrepreneur (or more orignally an Italian nobleman, who was more of a gangster than anything else) to delegate financial measurement and consequently build a much larger enterprise than he could have otherwise. Before double-entry bookeeping, the first book-entry system, everything was done on a cash, or certificate, basis, and, like the apocryphal Silicon Valley entrepreneur's bedroom shoebox, you knew you were making money when there was more in the till today than there was yesterday. The first certificates were actually the first form of writing: the original Cuneiform(sp?) of the Babylonians actually evolved from little pieces of clay formed into interesting three-dimensional polygons with a signature seal stamped on them, certificates, or abstractions of value, like "3 cows, so says I, J. Nebbuchenezzar", these were, in turn, used like money. Book-entry allowed the creation of larger and larger enterprises, and it's no surprise that a hundred years or so after the invention of double entry bookeeping, joint stock companies, and eventually limited liability, came into being. The paradox here was that this was an enherently certificate-based system. People met in front of a buttonwood tree on Wall Street, and traded ornately engraved certificates representing some fractional amount of a company's shares or debt outstanding. To trade your shares, you had to physically send them to Wall Street to have them traded for you. Eventually book-entry systems got into the trading of securities when stock exchanges were founded. Specialists or market-makers would take your order, and cross them on their books with their own inventory or with people on the other side of the trade, or, in the commodities markets where the trade volume is much higher, people stand around a pit, execute the trade with a contra party, and sign each other's orders. This was compounded enormously by the advent of faster communications, particularly telecommunications. People could trade their stock from anywhere by wire, or by physically talking to a branch office of a securities firm who was itself linked by wire to an exchange through its main office. In the early days of book-entry trading, delivery of physical certificates was done at various traders' operations departments, called "cages" for obvious reasons, to settle a trade. After a while clearing houses were instituted to do book-entry settlement of exchange-traded securities. In fact, when someone says "book-entry" these days, they usually mean book-entry securities settlement. A clearing house has all the physical certificates in a vault, and keeps books as pointers to all that paper to show who owns what. Those books match the books of the various traders, and through the miracle of double-entry bookeeping, everything balances so everyone agrees with each other. In fact, the need for all those certificates sort of goes away in this system, and when I first got on this list a year or so ago, Perry and I talked about the existence, at the Depository Trust Company -- the New York Stock Exchange's clearinghouse -- of a single certificate representing a company's entire common stock. Okay, so what does this have to do with strong crypto? A lot. Every once in a while I've compared strong crypto and privacy to flight. Flying is an inherent good for lots of people, but what makes it really economically useful is how fast you go when you fly. People buy airline tickets because they can get anywhere much quicker if they fly than if they do anything else. The same with strong cryptography. Privacy, and the strong cryptography which makes it possible, is an enherent good for most of us, especially here on *this* list. But cryptographically strong protocols become economically useful when used for the creation of certificates which abstract value: digital bearer certificates like digital cash, and eventually digital certificates representing stocks, bonds, and various derivative securities. To understand why, we need to make one further digression. Remember all those telecommunications lines going into the exchanges? The inherent geometry of a system where lines are cheaper than nodes is a hierarchy: you pick up a phone to call someone, and your central office routes you up to its central office, and further on up the hierarchy until the call can be switched back down somewhere to complete the call. The interesting correlation between this "switching" and most of our current social structure can be left for another list, but the reason for this methodology is all bound up in the economics of wires and switches: at first, wires were cheaper than switches, who, in the beginning, were people. We all know the story from there, people were first replaced with electomechanical switches, then with solid-state switches, then with microprocessing switches. When we got microprocessors, the economics of the nodes/lines problem got turned on its head. We run into Moore's Law. Moore's Law, for Moore of Intel, is an observation that the price of a given semiconductor falls by half every 12 months, though it was 18 months when Moore figured this out. From a cryptological prospective, we understand what this means to the future cost of breaking a keyspace of a certain size. Moore's Law also means just as much to the structure of the network: in collapsing the cost of a network's nodes, it converts it from a hierarchy to a geodesic. Like Bucky Fuller's geodesic domes, a geodesic network consists of nodes connected to an arbitrary number of lines, with no real directionality to the motion of traffic: there is no up or down like in a hierarchy. A message could originate at the node, or could be just passing through in any direction to any other line the node is connected to. A good example of this is a company's PBX, which allowed intra-company switching of phone calls for large organizations over long distances directly, without going up and down the telephonic heirarchy. The abolition of monopoly in the telephone system was primarily caused by the advent of the geodesic network, and the phrase "Geodesic Network" was the title of Peter Huber's analysis of the phone system for Judge Green, the judge who broke up the Bell System in the early 80's. Huber's reccommendation to Green in 1986 as was to allow competition in the Regional Bell Operating Companies' core markets: the local loop. They're just getting around to doing it almost 10 years later. Another consequence of hierarchy, right? Once again, the social consequences of geodesic information networks are interesting; ubiquitious computing, telecommuting, flattening organization structures, and lots of other phenomena can be attributed here, and even Mr. Archer's transaction-based tax proposal can. However, let's look at what it does to book-entry, particularly in the presence of strongly cryptographic certificate systems. First, like Tim says, a book-entry system is bad for privacy. The IRS knows how much money you make, the bank knows how much you spend on your credit card, another book-entry system, even your grocery store knows what kind of food your cat likes. In a certificate system, like digital cash, no one knows anything, and it's cheaper that way anyway. Who did what to whom and for how much has no economic value whatever. No one can track the origin of all the bits of cash going through the till, much less audit it's ownership trail, and cryptographic protocols allow the secure handling of the money anyway, so the existence of the money speaks for itself, without needing to know who gave it to you. Book-entry stays where it belongs, on the store's accounting system, and there's reason to believe that as processors get cheaper and cheaper, there might be a micro economy (ecology?) in the making in an enterprise's various economic units, as a result of ubiquitous computing. Transfer payments have always been a vexing problem in large businesses, because there's no way to arrive at a fair price for intra-company trades of goods and services without looking to some outside market price. In fact, it's safe to say that the current paradigm for financial analysis, the efficient market hypothesis and it's offspring, CAPM, Black-Scholes, etc., is a solution to the transfer pricing problem which evolved into something infinitely more useful. But let's take this idea of strong cryptography in a geodesic network to another financial abstraction, the securities markets. What you get then is a reversion to certificate based trading. You've gone back to the Buttonwood tree, only you're now trading digital certificates on the net. People announce their intention to trade, what they're willing to pay or accept, and, when the trade is made, people trade certificates under a strong cryptographic protocol, announce the price to the market, and walk away. People can "make markets" in securities by holding inventories and simply posting their prices bid or asked, to buy or sell their inventory of securities. Notice I said people here. What we're talking about is behavior which was originally done by *people* with *certificates*, and then by ever-larger *institutions* with *book-entry*. That is, until the advent of computers, when the pendelum swung back toward smaller entities. After all, in 1972, anyone with the money could get a Quotron or a NASDAQ Level 3 machine, and soon, at least the sell side of the market was competitive again. The stodgy old firms like Morgan Stanley and Salomon had to turn into very efficient carnivores to survive. Paradoxically, the buy side of the market, composed of banks, pensions, and mutual funds, had its development arrested by regulation and is just approaching the centralizing phase. However, we now know that the operation of both the buy and sell sides of the capital markets are going to get very interesting very soon, right? With a geodesic, certificate-based financial system, the economies of scale caused by hierarchical communications systems go out the window. There is no need to concentrating processing power to be used to used on the market's information, because the information is everywhere without having to concentrate it. What's more, the specialization of processing enabled by Moore's Law creates such a flood of information that no centralized entity can process it all, and so it collapses under its own weight. Everyone trusts their transactions because of the difficulty of forging certificates. That means that once again, a certificate has it's own inherent worth. It speaks for itself, and when it changes hands, the trade is, as Eric Hughes says, "immediately and finally" cleared and settled. The overhead of keeping books is gone, at least for the trading parties, and especially for the clearing houses, who, like exchanges, just kind of disappear, along with any way to regulate them. Somewhere, Joe Kennedy, the first Chairman of the Securities and Exchange Comission, is probably either crying his eyes out or laughing his head off, depending on your interpretation of his role in regulatory history. This brings us to the reason securities exist, anyway. A stock certificate is really a legal document, right? How can you enforce laws in a geodesic environment protected by strong cryptography. Well, in a geodesic market, cryptographic protocols, instead of laws, enforce agreements. If the cryptographic protocol isn't satisfied, the software won't work. It's easy to see how a combination of certification technology and cryptographically anonymous voting protocols allow the direct election of a company's board members without proxies -- another hierarchical device -- for instance. It's easy to see how the presentation of digital interest coupons to a company's bond trustee could result in a payment in digital cash. This seems to work for just about any kind of financial instrument you could imagine. The presence of the digital certificate is prima facie claim upon the abstracted item, votes, interest/dividends, hog bellies, you name it, and the protocol could be put into software everyone could check themselves. Obviously, we aren't talking about the end of bookeeping as we know it (BAWKI? ;-), but it does mean that days of book-entry as a means of social control are numbered. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From tcmay at got.net Tue Aug 22 09:18:43 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 22 Aug 95 09:18:43 PDT Subject: True Names and Webs of Trust Message-ID: At 2:46 PM 8/22/95, Patrick J. LoPresti wrote: >-----BEGIN PGP SIGNED MESSAGE----- > > tcmay> As Bill Stewart correctly claimed is my view, the "key is the > tcmay> identity." Or, more accurately, a _persistent personna_ is > tcmay> what matters. > >These discussions are missing the entire point of the Web of Trust. > >Key signatures exist for one reason and one reason only: To thwart >man-in-the-middle attacks. Whether your "persistent persona" is a >True Name (tm) or a pseudonym is irrelevant. But this is exactly what a persistent personna is. Not a True Name, but a keyholder who has not been spoofed by some other agent or entity. End to end. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From poodge at econ.Berkeley.EDU Tue Aug 22 09:27:02 1995 From: poodge at econ.Berkeley.EDU (Sam Quigley) Date: Tue, 22 Aug 95 09:27:02 PDT Subject: DES & RC4-48 Challenges In-Reply-To: Message-ID: <199508221626.JAA10063@quesnay.Berkeley.EDU> [stuff about running crypto screensavers] It seems like there's got to be an easy way to divvy up keyspace on a real time basis so that anyone with a few cycles to spare can contribute them... There could be a central server out there, which would keep track of what keyspace needs to be swept, etc. Then, clients (available as Mac, DOS, Windows*, UNIX, etc. screensavers) could, whenever possible, connect to the server, get a bit of keyspace, and start checking. The client would tell the server how fast it is (chip and speed), and, optionally, an estimation of how much time it will have free. The server finds some unchecked keyspace and allocates the range. Then, when the screensaver ends (when the user starts working again), it would check in and tell the server how much of the space it checked. The server could implement multiple passes of the keyspace to cope with untrusted clients, etc. Or something like that, anyhow. The point is, the keyspace should be divided on a spare-cycle basis, so that people who happen to have some extra, unused time on a workstation can help without having to follow this list religiously, and without having to commit to checking a certain amount of keyspace beforehand. This really is a nifty concept, and I think a *lot* of people would be interested in running crypto-cracking screensavers. --sq From baldwin at RSA.COM Tue Aug 22 09:31:26 1995 From: baldwin at RSA.COM (baldwin (Robert W. Baldwin)) Date: Tue, 22 Aug 95 09:31:26 PDT Subject: Any code for getting noise from PC & Mac sound card? Message-ID: <9507228091.AA809109019@snail.rsa.com> I am looking for an example of software that extracts unpredictable bits from the sound cards of PCs and MACs. Has anyone written software like this? Can someone send me a URL to it? Thanks, --Bob Baldwin From rsalz at osf.org Tue Aug 22 09:39:04 1995 From: rsalz at osf.org (Rich Salz) Date: Tue, 22 Aug 95 09:39:04 PDT Subject: True Names and Webs of Trust Message-ID: <9508221638.AA26842@sulphur.osf.org> > This has relevance to the thread Michael Froomkin raised, as well. To wit, > none of the people I've met has been "certified." And yet it doesn't bother > me. Just because you haven't been able to easily do it yet, nor found it useful, is no reason not to let new technology provide this service to you. /r$ From MAILER-DAEMON at l0pht.com Tue Aug 22 09:56:33 1995 From: MAILER-DAEMON at l0pht.com (Mail Delivery Subsystem) Date: Tue, 22 Aug 95 09:56:33 PDT Subject: Returned mail: unknown mailer error 126 Message-ID: <199508221645.MAA24957@l0pht.com> The original message was received at Tue, 22 Aug 1995 12:45:26 -0400 from localhost [127.0.0.1] ----- The following addresses had delivery problems ----- "|/home/gheap/\+\ \+\ \# -vo /home/gheap/.elm/gheapfilter.log" (unrecoverable error) (expanded from: gheap) ----- Transcript of session follows ----- sh: /home/gheap/+: No such file or directory 554 "|/home/gheap/\+\ \+\ \# -vo /home/gheap/.elm/gheapfilter.log"... unknown mailer error 126 ----- Original message follows ----- To: cypherpunks at toad.com From: cypherpunks at toad.com Date: Tue, 22 Aug 1995 12:45:26 -0400 blah From altitude at cic.net Tue Aug 22 09:56:38 1995 From: altitude at cic.net (Alex Tang) Date: Tue, 22 Aug 95 09:56:38 PDT Subject: DES & RC4-48 Challenges In-Reply-To: <199508221626.JAA10063@quesnay.Berkeley.EDU> Message-ID: <199508221656.MAA14641@petrified.cic.net> On Tue Aug 22 12:26:49 1995: you scribbled... > > > [stuff about running crypto screensavers] > > It seems like there's got to be an easy way to divvy up keyspace on a > real time basis so that anyone with a few cycles to spare can > contribute them... > > There could be a central server out there, which would keep track of > what keyspace needs to be swept, etc. It seems that the SKSP protocol is a good foundation for just such a plan. Can screensavers such as After Dark for mac/pc access network protocols? or would someone have to write a new screensaver alltogether. ...alex... From tcmay at got.net Tue Aug 22 10:00:16 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 22 Aug 95 10:00:16 PDT Subject: e$: The Book-Entry/Certificate Distinction Message-ID: At 4:01 PM 8/22/95, Robert Hettinga wrote: >Obviously, we aren't talking about the end of bookeeping as we know it >(BAWKI? ;-), but it does mean that days of book-entry as a means of social >control are numbered. A good essay. Too long for me to quote and discuss, though. I worry about our--or at least my, speaking for myself--terminology. Consider these variations on the same theme: cash <--> immediate clearing <--> tokens <--> certificates vs. checks <--> delayed clearing <--> account-based systems (I'm using "<-->" as my own symbol to mean "related to.") Chaum has been harping on this exact distinction in public talks. I at first thought he was beating a dead horse, but I now see that most people just don't get it. (I don't mean people on our list, I mean journalists and writers about "digital money.") Marvin Minsky once said the history of AI is the history of grad students and researchers giving new names to old ideas. (Ironically, Minsky did this in spades when he took the ideas of "object-oriented programming" and invented the term "frame-based systems" to cover the same ground!) One hope I have for the "class library" approach, whether implemented in C++, Java, Smalltalk, etc., is that these terms and concepts will be reified in code, with browsable definitions and examples. The "financial instruments" people have been working on this "ontology of money" for a long time. I have long been surprised that the crypto and financial communities have little overlap. No, I don't mean you folks are not bridging both worlds. And I don't mean the banking and finance industry is not working on incorporating more crypto. I mean that the "Crypto" conferences have very little stuff being published on finance and money, save for the Chaum stuff. The interesting stuff for me lies in the intersection of: Crypto + Game Theory + Economics --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Tue Aug 22 10:13:14 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 22 Aug 95 10:13:14 PDT Subject: True Names and Webs of Trust Message-ID: At 4:38 PM 8/22/95, Rich Salz wrote: >> This has relevance to the thread Michael Froomkin raised, as well. To wit, >> none of the people I've met has been "certified." And yet it doesn't bother >> me. > >Just because you haven't been able to easily do it yet, nor found it useful, >is no reason not to let new technology provide this service to you. I wasn't saying I wouldn't let new technology provide this service for me. I was just saying that lack of it has not been a problem, so far. In very few of my dealings, even in the economic world, have I needed to have any kind of certification. (Buying a new house recently is where I needed certification of inspectors, escrow agents, title companies, etc.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From liberty at gate.net Tue Aug 22 11:25:11 1995 From: liberty at gate.net (Jim Ray) Date: Tue, 22 Aug 95 11:25:11 PDT Subject: Partial Key Escrow Message-ID: <199508221820.OAA26418@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Lyle Seaman wrote: >The domestic TLA can't afford to embark on massive, wholesale fixing >expeditions this way, even _with_ the escrowed part. The point is to >fix the unescrowed part at such a size that they can afford to crack a >limited number of keys in a reasonable interval. Say, at a cost of >about $10000 / key. That's peanuts for an OKBomb or WTC bomb case, >but it gets to be expensive (hard to hide the expense) if you're >fishing for dirt on members of the opposition party,... The problem for THIS member of an opposition party is that the percentage of the U.S. budget comprising "Black" (secret, "off the books" usually mil./intelligence) programs grows yearly, like inflation. At the same time, the speed of chips increases like the national debt and their cost goes down steadily, (see Robert Hettinga's post titled, "e$: The Book-Entry/Certificate Distinction" describing Moore's law). These trends, (IMO) bode ill for my long-term personal (and political!) privacy, unless the freedom of those of you able to "write code"(tm) implement- ing my privacy is unfettered. Anything that reacts as slowly to the marketplace as the government does will constantly be play- ing catch-up. Others may disagree, depending on your individual level of trust in the present government. ... On a different, and sad, note...Phil Zimmermann's mom recently passed away. I encourage all of you to make a donation in her name to his legal defense fund, and (if religious) to include her in your prayers. Peace. JMR - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMDofYm1lp8bpvW01AQEoPQP+JiQHUke0Q/nDdXgt9NIMPbePp5T8dqyn YL5TdWchPCqZ+aaBfbO20/dLADz/C8L7zq88bLLsUaVWr8tArlZPh2keQvOVUWvd PD+/Ky4HsRn7BJaBuc5187gvAtqyvWGAHpYJQ/QilC7cUqDmbCiuBHCD2rsSyj1E XX2Cl1tBnd8= =L5O9 - -----END PGP SIGNATURE----- Regards, Jim Ray "The important thing is not to stop questioning. Curiosity has its own reason for existing. One cannot help but be in awe when he contemplates the mysteries of eternity, of life, of the marvelous structures of reality. It is enough if one merely tries to comprehend a little of this mystery every day. Never lose a holy curiosity." -- Albert Einstein - ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 - ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDof2SoZzwIn1bdtAQGacwGAmM50nkIDJvU6i8PApdwtZ5oG1vIN7Nv0 zLZloPP4+6FR3R9vkYun5Ptq7yEARTqU =UuAX -----END PGP SIGNATURE----- From aba at dcs.exeter.ac.uk Tue Aug 22 11:52:46 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Tue, 22 Aug 95 11:52:46 PDT Subject: C$ prize for bruting Hal's next challenge? Message-ID: <1792.9508221850@exe.dcs.exeter.ac.uk> It has been suggested to me that we might like to add a fun incentive to the bruting of Hal's 2nd SSL challenge as posted to cypherpunks on Aug 19th. To this end we need some c$ for the pot! I'll be collecting donations for the pot and vouch that every c$ cent handed over will be handed to the person who hits the key. The only reciever of the jackpot for hitting the key, will be encouraged to cash it in on the ecm mailing list / ecash market WWW ecm at ai.mit.edu, http://www.c2.org/~mark/ecash/ecash.html so that currency is not taken out of circulation, and to help boost the flow of c$ for the ecash market, as there appears to be a shortage of e$ sellers. For info on joining in the lottery for a chance to win your c$ back and then some, or just to win other peoples c$, take a look at: http://www.brute.cl.cam.ac.uk/brute/ The challenge has not started yet, that will probably not be for a day or two yet, so you've got time to get the software, check that it works etc. Then stand by... for "the ready, steady, go!". The reason for the start line affair is that for demonstrational reasons this attempt is designed to show how quickly a Netscape SSL session can be cracked. There is a WWW interface to getting key space for those behind firewalls or without direct IP. I hereby donate c$ 50 to the pot, mail me your c$. (It won't be a good idea if you post your c$ to the lists, as the first person to cash it gets it, you need to do it in private email, PGP it even). To generate your payment either save it to a file, or email directly to me via the digicash client, click on the icon which looks like a note (is that what it's supposed to be? the one next to the bank symbol), then choose to send via file / email toggle make payment, enter the amount (leave the shop account ID blank, give a payment description if you like). Adam [btw is there still something wrong with toad.com? traffic seems exceptionally light...] From trei at process.com Tue Aug 22 12:11:19 1995 From: trei at process.com (Peter Trei) Date: Tue, 22 Aug 95 12:11:19 PDT Subject: NEXT CHALLENGE: so, when does it start? Message-ID: <9508221911.AA16633@toad.com> Well, I've got the program, and I'm ready to start sweeping (about 35,600 keys/sec on a P5 90 Mhz NT machine - have to see how many I can draft for this) - I even compiled for Win 3.11 (less than 800 keys/sec on a 486/33 - don't think I'll bother). I've got the challenge file from Adam's messages. But when do we start? Have we started already? Have we completed? It's difficult to tell. There was talk of starting at 12:00GMT (about 6 AM here on the east coast), but there was no 'start now' message to the list. At Adam's site, I can see that 'project 11fa' has been completed, but the key (000000001234) looks like test data. If I try to allocate keys, I get the 600 SLEEP 3600 message, which suggests strongly that the seach has not started yet. Adam, when you fix a time to start the search, could you: 1. Send a message to the list, clearly saying so, and giving the time. 2. Put a

headline

in your page saying it's underway? Thanks. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From shamrock at netcom.com Tue Aug 22 12:38:06 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 22 Aug 95 12:38:06 PDT Subject: C$ prize for bruting Hal's next challenge? Message-ID: At 19:50 8/22/95, aba at atlas.ex.ac.uk wrote: >I hereby donate c$ 50 to the pot, mail me your c$. (It won't be a >good idea if you post your c$ to the lists, as the first person to >cash it gets it, you need to do it in private email, PGP it even). To >generate your payment either save it to a file, or email directly to >me via the digicash client, click on the icon which looks like a note >(is that what it's supposed to be? the one next to the bank symbol), >then choose to send via file / email toggle make payment, enter the >amount (leave the shop account ID blank, give a payment description if >you like). I like the idea, but there are two problems with it: -Not all platfoms let you save e$ to a file. You got to open a shop. -Leaving the shop ID blank won't work. You got to use @ (wildcard) for shop ID to turn e$ into a bearer certificate. Get the shop going and I'll donate e$50 -- Lucky Green PGP encrypted mail preferred. From aba at dcs.exeter.ac.uk Tue Aug 22 12:50:08 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Tue, 22 Aug 95 12:50:08 PDT Subject: NEXT CHALLENGE: so, when does it start? Message-ID: <2084.9508221946@exe.dcs.exeter.ac.uk> > Well, I've got the program, and I'm ready to start sweeping > (about 35,600 keys/sec on a P5 90 Mhz NT machine - have to see > how many I can draft for this) - I even compiled for Win 3.11 (less > than 800 keys/sec on a 486/33 - don't think I'll bother). > > I've got the challenge file from Adam's messages. > > But when do we start? Have we started already? Have we completed? Soon. No. And not yet. > It's difficult to tell. There was talk of starting at 12:00GMT (about 6 > AM here on the east coast), but there was no 'start now' message to > the list. At Adam's site, I can see that 'project 11fa' has been > completed, but the key (000000001234) looks like test data. Yes confusion abound. Dead mailer for me, Piete away for a while (back now). Rest assured big announce of a deadline when it is fixed, with plenty of warning. Perhaps a start time of day which is more convenient would be better, also for people using WWW, few likely to be around at 6AM, perhaps later in the day, when the time is decided. > If I try to allocate keys, I get the 600 SLEEP 3600 message, which > suggests strongly that the seach has not started yet. Yes, correct. For people with the unix client, this means they can leave the client running already, and it will sleep in 1hr chunks, until there is something on the server to do. > Adam, when you fix a time to start the search, could you: > > 1. Send a message to the list, clearly saying so, and giving the > time. Okay will do. Adam From wilcoxb at nagina.cs.colorado.edu Tue Aug 22 13:43:17 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Tue, 22 Aug 95 13:43:17 PDT Subject: True Names and Webs of Trust In-Reply-To: <199508221446.KAA00931@skyclad.lcs.mit.edu> Message-ID: <199508222043.OAA17349@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > Key signatures exist for one reason and one reason only: To thwart > man-in-the-middle attacks. Whether your "persistent persona" is a > True Name (tm) or a pseudonym is irrelevant. > Zimmermann clearly understood all of this, but I don't think he > documented it properly. In my opinion, everyone should always think > in terms of man-in-the-middle attacks when signing a public key. > Mandating "True Names" is just an overconservative approach suitable > for people who don't fully understand the issue. My point exactly. My post "Stop Fixating on True Names" was an attempt to clarify things to said people. Look at it this way: leaving aside the fact that a Man-In-The-Middle has to do a little more fast footwork than a normal old eavesdropper does, public key cryptography does not actually give you *any* advantage over symmetric-key cryptography except for this one fact: You can ask George what Alice's public key is, but you can't ask him what her-and-your shared (symmetric) secret key is! - From this perspective, the Web of Trust is the soul of public-key cryptography. From the other perspective ("Never ever sign a key which you got off of a bulletin board!" warns "pgpdoc1.txt") it is a cute anachronism. By the way, you mentioned "people who don't fully understand the issue"-- a brief survey of e-mail and posts I have seen on this subject indicates to me that even knowledgeable people like the cypherpunks are about evenly split on whether they appreciate this concept or not. [note: I've been cc:'ing messages to c'punks accidentally after I upgraded to mh. My apologies. At least they weren't completely without relevance...] Bryce Announcement: I have had technical difficulties. If you sent me e-mail between Aug 5 and Aug 20 and didn't receive a response, please re-send. signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDpBPfWZSllhfG25AQFvuAP/a6vSu4OgkDAXTRWif46/chb1+Owo2TBx YEWSzp4PRYTL1ZwrC1eOtx37miGUzvsGooXOEPfEpC4oW3f0Jg6BHanXabhegJyb t09m8IlaeD38IKATnzcC7VeeU0sWuWUea1vFJw28oZv0VOgGSeeFcYE4DA/oOtRD oqTFfG+GM7w= =LFIz -----END PGP SIGNATURE----- From aba at dcs.exeter.ac.uk Tue Aug 22 13:47:09 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Tue, 22 Aug 95 13:47:09 PDT Subject: C$ prize for bruting Hal's next challenge? Message-ID: <2307.9508222046@exe.dcs.exeter.ac.uk> Lucky Green writes: > > [me on donating to the c$ prize fund for Hal's 2nd challenge] > I like the idea, but there are two problems with it: > -Not all platfoms let you save e$ to a file. You got to open a shop. > -Leaving the shop ID blank won't work. You got to use @ (wildcard) for shop > ID to turn e$ into a bearer certificate. > > Get the shop going and I'll donate e$50 Okay, a quick email conversation with Mark Grant as to how one goes about doing shops via cgi/www, and a brief bit of fiddling, and here we are: http://dcs.ex.ac.uk/~aba/sslprize.html Just click on amount to donate to the pot. Pay in parts if the amount you want isn't there (ie 15 c$ = 5 c$ + 10 c$). cpunks + ecm folks + digicash enthousiasts, accepting your c$ donations now! Adam From syrinx at c2.org Tue Aug 22 15:07:56 1995 From: syrinx at c2.org (Syrinx Anonymous Remailer) Date: Tue, 22 Aug 95 15:07:56 PDT Subject: URGENT ANOTHER SCIENTOLOGY RAID: FACTNET Message-ID: <199508222202.PAA23454@infinity.c2.org> FORWARDED FROM: alt.religion.scientology Believe it or not, Co$ has just struck again! I just talked with Lawrence Wollersheim of FACTNet in Golden, Colorado. As I type (10:20 a.m. PDT), Federal marshals are looking on as Co$ goons grab all of FACTNet's computers, records, archives, and on and on. Look for more information shortly. Please post this EVERYWHERE. Get the word out! -------------------------------------------------------- A special note to T.C. May: These are nice people, eh. Three raids for posting unsealed court documents. Get a clue Tim! From patl at eiffel.lcs.mit.edu Tue Aug 22 16:17:39 1995 From: patl at eiffel.lcs.mit.edu (Patrick J. LoPresti) Date: Tue, 22 Aug 95 16:17:39 PDT Subject: True Names and Webs of Trust In-Reply-To: <199508221446.KAA00931@skyclad.lcs.mit.edu> Message-ID: <199508222317.TAA09558@eiffel.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- >> Zimmermann clearly understood all of this, but I don't think he >> documented it properly. In my opinion, everyone should always >> think in terms of man-in-the-middle attacks when signing a public >> key. Mandating "True Names" is just an overconservative approach >> suitable for people who don't fully understand the issue. wilcoxb> My point exactly. My post "Stop Fixating on True Names" was wilcoxb> an attempt to clarify things to said people. Then you didn't clarify very well; to wit: wilcoxb> Okay now does anyone want to do any of the above two things wilcoxb> to me? If not then *don't* *worry* about whether my public wilcoxb> key is signed by anyone or not. It makes zero difference to wilcoxb> you until such a time as one of the above motivations wilcoxb> acquires. wilcoxb> Zimmermann et al. were/are naive to emphasize the Web of wilcoxb> Trust as a means of introducing strangers. The first paragraph clarifies nothing because it is dead wrong; the second because it is arrogant, offensive, and dead wrong. wilcoxb> From this perspective, the Web of Trust is the soul of wilcoxb> public-key cryptography. From the other perspective ("Never wilcoxb> ever sign a key which you got off of a bulletin board!" wilcoxb> warns "pgpdoc1.txt") it is a cute anachronism. The Web of Trust is a means of thwarting active attacks; nothing more, nothing less. "Perspective" has nothing to do with it. Given that active attacks are hard to explain and understand fully, the PGP docs are correct to advocate a conservative approach to signing keys. Novices *should* be taught to take the Web of Trust seriously. (Yes, I am retracting my own statements quoted above; the more I think about it, the more I think it is very hard to teach a novice the details of active attacks.) Moreover, I suspect that active attacks are more likely today than when those docs were written, which makes their advice precisely the opposite of an "anachronism". -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMDpleHr7ES8bepftAQE0KgQAoAg5QeXwbtZzKMliNH63f3Ewvxz1g8gR vlTPwZ8YRWANxFFbhN03DMo6HQI78f/8VnbvOB8osZz/aLQgmyuw6Q201vfHbbtu gKpfLBPLu/Cl2JEk6FK58IYyvrTPZ7XKfp80LoRIby/pSU2uL7K2+7vfjGWGvjvY V9s9mJUCGN8= =OBD5 -----END PGP SIGNATURE----- From monty.harder at famend.com Tue Aug 22 17:44:17 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Tue, 22 Aug 95 17:44:17 PDT Subject: Third World Man Message-ID: <8AFA46B.0003000359.uuout@famend.com> TC> When a certain character in a television show referred to "Third World TC> mutants," he was also referring to "your basic brown types." (His words, TC> not mine. Ten credits to anyone who can identify the t.v. show and the TC> character.) "Hill Street Blues", Lt. Howard Hunter. TC> The term "Fourth World" has in the last 20 years come to refer to the TC> countries which are so impoverished as to be almost hopeless. Bangla Desh TC> is the canonical Fourth World nation. Cyberia is the "Fifth World", akin to the "Fifth Dimension". Let the sun shine.... * I love my country. * I fear my government. --- * Monster at FAmend.Com * From tcmay at got.net Tue Aug 22 18:24:16 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 22 Aug 95 18:24:16 PDT Subject: Third World Man Message-ID: At 11:50 PM 8/22/95, MONTY HARDER wrote: >TC> When a certain character in a television show referred to "Third World >TC> mutants," he was also referring to "your basic brown types." (His words, >TC> not mine. Ten credits to anyone who can identify the t.v. show and the >TC> character.) > > "Hill Street Blues", Lt. Howard Hunter. Congratulations! Two other people said "Archie Bunker"/"All in the Family." A good guess, but it was indeed Howard. >TC> The term "Fourth World" has in the last 20 years come to refer to the >TC> countries which are so impoverished as to be almost hopeless. Bangla Desh >TC> is the canonical Fourth World nation. > > Cyberia is the "Fifth World", akin to the "Fifth Dimension". Let the >sun shine.... The dawning of the age of Aquarius? --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From mfroomki at umiami.ir.miami.edu Tue Aug 22 20:15:27 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Tue, 22 Aug 95 20:15:27 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: <199508220238.TAA22713@ix5.ix.netcom.com> Message-ID: On Mon, 21 Aug 1995, Bill Stewart wrote: > can be substantial even if the suit is bogus.) Under what conditions do > you expect somebody to sue a CA? CA certifies key saying that holder has corporate power to enter into deals upto $1million. Keyholder commits fraud, arguably outside corparate powers. CA certifies you are Jack Ripper based on phony id. In fact you are Sam Spade. CA sued for recovery of ensuing fraud. CA certifies that a document is authentic and time-stamps it. Lawyers did not do due dilligence, books were cooked, everyone who touches document gets sued. In each of these cases, if the CA did exactly what it promises and no more, it (arguably) deserves a way to short-circuit the suit, thus keeping its costs down. Since (in the absence of any rules given the newness of the technology) it is very likely that a rich CA would get nuisance suits every time a deal in which it particiapted went sour, the absence of rules will either raise costs CAs have to charge (e.g. to buy insurance) or will keep rich folk out of the industry (which isn't good either, since you want CAs to buy security and to last). Thus the need for clear liability rules. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm From dave at esi.COM.AU Tue Aug 22 20:35:07 1995 From: dave at esi.COM.AU (Dave Horsfall) Date: Tue, 22 Aug 95 20:35:07 PDT Subject: Export policy change In-Reply-To: <9508182218.AA04527@ch1d157nwk> Message-ID: Heck, you Americans need to store your keys in a foreign country; I have a floppy-based CP/M box that looks ideal for the job (I have LOTS of those 5-1/4" DSDD floppies). Did I mention that my drives are a bit unreliable? And my son likes to pull floppies apart? -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2DAA.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | D8 15 71 F9 26 C8 63 40 5E 63 5C 65 FC A0 22 99 From stevenw at iglou.com Tue Aug 22 20:41:42 1995 From: stevenw at iglou.com (Steven Weller) Date: Tue, 22 Aug 95 20:41:42 PDT Subject: e$: The Book-Entry/Certificate Distinction Message-ID: >At 2:30 AM 8/22/95, Timothy C. May wrote: >> (An important point is that >>in a cash economy, identity is almost irrelevant. It's only in non-cash, or >>"account-based," economy that True Names are demanded. Lots of interesting >>issues to discuss here, which I won't now.) [Lots of interesting discussion deleted] >Everyone trusts their transactions because of the difficulty of forging >certificates. That means that once again, a certificate has it's own >inherent worth. It speaks for itself, and when it changes hands, the trade >is, as Eric Hughes says, "immediately and finally" cleared and settled. >The overhead of keeping books is gone, at least for the trading parties, >and especially for the clearing houses, who, like exchanges, just kind of >disappear, along with any way to regulate them. Somewhere, Joe Kennedy, >the first Chairman of the Securities and Exchange Comission, is probably >either crying his eyes out or laughing his head off, depending on your >interpretation of his role in regulatory history. In such a system, where does credit come in? If I have a certificate that is worth X, then does the recipient know that it's from my "credit card"? How do I obtain credit, and in what form does it exist? Furthermore, how do we assess the value of real physical things in a system like this? -- Steven Weller +1 502 454 0054 (voice) OS-9 Consultancy and Software +1 502 451 5935 (fax) Finger for public key 00 02 3C 2F 83 76 D3 77 2A 95 E8 90 94 9A 9D 74 http://iglou.com/windsorgrp stevenw at iglou.com or realtime at well.sf.ca.us From dave at esi.COM.AU Tue Aug 22 21:39:35 1995 From: dave at esi.COM.AU (Dave Horsfall) Date: Tue, 22 Aug 95 21:39:35 PDT Subject: Third World Man In-Reply-To: <9508211648.AA17528@toad.com> Message-ID: On Mon, 21 Aug 1995, Peter Trei wrote: > First world: Western (and Westernized) nations > Second world: Communist bloc > Third world: The rest, mostly poor nations. That's pretty much how I learned it in school, back in the 60s. Mind you, "third world" wasn't an insult then. I also heard another version: 1st world was Europe/Asia (cuz they were there first), 2nd world was America (they got discovered later), and 3rd was everybody else. -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2DAA.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | D8 15 71 F9 26 C8 63 40 5E 63 5C 65 FC A0 22 99 From jcaldwel at iquest.net Tue Aug 22 21:47:30 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Tue, 22 Aug 95 21:47:30 PDT Subject: DES & RC4-48 Challenges In-Reply-To: <199508221656.MAA14641@petrified.cic.net> Message-ID: Alex Tang wrote: > > On Tue Aug 22 12:26:49 1995: you scribbled... > > > > > > [stuff about running crypto screensavers] > > > > It seems like there's got to be an easy way to divvy up keyspace on a > > real time basis so that anyone with a few cycles to spare can > > contribute them... > > > > There could be a central server out there, which would keep track of > > what keyspace needs to be swept, etc. > > It seems that the SKSP protocol is a good foundation for just such a plan. > Can screensavers such as After Dark for mac/pc access network protocols? > or would someone have to write a new screensaver alltogether. Afterdark is just a program that always runs in the background. You could program a screensaver/timeslice stealer...even by modem... And with Windows new 'features' you can get someone to install this at the click of a button..from an email message, Ha!.... From wilcoxb at nagina.cs.colorado.edu Tue Aug 22 22:00:40 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Tue, 22 Aug 95 22:00:40 PDT Subject: True Names and Webs of Trust In-Reply-To: <199508222317.TAA09558@eiffel.lcs.mit.edu> Message-ID: <199508230500.XAA23861@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- patl> Zimmermann clearly understood all of this, but I don't think he patl> documented it properly. In my opinion, everyone should always patl> think in terms of man-in-the-middle attacks when signing a public patl> key. Mandating "True Names" is just an overconservative approach patl> suitable for people who don't fully understand the issue. wilcoxb> My point exactly. My post "Stop Fixating on True Names" was wilcoxb> an attempt to clarify things to said people. patl> Then you didn't clarify very well; to wit: wilcoxb> Okay now does anyone want to do any of the above two things wilcoxb> to me? If not then *don't* *worry* about whether my public wilcoxb> key is signed by anyone or not. It makes zero difference to wilcoxb> you until such a time as one of the above motivations wilcoxb> acquires. You are quite right that this paragraph was unclear. I meant "don't worry about whether my public key is signed where signing means certifying the mapping between my key and my physical identity.", not "don't worry about whether my public key is signed where signing means certifying the mapping between my key and a perceived identity of mine.". It is unfortunate that a PGP key-signature has such ambiguous semantics, but again it is my fault for being unclear above. wilcoxb> Zimmermann et al. were/are naive to emphasize the Web of wilcoxb> Trust as a means of introducing strangers. patl> The first paragraph clarifies nothing because it is dead wrong; the patl> second because it is arrogant, offensive, and dead wrong. Pshaw. I think it's funny when people gasp in horror if you say something disrespectful of Saint Phil. Here, I'll say it again: Zimmermann was naive to emphasize the Web of Trust as only legitimate for public key<->Real-Life-identity mappings. In the future such mappings will be rare, while the Web of Trust will be used extensively for public key<->virtual-identity mappings. (The alert observer will notice that I changed some things between the first and second invocations of the Disrespectful Assertion. This is because when I wrote the first version I was still confused about the ambiguity between "Web of Trust as set of key<->Real-Life-identity mappings" and "Web of Trust as set of key<->identity mappings".) patl> Given that active attacks are hard to explain and understand fully, I'll say! I'm having a very hard time understanding all of this clearly. patl> the PGP docs are correct to advocate a conservative approach to patl> signing keys. Novices *should* be taught to take the Web of Trust patl> seriously. (Yes, I am retracting my own statements quoted above; the patl> more I think about it, the more I think it is very hard to teach a patl> novice the details of active attacks.) Be that as it may, I still think that Zimmermann assumed that key<->real-life-identity mappings would be the primary purpose for the Web of Trust when he wrote "pgpdoc1.txt". And I think he was wrong about that. It is not "arrogant" or "offensive" to say that someone was wrong when you believe that to be the case. patl> Moreover, I suspect that active attacks are more likely today than patl> when those docs were written, which makes their advice precisely the patl> opposite of an "anachronism". Furthermore, Phil's advice to only sign keys which you have physically verified actually makes it easier for an attacker to get In-The-Middle-Of you and me. This is because there is no Web of physically-verified keysigs between you and me. If Phil had recommended treating public keys as being equivalent to net.personas, and verifying them as such, (or better yet, had provided a certificate mechanism to do so in *addition* to the current certificates) then there would be a Web of non-physically-verified keys between you and me, which would be much harder for an attacker to subvert. Since you and I do not share any such Web, we are not any better off than if we were using symmetric-key cryptography, as far as privacy goes! (Authentication is of course another matter.) Ah, the irony. By insisting on maximally-strong links between each node in the Web, you generate a much weaker Web than if you allowed weaker individual links in greater quantity. Thank you for your correspondance, Patrick and others. I look forward to more constructive interaction. Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDq0kfWZSllhfG25AQERJAQAglcIqszrEeWmrbL1E/SxpdRK+3B8zKC9 g7H6fd6T6D8BnYv6u4wmlU+F8fyFT0V6cVa5BZ6Defmc6phvYD9wKyleuaYjRaOP tVd8tITqpoIkmpK1+skCiV5CUl5eseKQJUlUa2LX4J8Lh9J6t9ZRm6p72ocJ88JL hnOknxRHz/M= =Pes4 -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Aug 22 22:40:47 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 22 Aug 95 22:40:47 PDT Subject: The sorry state of non-US crypto Message-ID: <199508230536.BAA02012@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- I just spent an hour surfing the various crypto/cypherpunks web sites. In this hour I did not come across a single non-US site that carried anything else but PGP. Most non-US sites just carry rants about the evil ITAR, and a few carry the various international versions of PGP. That's it. I know that there are several European ftp sites that have other cryptographic software as well, but I sure as hell can't find them by browsing the web. One would think that at lest some of the major homepages (Virtual library, etc) carry links to such sites. Who cares if someone violates ITAR, if overseas users can't find the exported software? - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDq+LSoZzwIn1bdtAQGfJAF7B/XTP5VHlvTLgVRcrDHGX9kcLOANI7OE oQbdMFG6K9V7URHL7HV4N7EaAo+TriRp =Ocb0 -----END PGP SIGNATURE----- From hal9001 at panix.com Tue Aug 22 23:00:33 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Tue, 22 Aug 95 23:00:33 PDT Subject: Third World Man Message-ID: At 22:25 8/21/95, Timothy C. May wrote: >When a certain character in a television show referred to "Third World >mutants," he was also referring to "your basic brown types." (His words, >not mine. Ten credits to anyone who can identify the t.v. show and the >character.) Archie Bunker? All in the Family (I think is the show title). From jamesd at echeque.com Tue Aug 22 23:01:55 1995 From: jamesd at echeque.com (James A. Donald) Date: Tue, 22 Aug 95 23:01:55 PDT Subject: (Fwd) 1995 Nanotechnology Conference Message-ID: <199508230601.XAA02627@blob.best.net> At 11:00 AM 8/21/95 -0800, J. Kent Hastings wrote: >Doesn't quantum coherence require molecular precision if it >is to work on 1024 bit PGP keys? If it works, such keys can >be instantly factorized. It would be nice to follow that progress. It requires molecular precision if it is to work on anything interesting: Cracking 1024 bit keys is a long way down the road. Long, long, before quantum computers crack 1024 bit keys, many technological changes will radically and fundamentally change human existence. Quantum computers have many potentials far more imminent and exciting than breaking PGP keys. (Not that they are all that imminent.) Long, long, before quantum computers crack 1024 bit keys, quantum cryptography will become useful and routine. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From seawolf at challenger.atc.fhda.edu Tue Aug 22 23:19:55 1995 From: seawolf at challenger.atc.fhda.edu (Sameer R. Manek) Date: Tue, 22 Aug 95 23:19:55 PDT Subject: PGP for pine In-Reply-To: <199508230536.BAA02012@bb.hks.net> Message-ID: Does anyone know of an addon to the Pine mailer that supports PGP? the only PGP software i could find required me to first compose a letter in an editor then run it through a pgp signature program then finally read it into my favorite mailer. I'm looking for something that is hopefully transparent, or if not relatively quick to do. ________________________________________________________________________ Sameer Manek Seawolf at challenger.atc.fhda.edu ________________________________________________________________________ From carolann at censored.org Tue Aug 22 23:54:57 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Tue, 22 Aug 95 23:54:57 PDT Subject: The sorry state of non-US crypto Message-ID: <199508230654.XAA20796@mailhost.primenet.com> On August 23rd, Lucky Green succintly stated: Who cares if someone violates ITAR, if >overseas users can't find the exported software? Lucky, all we (I) can do is keep sending them the stuff. All it takes is just one person to really learn that a lot of folks are in this. When they do that they don't have to be so 'secretive' about their actions. I just try to remind myself, "I'm just an electronic envelope maker", that's all. I also like to think I'm lucky enough to get a job in marketing the stuff. Love Always, Carol Anne -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From wilcoxb at nag.cs.colorado.edu Wed Aug 23 00:21:07 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Wed, 23 Aug 95 00:21:07 PDT Subject: PGP for pine and other Unix programs In-Reply-To: Message-ID: <199508230719.BAA01349@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > Does anyone know of an addon to the Pine mailer that supports PGP? > the only PGP software i could find required me to first compose a > letter in an editor then run it through a pgp signature program > then finally read it into my favorite mailer. > > I'm looking for something that is hopefully transparent, or if not > relatively quick to do. My "Bryce's Auto-PGP" fits the bill. It is an sh script so it can be integrated without too much trouble into Pine, Elm, trn, tin, mh, etc etc. I have personally tested it with Pine so I know it'll work. You can e-mail me for a beta copy, or you can ask for a v1.0 copy if you don't mind waiting an unspecified amount of time for beta-testing to finish. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDrWWfWZSllhfG25AQEpXQP+ISF5DNtNa/SbceUTPzFkHLO7YFoV01+S t91Tt488GplyFQrimqbJpRTRtdxNjt4fR7o23F9kbRkPRtD3zQPxi0/jjT29JrNU Oi0eiteq2FpgAoevMdkfwdsVKupW2fb78jNnz2490JHM/Zr1CvOH+2bwziQ1i8hR 5y48rjUrLTE= =DQYq -----END PGP SIGNATURE----- From paul.elliott at hrnowl.lonestar.org Wed Aug 23 00:22:05 1995 From: paul.elliott at hrnowl.lonestar.org (Paul Elliott) Date: Wed, 23 Aug 95 00:22:05 PDT Subject: CypherRant: Reasons why private cryptography should not be regulated. Message-ID: <303ac1bd.flight@flight.hrnowl.lonestar.org> -----BEGIN PGP SIGNED MESSAGE----- CypherRant: Reasons why private cryptography should not be regulated. Paul Elliott is solely responsible for this document. Please distribute widely. FBI director Freeh has been going around pushing his stupid plans for cryptography regulation. Usually, these plans take the form of some kind of mandatory key escrow. Mandatory key escrow schemes are requirements that encryption keys be given to government agencies with the promise that the keys will not be used without a warrant. Now let me give some reasons why Freeh's requests should be ignored. 1) It is unconstitutional! a) First amendment. Electronic communications are a form of speech and the cryptography regulations try to regulate this speech to a form the government understands. Congress shall make NO LAW ....or abridging the freedom of speech or of the press; ... They really meant it! b) Second amendment. Cryptography is arms. Even U.S. government ITAR regulations admit this. Therefore cryptography is protected by Second amendment. c) Ninth & tenth amendments. Article I section 8 does not give congress the power to tell us what computer software we can run on our computers. Therefore that power remains with us, and we should be able to run whatever cryptography software we want the displeasure of congress not withstanding. d) The power to search, if a warrant exists, which is mentioned by the fourth amendment, does not grant the government the right to succeed in finding what the it is looking for. In other words the power to search, is not a power to guarantee a successful search. It is not a power to require citizens to run their lives in such a manner that any government search will be successful. For more information on this, see the following World Wide Web url: http://www.clark.net/pub/cme/html/avss.html Since all Senators and Congressmen take an oath to preserve and defend the constitution of the U.S., this should be the end of the argument. However, watching some of the stupid laws that have come out of congress in past years, tells me I should supplement the above with additional argument. I am not a lawyer and I am not trying to be one. I have no opinion as to whether private cryptography regulations will be found unconstitutional. There are a number of cases where out courts have made decisions which do great violence to the plain meaning of the text of our constitution. Knowing what the courts will actually do is the business of lawyers. Understanding the constitution so that one may know what the courts should do should be the business of every citizen. 2) The excellent NRA argument "when guns are outlawed only outlaws will have guns" applies with equal force to cryptography! Professional criminals will circumvent with ease any government regulations on cryptography. Billions of bytes travel the internet yearly. The techniques of steganography make it absolutely trivial for any motivated person to conceal any encrypted messages. The Big Brother cryptography regulations will affect only ordinary citizens. 3) Cryptography is already in use by legitimate business. Any government regulation of cryptography will probably cost huge amounts of money for software and hardware costs for existing systems to be changed to a form that the government approves. The existing ITAR regulations probably cost the U.S. economy large amounts of money because U.S. companies can not market cryptography software internationally. By discouraging private cryptography, the ITAR regulations probably enables a large amount of computer crime since it makes it difficult for people to protect themselves. The ITAR regulations have not and can not prevented strong cryptography from making it outside the U.S. How many tons of cocaine illegally enter the U.S. every year? Yet the government ITAR regulations propose to regulate the export of software that can fit in a shirt pocket, or travel by wire concealed with billions of bytes of data that leave the U.S. every year. It is time for the U.S. government to start living in the real world! According to an article in the August 17, 1995 Wall Street Journal, ITAR regulations have required Netscape to use inferior encryption methods in the international version of its World Wide WeB browser software. This inferior encryption method has actually been broken by a French Hacker! Because of its computational intensity, this weakness in the encryption method does not represent an immediate danger. However as more powerful computers continue to develop, this and similar vulnerabilities will present a danger for those who wish to use the internet for commerce. 4) These regulations make it impossible for an individual to have greater privacy than the U.S. government. The Adlrich Ames case makes it clear that the U.S. is incompetent to keep a secret. 5) The proposed regulations require the American people trust the government, but on the contrary, the government should be required to trust the American people. Recent news stories (Waco ect.) make it clear that it is common for government agents to lie to get a search warrants. Government should be viewed as George Washington did as "a fearful servant and a dangerous master". A recent poll conducted by the Americans Talk Issue Foundation said 76% of the people questioned responded that they rarely or never trust "government to do what is right". This mistrust is well founded. At the same time as administration sources were saying that key escrow schemes would remain voluntary, FBI, NSA, and DOJ experts were saying that the schemes must be made mandatory if they were to be at all effective. If the government is willing to lie to establish a key escrow key system, what makes us believe that the government will not lie when applying for warrants to use that system? 6) It is too humiliating to require a free people to participate in the establishment of their own surveillance prisons. This is what key escrow requires. Consider the words of our revolutionary heritage: Those who would sacrifice essential freedoms for temporary safety deserve neither. Benjamin Franklin If ye love wealth greater than liberty, the tranquility of servitude greater than the animating contest for freedom, go home from us in peace. We seek not your counsel, nor your arms. Crouch down and lick the hand that feeds you; and may posterity forget that ye were our countrymen. Samuel Adams Do you think that these men would approve the government's key escrow requests? This information can also be found at the following url: http://www.efh.org/pgp/rant.html - -- Paul Elliott Telephone: 1-713-781-4543 Paul.Elliott at hrnowl.lonestar.org Address: 3987 South Gessner #224 Houston Texas 77063 -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBMDpEYfBUQYbUhJh5AQHMtgP9HbCfKge22z/4jFi2MKLXqWkYB4vkIFsJ 43J7zdoDIRbfOeoMBNCFOGeIHGQ5TGL1+VFVhRMrzTZEPs/dciqc81O0YlnhiiIR L7Lz06Jlzg2xLtaeaTQjrGewKTT9LeWXpqFSWtpe0xxAqaZ/11ompTAHm0A6NxhU r4QXaBaEzfg= =Axac -----END PGP SIGNATURE----- From enzo at ima.com Wed Aug 23 00:23:41 1995 From: enzo at ima.com (Enzo Michelangeli) Date: Wed, 23 Aug 95 00:23:41 PDT Subject: The sorry state of non-US crypto In-Reply-To: <199508230536.BAA02012@bb.hks.net> Message-ID: On Wed, 23 Aug 1995, Lucky Green wrote: > I just spent an hour surfing the various crypto/cypherpunks web sites. In > this hour I did not come across a single non-US site that carried anything > else but PGP. Most non-US sites just carry rants about the evil ITAR, and > a few carry the various international versions of PGP. That's it. I know > that there are several European ftp sites that have other cryptographic > software as well, but I sure as hell can't find them by browsing the web. Try these URL's: Italy: ftp://ftp.dsi.unimi.it/pub/security/crypt/ UK: ftp://ftp.ox.ac.uk/pub/crypto/ Croatia: http://pgp.rasip.fer.hr/ Germany: ftp://ftp.darmstadt.gmd.de/pub/crypto/ From zeus at pinsight.com Wed Aug 23 01:07:38 1995 From: zeus at pinsight.com (J. Kent Hastings) Date: Wed, 23 Aug 95 01:07:38 PDT Subject: (Fwd) 1995 Nanotechnology Conference Message-ID: <199508230807.BAA25567@utopia.pinsight.com> -- [ From: J. Kent Hastings * EMC.Ver #2.5.02 ] -- On Tuesday, 22-Aug-95 11:00 PM, James A. Donald, (jamesd at echeque.com) wrote: >At 11:00 AM 8/21/95 -0800, J. Kent Hastings wrote: >>Doesn't quantum coherence require molecular precision if it >>is to work on 1024 bit PGP keys? If it works, such keys can >>be instantly factorized. It would be nice to follow that progress. >It requires molecular precision if it is to work on anything interesting: Cracking >1024 bit keys is a long way down the road...[praises other applications] Tim says that quantum codebreaking and nanotech ain't gonna happen, because of things he explained in the past on the list, now available in the archive. I found a great Web version of the cypherpunks archive at http: //www.hks.net/cpunks/index.html and will indeed catch up on the quantum coherence subject. RSA Data Security printed an article in their newsletter, by one of the inventors of working quantum cryptography, which stated that there is a risk of cracking RSA because of efficient hardware factorization. Why would they make this up about their own product? OK Tim, I'll catch up before making further comments on quantum codebreaking. Now about nanotech: The Moore(?) scale mentioned here says the processing power of hardware capacity doubles every 12 or 18 months for a given amount of money. In about 20 years only nanotech will be on the curve. Will hardware progress just come to a grinding halt then or what? What's going on here? I thought cpunx were pro-nanotechnology. Kent -- Check out Neil Schulman's new book, http://www.pinsight.com/~zeus/jneil/ J. Kent Hastings -- zeus at pinsight.com -- http://www.pinsight.com/~zeus/ From shamrock at netcom.com Wed Aug 23 01:17:58 1995 From: shamrock at netcom.com (Lucky Green) Date: Wed, 23 Aug 95 01:17:58 PDT Subject: The sorry state of non-US crypto Message-ID: At 15:24 8/23/95, Enzo Michelangeli wrote: >Try these URL's: > >Italy: ftp://ftp.dsi.unimi.it/pub/security/crypt/ >UK: ftp://ftp.ox.ac.uk/pub/crypto/ >Croatia: http://pgp.rasip.fer.hr/ >Germany: ftp://ftp.darmstadt.gmd.de/pub/crypto/ But how is the average non-US web surfer to supposed to find them, if even I (who at least knows about the various CP sites) can't even locate them without asking on the list? [Thanks for the listing, though :-] -- Lucky Green PGP encrypted mail preferred. From asgaard at sos.sll.se Wed Aug 23 01:25:42 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Wed, 23 Aug 95 01:25:42 PDT Subject: The sorry state of non-US crypto In-Reply-To: <199508230536.BAA02012@bb.hks.net> Message-ID: Lucky Green wrote: > a few carry the various international versions of PGP. That's it. I know > that there are several European ftp sites that have other cryptographic > software as well, but I sure as hell can't find them by browsing the web. Hmm... I started from 'scratch' (Yahoo, a popular take-off site) and within 10 min found 'everything' on: ftp://ftp.dsi.unimi.it/pub/security/crypt Mats From nobody at valhalla.phoenix.net Wed Aug 23 01:35:50 1995 From: nobody at valhalla.phoenix.net (Anonymous) Date: Wed, 23 Aug 95 01:35:50 PDT Subject: MD5 in DOS Message-ID: <199508230815.DAA29613@ valhalla.phoenix.net> cpunks, im looking for a md5 binary that will run on dos. can anyone give me a pointer? 10x From sam at inf.enst.fr Wed Aug 23 02:47:19 1995 From: sam at inf.enst.fr (Samuel Tardieu) Date: Wed, 23 Aug 95 02:47:19 PDT Subject: True Names and Webs of Trust In-Reply-To: <199508222317.TAA09558@eiffel.lcs.mit.edu> Message-ID: <"8TnD63.0.a82.oVlEm"@gargantua> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "Bryce" == Bryce Wilcox writes: (in a PGP signed message) [...] Bryce> You are quite right that this paragraph was unclear. [...] Bad signature, doesn't match file content :))) Bryce, why don't you really PGP-sign a mail when you agree you were unclear ? :))) Sam - -- "La cervelle des petits enfants, ca doit avoir comme un petit gout de noisette" Charles Baudelaire -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAgUBMDr36IFdzKExeYBpAQH60gP/ZlbC6alikSBjCsWxf/g2mjDVRNvlcu3P Y1ljl7t1mnkfOag0uGaZVAHzDkcLfq5VrwNPVBpZUJmm0hHcUxyyP63rX42EC0n5 ATA3fnmxsmPrMZsAHYjfzI/kPeCX0xO0Fn8XIAv55BzGPzm8w8hp31x4FwEWn7+O Ip9R7jWTQ1o= =skv6 -----END PGP SIGNATURE----- From syrinx at c2.org Wed Aug 23 03:07:36 1995 From: syrinx at c2.org (Syrinx Anonymous Remailer) Date: Wed, 23 Aug 95 03:07:36 PDT Subject: Let Me Repeat, the Raids Must Be Stopped! A PROFOUND THREAT TO FREEDOM OF SPEECH ON THE INTERNET Message-ID: <199508231002.DAA03500@infinity.c2.org> PLEASE FORWARD TO ORGANIZATIONS AND INDIVIDUALS SUPPORTING FREEDOM OF SPEECH ON THE INTERNET AND TO CIVIL LIBERTIES GROUPS. As many of you may know, the Church of Scientology (CoS), represented by the Religious Technology Center (RTC), whose primary function is to defend their copyrights and trade secrets, performed their third raid/seizure today against an Internet user for alleged copyright infringement. The prior two were against Arnie Lerma last week, and Dennis Erlich back in February. This raid was against FactNet, an organization dedicated to public awareness of various groups it labels as 'cults', including the Church of Scientology, and one of its leaders, Larry Wollersheim. [It is interesting to note that CoS owes $4 million to Larry Wollersheim based on an award by the courts, and affirmed by the Supreme Court. CoS has refused for whatever reason to pay this judgement, and did very questionable moving of assets out of California to avoid paying. Wollersheim has currently deposed the leader of CoS, David Miscavige, to ask him in court what happened to the assets of the California branch of CoS. Mr. Miscavige went into hiding over a year ago and so has not yet been served with this subpoena.] This raid and seizure is technically allowed under current U.S. civil copyright law when certain conditions are met. Congress originally allowed such raids to deal with copyright infringement involving bootleg material, where seizing the equipment used to produce the bootleg materials would effectively halt production until a court could assess the claims of the copyright holder. I am not sure if the Constitutionality of this law has been ruled upon, but in my opinion it oversteps the bounds of the intent of the U.S. Constitution regarding the bounds of search and seizure. Congress passed this law allowing seizure (in 1976) well before the advent of computer networks. The rationale that CoS used in convincing a judge to issue a Writ of Seizure is that seizing the computer equipment will halt the continued duplication of the copyright material, allegedly in violation of the rights of the copyright owner. This rationale does not hold any water when considering the Internet. Once the material is electronically disseminated on the Internet, seizing the computer equipment used to disseminate the material, as well as copies of the material itself, serves no useful purpose to stop the continued dissemination of the material. For example, the perpetrator of the alleged copyright infringement could, if they want to, simply purchase/rent/use a computer with Internet access, copy the material from another site on the Internet (which observation shows exists all around the world regarding the CoS materials), and redisseminate it as before. The only effective remedy is a Temporary Restraining Order (TRO) and a lawsuit against the individual ALLEGED to have infringed on the copyrighted material in excess of Fair Use. Thus, these three raids by CoS were clearly unnecessary. Furthermore, regarding civil liberties, they are even more troubling. In all three raids, the entire computer, related equipment and tapes were seized by CoS for their erasure of the alleged copyright materials, but without ANY court oversight which would filter out data which has no relevance to the matter at hand and which is protected by the right to privacy and other protections. There may also be further protection under the Electronic Privacy Act (or whatever it is called). A lot of private data from many people, not related to the alleged copyright infringements, may have been compromised. Furthermore, these raids serve to stifle Free Speech on the Internet. In essence, CoS is saying to the Internet community: "If WE feel you are disseminating our copyrighted materials in excess of Fair Use (and we will define what Fair Use is), then we will get a Writ of Seizure allowed under U.S. copyright law and take away your computer BEFORE the court decides on whether you exceeded Fair Use." And if much later the court determines that the dissemination was done under Fair Use, then there is no "effective" and "practical" remedy other than filing a laborious and expensive countersuit, which could drag on for years, to the detriment of the individual originally accused of copyright infringement. CoS knows this, and thus they really don't fear the consequences if they overstep their bounds in this matter. And who wants CoS to plaster the Internet and the newsmedia with their propaganda stating that "Federal Marshalls Seized the Computer of John Doe"? We all know that the general public may see John Doe as some criminal of the first order because Federal Marshalls were called in to handle the matter. This also serves to stifle Free Speech. Thus, we must call upon Congress and the courts to fix this "loophole" allowing these unnecessary and, in my opinion, unconstitutional raids/seizures of computer equipment for alleged *civil* copyright infringement in excess of Fair Use. This "loophole" is a clear threat to Freedom of Speech. I call upon electronic freedom activist organizations, such as EFF, and more traditional civil liberties organizations, such as the ACLU, to do something to stop these raids. I think asking a Federal judge to put a *temporary* halt on all such raids pending Federal court review on necessity and constitutional grounds. In addition, we should call on Congress to amend the copyright laws to take into the special aspect of computer networks so as to not allow the trampling of civil liberties that we've seen with the barbaric CoS raids. If you agree with me, do forward this to your Congressperson, to anybody you know involved in civil liberties issues, religious leaders, etc. Become aware and concerned. If you live in the U.S., you could be the next person raided just for exercising your right to Free Speech. Thank you for listening. Jon Noring **************************************************************************** For more information on the Scientology versus Internet "war", check out both alt.religion.scientology on Usenet, and the following Web site, which has links to nearly all Web pages devoted to the Scientology issue: http://www.cybercom.net/~rnewman/scientology/home.html **************************************************************************** -- OmniMedia | The Electronic Bookstore. Come in and browse! Two 9671 S. 1600 West St. | locations: ftp.netcom.com /pub/Om/OmniMedia/books South Jordan, UT 84095 | and ftp.awa.com /pub/softlock/pc/products/OmniMedia 801-253-4037 | E-book publishing service follows NWU recommendations. From schneier at winternet.com Wed Aug 23 03:28:04 1995 From: schneier at winternet.com (Bruce Schneier) Date: Wed, 23 Aug 95 03:28:04 PDT Subject: Applied Cryptography, Second Edition Message-ID: <199508231027.FAA25650@klondike> The second edition to APPLIED CRYPTOGRAPHY will be published in November. This is not just a correction, it is a major update. There are 50% more words in the second edition. The second edition will be published in both hardback and paperback. Wiley is jacking the price a bit, so I am offering a 15% pre-publication discount. Details will be forthcoming when I invent them. Attached is the table of contents. Bruce ************************************************************************** APPLIED CRYPTOGRAPHY - SECOND EDITION by Bruce Schneier Forward by Whitfield Diffie Preface Chapter 1: Foundations Terminology; Steganography; Substitution Ciphers and Transposition Ciphers; Simple XOR; One-Time Pads; Computer Algorithms; Large Numbers Part I: Cryptographic Protocols Chapter 2: Protocol Building Blocks Introduction to Protocols; Communications using Symmetric Cryptography; One-Way Functions; One-Way Hash Functions; Communications using Public-Key Cryptography; Digital Signatures; Digital Signatures with Encryption; Random and Pseudo-Random Sequence Generation Chapter 3: Basic Protocols Key Exchange; Authentication; Authentication and Key Exchange; Formal Analysis of Authentication and Key-Exchange Protocols; Multiple-Key Public-Key Cryptography; Secret Splitting; Secret Sharing; Cryptographic Protection of Databases Chapter 4: Intermediate Protocols Timestamping Services; Subliminal Channel; Undeniable Digital Signatures; Designated Confirmer Signatures; Proxy Signatures; Group Signatures; Fail-Stop Digital Signatures; Computing with Encrypted Data; Bit Commitment; Fair Coin Flips; Mental Poker; One-Way Accumulators; All-or-Nothing Disclosure of Secrets; Key Escrow Chapter 5: Advanced Protocols Zero-Knowledge Proofs; Zero-Knowledge Proofs of Identity; Blind Signatures; Identity-Based Public-Key Cryptography; Oblivious Transfer; Oblivious Signatures; Simultaneous Contract Signing; Digital Certified Mail; Simultaneous Exchange of Secrets Chapter 6: Esoteric Protocols Secure Elections; Secure Multiparty Computation; Anonymous Message Broadcast; Digital Cash Part II: Cryptographic Techniques Chapter 7: Key Length Symmetric Key Length; Public-Key Key Length; Comparing Symmetric and Public-Key Key Length; Birthday Attacks against One-Way Hash Functions; How Long Should a Key Be?; Caveat Emptor Chapter 8: Key Management Generating Keys; Nonlinear Keyspaces; Transferring Keys; Verifying Keys; Using Keys; Updating Keys; Storing Keys; Backup Keys; Compromised Keys; Lifetime of Keys; Destroying Keys; Public-Key Key Management Chapter 9: Algorithm Types and Modes Electronic Codebook Mode; Block Replay; Cipher Block Chaining Mode; Stream Ciphers; Self-Synchronizing Stream Ciphers; Cipher-Feedback Mode; Synchronous Stream Ciphers; Output-Feedback Mode; Counter Mode; Other Block-Cipher Modes; Choosing a Cipher Mode; Interleaving; Block Ciphers vs. Stream Ciphers Chapter 10: Using Algorithms Choosing an Algorithm; Public-Key Cryptography vs. Symmetric Cryptography; Encrypting Communications Channels; Encrypting Data for Storage; Hardware Encryption vs. Software Encryption; Compression, Encoding, and Encryption; Detecting Encryption; Hiding Ciphertext in Ciphertext; Destroying Information Part III: Cryptographic Algorithms Chapter 11: Mathematical Background Information Theory; Complexity Theory; Number Theory; Factoring; Prime Number Generation; Discrete Logarithms in a Finite Field Chapter 12: Data Encryption Standard Background; Description of DES; Security of DES; Differential and Linear Cryptanalysis; The Real Design Criteria; DES Variants; How Secure is DES Today? Chapter 13: Other Block Algorithms Lucifer; Madryga; NewDES; FEAL-N; REDOC; Loki; Khufu and Khafre; RC2; IDEA; MMB; CA-1.1; Skipjack Chapter 14: Still Other Block Algorithms GOST; CAST; Blowfish; SAFER K-64; 3-Way; Crab; SXAL8/MBAL; RC5; Other Block Algorithms; Theory of Block Cipher Design; Using One-Way Hash Functions; Choosing a Block Algorithm Chapter 15: Combining Block Algorithms Double Encryption; Triple Encryption; Doubling the Block Length; Other Multiple Encryption Schemes; CDMF Key Shortening; Whitening; Cascading Multiple Block Algorithms; Combining Multiple Block Algorithms Chapter 16: Pseudo-Random-Sequence Generators and Stream Ciphers Linear Congruential Generators; Linear Feedback Shift Registers; LFSRs in Software; Design and Analysis of Stream Ciphers; Stream Ciphers using LFSRs; A5; Hughes XPD/KPD; Nanoteq; Rambutan; Additive Generators; Gifford; Algorithm M; PKZIP Chapter 17: Other Stream Ciphers and Real Random-Sequence Generators RC4; SEAL; Wake; Feedback with Carry Shift Registers; Stream Ciphers using FCSRs; Nonlinear Feedback Shift Registers; Other Stream Ciphers; System-Theoretic Approach to Stream Cipher Design; Complexity-Theoretic Approach to Stream Cipher Design; Other Approaches to Stream Cipher Design; Cascading Multiple Stream Ciphers; Choosing a Stream Cipher; Generating Multiple Streams from a Single Pseudo- Random Sequence Generator; Real Random-Sequence Generators Chapter 18: One-Way Hash Functions Background; Snefru; N-HASH; MD4; MD5; MD2; Secure Hash Algorithm (SHA); RIPE-MD; Haval; Other One-Way Hash Functions; One-Way Hash Functions using Symmetric Block Algorithms; Using Public-key Algorithms; Choosing a One-Way Hash Function; Message Authentication Codes Chapter 19: Public-Key Algorithms Background; Knapsack Algorithms; RSA; Pohlig-Hellman; Rabin; ElGamal; McEliece; Elliptic Curve Cryptosystems; LUC; Finite Automaton Public-Key Cryptosystems Chapter 20: Public-Key Digital Signature Algorithms Digital Signature Algorithm (DSA); DSA Variants; GOST Digital Signature Algorithm; Discrete Logarithm Signature Schemes; Ong-Schnorr-Shamir; ESIGN; Cellular Automata; Other Public-Key Algorithms Chapter 21: Identification Schemes Feige-Fiat-Shamir; Guillou-Quisquater; Schnorr; Converting Identification Schemes to Signature Schemes Chapter 22: Key-Exchange Algorithms Diffie-Hellman; Station-to-Station Protocol; Shamir's Three- Pass Protocol; COMSET; Encrypted Key Exchange; Fortified Key Negotiation; Conference Key Distribution and Secret Broadcasting Chapter 23: Special Algorithms for Protocols Multiple-Key Public-Key Cryptography; Secret Sharing Algorithms; Subliminal Channel; Undeniable Digital Signatures; Designated Confirmer Signatures; Computing with Encrypted Data; Fair Coin Flips; One-Way Accumulators; All- or-Nothing Disclosure of Secrets; Fair and Failsafe Cryptosystems; Zero-Knowledge Proofs of Knowledge; Blind Signatures; Oblivious Transfer; Secure Multiparty Computation; Probabilistic Encryption; Quantum Cryptography Part IV: The Real World Chapter 24: Example Implementations IBM Secret-Key Management Protocol; Mitrenet; ISDN; STU-III; Kerberos; KryptoKnight; Sesame; IBM Common Cryptographic Architecture; ISO Authentication Framework; Privacy-Enhanced Mail (PEM); Message Security Protocol; Pretty Good Privacy (PGP); Smart Cards; Public-Key Cryptography Standards; Universal Electronic Payment System; Clipper; Capstone; AT&T Model 3600 Telephone Security Device Chapter 25: Politics National Security Agency; National Computer Security Center; National Institute of Standards and Technology; RSA Data Security, Inc.; Public Key Partners; International Association for Cryptologic Research; RACE Integrity Primitives Evaluation; Conditional Access for Europe; ISO/IEC 9979; Professional, Civil Liberties, and Industry Groups; Sci.Crypt; Cypherpunks; Patents; U.S. Export Rules; Foreign Import and Export of Cryptography; Legal Issues Afterward by Matt Blaze Source Code DES; LOKI91; IDEA; GOST; Blowfish; 3-Way; RC5; A5; SEAL; WAKE References From rah at shipwright.com Wed Aug 23 04:11:57 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 23 Aug 95 04:11:57 PDT Subject: e$: The Book-Entry/Certificate Distinction Message-ID: At 12:41 AM 8/23/95, Steven Weller wrote: >In such a system, where does credit come in? If I have a certificate that >is worth X, then does the recipient know that it's from my "credit card"? >How do I obtain credit, and in what form does it exist? You have follow me through the looking glass a little bit here, but remember that we're talking about a world where microprocessors and bandwidth are everywhere. The compute cycles and the bandwidth have to be available for this stuff, but given those, it's easy to see how this works. To replicate a credit card in a certificate bassed scenario, you issue a bond, just like the old days. (Remember that Babylonian clay thingy with "J. Nebbuchanezzar"'s seal on it for three cows?) A bond is a certificate with your signature saying that you'll pay a certain amount of money on a certain date, or that you owe a certain amount of money, and will pay interest at a certain rate to the bearer on a certain schedule, and principal on a certain date, *or* you could issue a bond with coupons that could be sent in to collect the interest. This is what a bank does with a credit card, only the transactions with you are book entries, and nowadays, the bank even lumps your credit card debt with others and then "securitize" them by selling bonds collateralized with that debt on the open market. Now the issuing of personal bonds instead of a book entry credit card work the same way, in that someone has to actually give you the money, and it may be unlikely that a store knows your reputation. It could be that a bank gives you a guarantee, a certificate, to buy your debt up to a certain amount, and that makes your bonds instantly tradable on the market. The store could then sell your bond to the bank, or to the open market, depending on where the price is highest. With enough processing power and bandwidth, it could resold while you're walking out the door with your purchase. > >Furthermore, how do we assess the value of real physical things in a system >like this? "The price of anything is the foregone alternative." (Walter Johnson) Snappy comebacks aside, the price of something, physical or not, has nothing do to with its method of purchase, excluding transaction costs, which for both book entry and certificate economies is measured in processing and bandwidth costs. You advertise your house for a certain price, I pay you the price in digital cash, you give me the deed to the house. QED. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From merriman at arn.net Wed Aug 23 05:04:40 1995 From: merriman at arn.net (David K. Merriman) Date: Wed, 23 Aug 95 05:04:40 PDT Subject: The sorry state of non-US crypto Message-ID: <199508231214.HAA20793@arnet.arn.net> >>Try these URL's: >> >>Italy: ftp://ftp.dsi.unimi.it/pub/security/crypt/ >>UK: ftp://ftp.ox.ac.uk/pub/crypto/ >>Croatia: http://pgp.rasip.fer.hr/ >>Germany: ftp://ftp.darmstadt.gmd.de/pub/crypto/ > >But how is the average non-US web surfer to supposed to find them, if even >I (who at least knows about the various CP sites) can't even locate them >without asking on the list? I, for one, am including them on my homepage (which is now accepting ecash donations :-). Dave Merriman This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From jya at pipeline.com Wed Aug 23 05:37:44 1995 From: jya at pipeline.com (John Young) Date: Wed, 23 Aug 95 05:37:44 PDT Subject: NYS_ize Message-ID: <199508231237.IAA18677@pipe4.nyc.pipeline.com> 8-23-95. NYPaper: "Cyberspace Prophets Discuss Their 'Revolution' Face to Face." Supporters of Newt Gingrich gathered at a conference with the savants of cyberspace to create a common vision for America's future in the digital age. Conservative venture capitalists and self-proclaimed former hippies and anarchists all seemed to agree that America is entering an "information revolution" that will profoundly restructure the political, economic and social landscape. Discussion among the panelists was heavy on theory and often long on egoo. "Checks Delivered Via E-Mail Are Planned." A group of banks and technology companies said yesterday that they would design a system to create "electronic checks" that could be used to make payments over the Internet or other electronic mail systems. Unlike the electronic bill-payment services increasingly offered by banks, electronic checks could be sent directly by customers to their recipients, without going through the bank. The electronic check would contain all the information that is on today's paper checks. In addition, the check would contain a "digital signature," a security code that could prove that the check was authorized by the account holder. Lion to ewe: NYS_ize (13kb) From bboards at optical.bms.com Wed Aug 23 07:02:18 1995 From: bboards at optical.bms.com (Jay Anderson) Date: Wed, 23 Aug 95 07:02:18 PDT Subject: MD5 in DOS In-Reply-To: <199508230815.DAA29613@ valhalla.phoenix.net> Message-ID: <9508231358.AA19405@zymurgy> >>>>> "Anon" == Anonymous writes: Anon> cpunks, Anon> im looking for a md5 binary that will run on dos. can anyone give me a pointer? ftp://oak.oakland.edu:/SimTel/msdos/fileutil/xsum11.zip From perry at piermont.com Wed Aug 23 07:03:06 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 23 Aug 95 07:03:06 PDT Subject: e$: The Book-Entry/Certificate Distinction In-Reply-To: Message-ID: <199508231402.KAA10229@frankenstein.piermont.com> Robert Hettinga writes: > A bond is a certificate with your signature saying that you'll pay a > certain amount of money on a certain date, or that you owe a certain > amount of money, and will pay interest at a certain rate to the > bearer on a certain schedule, and principal on a certain date, *or* > you could issue a bond with coupons that could be sent in to collect > the interest. Actually, what you've just described is general commercial paper, not just a bond. Anything that lists a sum certain in money to be paid on a date certain (with various other parameters, too, like a place) is negotiable commercial paper. Checks, notes, and other instruments are all commercial paper. They are not, by the way, certificates in the sense that I suspect you mean. Perry From aba at dcs.exeter.ac.uk Wed Aug 23 07:17:57 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Wed, 23 Aug 95 07:17:57 PDT Subject: Subject: ANNOUNCE: 2nd SSL challenge - we need your compute! Message-ID: <6253.9508231416@exe.dcs.exeter.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- [a copy of final announce, start time 18:00 GMT, tomorrow (Thu), as posted to a list of USENET groups] This is a request for idle compute time for the brute force of Hal's second SSL challenge. You will likely have read about the brute force crack of a netscape SSL session by Damien Doligez , which was widely covered in the media, and much discussed in this (and other) newsgroups. Damien has information on his breaking of the 1st challenge at: http://pauillac.inria.fr/~doligez/ssl/ Hal Finney has now issued a 2nd challenge, the aim with this challenge is to demonstrate in how short a time an export SSL key can be broken. ie not how soon, but how *quickly* from start to finish (note the distinction), so for this reason we are constructing a virtual start line, and the virtual start gun will fire at: Thu Aug 24 at 18:00 GMT If you are interested to join in, please obtain the sources / binaries for your system in preparation for the start. (Even if you are after the start, join in as it will take a while). Piete Brooks wrote and is hosting the socket server, and WWW pages, see this URL for the socket client and brute forcing software, and WWW forms interface key doler: http://www.brute.cl.cam.ac.uk/brute/ ftp archive (software available by both WWW and ftp): ftp://ftp.brute.cl.cam.ac.uk/pub/brute/ Prize fund - donate c$ for the prize ====================================================================== I have set up a prize fund in c$ (digicash ecash) to add a bit of fun to the proceedings, and stimulate interest in DigiCash (the best ecash on the planet IMO). The prize fund at time of writing is c$ 292.30, and the winner will be the person who hits the key. The person who gets the prize will be encouraged to participate in the ecash market to cash the money in, to increase cash flow (there is currently a shortage of c$ sellers), and to avoid taking the cash out of circluation. Give your c$ donations for the prize fund here: http://dcs.ex.ac.uk/~aba/sslprize.html (or via email: shop-id: SSL-prize-fund, account-id: aba at dcs.ex.ac.uk) The (unofficial) digicash exchange: http://www.c2.org/~mark/ecash/ecash.html Sign up for the Digicash trial (get c$ 100 free on opening account): http://www.digicash.com/ecash/ A couple of things to note, the ecash exchange is not affiliated with digicash, it is an experiment setup by digicash enthousiasts to allow a floating exchange mechanism for buying and selling c$. The other thing to note is that exchange rate is currently (from the exchange above) about 100 c$ = 5 US $. Compiling for some platforms required ====================================================================== We are currently lacking a DOS only version of the BRUTESSL.EXE, this is complicated by the fact that Andrew Roos has 32 bit 80x86 assembly speedups as well as a generic C version in his brutessl application which makes it tricky to get a 32 bit application. (Oh for standard flat 32 bit UNIX). Apparently it is possible using the Pharlap DOS extender software, so if anyone is able to help with this, please contact Piete or myself (Adam). Also (an easier task!) could someone compile a 16 bit one, which we can use to fall back on if the above doesn't work. I did this myself, but my PC HD has probs of it's own at the moment, all you have to do is edit search.c brutessl.h brutessl.c lightly to fix up the macro for rotate left (makes a difference if your compiler supports it), and to make sure that the typedef (I think in brutessl.h) is set up so that word = a long. Don't use the assembly.c but rather the generic C version search.c, that'll make things easier. Any platforms you would like to see pre-compiled binaries for, send them along, the source code is available from the ftp, and http addresses above. A MAC binary would be nice also. More technical things... skip unless you're interested ====================================================================== The socket server which will be doling out the keys is running on: sksp.brute.cl.cam.ac.uk:19957 but you shouldn't need to know that unless you like to know what's going on the client software is wired to use this by default. There is an draft RFC like specification for the SMTP like protocol which the client and server use to talk to each other (SKSP = Simple Key Searching Protocol): http://www.brute.cl.cam.ac.uk/ftp/pub/brute/protocol.txt Who's doing what (who to complain to about things not working :-) ====================================================================== Hal Finney Issued challenge 1 and 2 Piete Brooks hosting www, and socket server, author of unix socket code Andrew Roos wrote brutessl app Andy Brown wrote windows NT client & protocol spec with Piete Adam Back general software questions, prize fund ecash shop Damien Doligez Broke 1st challenge Eric Young \ independently broke 1st challenge also David Byers / Mark Grant WWW Ecash exchange email / www for those poeple: Hal Finney http://www.portal.com/~hfinney/ Andy Brown Piete Brooks http://www.cl.cam.ac.uk/users/pb/ Adam Back http://dcs.ex.ac.uk/~aba/ Andrew Roos Damien Doligez http://pauillac.inria.fr/~doligez/ Eric Young David Byers Mark Grant http://www.c2.org/~mark/ (also lots of other people have offered compute time, and / or contributed technical advice / bug reports etc) Adam Back Piete Brooks -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMDs4MCnIuJ1VakpnAQEG7gQAhQck5IoTQ9/jLcsD903u7yTRKssLJqxx Fxk2MpEWkPfIchD7cD7F4ZgO1gs+q6/rMxzEfS5YUZAb9Z4nCF1EUr2Qf2O5sIWV fFNjVJMCt4clGOQoG1KdJ9Om93JxIGQl2ep7OLc0RdCUFd8wRWC3yPC+2Tl8069m gHRtAJ0My3U= =LWFM -----END PGP SIGNATURE----- From hfarkas at ims.advantis.com Wed Aug 23 07:44:50 1995 From: hfarkas at ims.advantis.com (Henry W. Farkas) Date: Wed, 23 Aug 95 07:44:50 PDT Subject: PGP for pine In-Reply-To: Message-ID: On Tue, 22 Aug 1995, Sameer R. Manek wrote: > Does anyone know of an addon to the Pine mailer that supports PGP? > the only PGP software i could find required me to first compose a > letter in an editor then run it through a pgp signature program > then finally read it into my favorite mailer. > > I'm looking for something that is hopefully transparent, or if not > relatively quick to do. Yes, and me too. Someone sent me a package that relied upon reconfiguring Pine using the alternate editor option as a hook and it has never worked well. This is important. I am trying to convince my co-workers to start using PGP regularly and an easy interface may not be one of the best arguments to make (for encrypting regularly) but it's one that works on lots of people. =========================================================================== Henry W. Farkas | Me? Speak for IBM? Fat chance. hfarkas at ims.advantis.com |------------------------------------------------ hfarkas at vnet.ibm.com | http://newstand.ims.advantis.com/henry henry at nhcc.com | http://www.nhcc.com/~henry --------------------------------------------------------------------------- PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52 B3 80 34 1C CE 38 EC 53 Public key at: pgp-public-keys at pgp.mit.edu, and other popular key servers. --------------------------------------------------------------------------- Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not fast, but it's not bad, and we're cheaper than the guy down the street!" =========================================================================== From nobody at REPLAY.COM Wed Aug 23 07:46:57 1995 From: nobody at REPLAY.COM (Anonymous) Date: Wed, 23 Aug 95 07:46:57 PDT Subject: Upcoming Key Escrow Meetings Message-ID: <199508231446.QAA03234@utopia.hacktic.nl> August 22, 1995 MEMORANDUM From: Ed Roback, NIST Subject: Upcoming Key Escrow Meetings Attached for your information are notices of two upcoming key escrow-related meetings. The first, to be held on September 6-7 at NIST will focus on two principal topics: 1) discussion of finalizing the criteria for the exportability of software key escrow encryption with 64-bit key space; and 2) the desirable characteristics for key escrow agents. The second will be held on September 15 at the Gaithersburg Hilton and will focus on the development of Federal Information Processing Standards for key escrow encryption, specifically to include software implementations. You are invited to attend one or both meetings and, if you so choose, to speak at these meetings. I hope to have sufficient time for discussion, and therefore encourage presentations to be clearly focused on the topic at hand. If you wish to attend, please notify me [sic] secretary, Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov. Also, please let her know if you would like to make a presentation with your recommendations on either topic, or propose an additional topic. If you have any additional questions or suggestions, please feel free to contact me on 301-975-3696. Attachments (2) ---------------------------- Meeting Announcement: Key Escrow Issues The Commerce Department's National Institute of Standards and Technology invites industry representatives and other interested parties to a meeting on September 6 and 7, to discuss issues related to key escrow encryption. While not limited, two principal agenda items for discussion will be: 1) developing the criteria for software key escrow encryption exportability and 2) the desirable characteristics for U.S. key escrow agents. Industry has asked the government for criteria for the export of software key escrow encryption. Rather than simply publishing criteria, however, the Administration desires consultations with industry in preparing final criteria for publication. This session of the meeting will begin with a presentation of the government's perspective of the desirable criteria, followed by a chance for other participants to offer their thoughts on this issue as well as reaction to the federal perspective. Under acceptable criteria, the government is willing to allow for the export of strong cryptography (e.g., DES) when coupled with a key escrow mechanism. It is anticipated that this would be coupled with a one-time product review (e.g., as is the case for RC2/RC4 products) by the Department of State. Following such approval, the Department of Commerce would administer export regulations. The second session of the meeting will address the desirable characteristics of acceptable U.S. escrow agents. Clearly, if export of key escrow encryption products will be allowed, the cryptographic keys must be stored with some entity. This session will address the criteria for the approval of such organizations. It may also discuss what sort of legal protections, if any, may be necessary to provide, for example, against unauthorized release of encryption keys. Follow-up meetings to both issues may be necessary. Other related topics may be included, time permitting. Note that a separate meeting has been scheduled for 9/15/95 to discuss the development of federal standards for key escrow encryption. Government representatives will attend from the Office of Science and Technology Policy, the Department of State, the Department of Justice, the Department of Commerce, the National Security Agency, and the Federal Bureau of Investigation. If you would like to make a presentation with your recommendations on either topic, or propose an additional topic, please contact Ed Roback at NIST on 301-975-3696. Presentations may be limited in length to accommodate all speakers. The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov. The meeting will be held at the NIST in Gaithersburg, Maryland. 8/17/95 --------------------------- Workshop Announcement: Developing Federal Key Escrow Standards On September 15, 1995, the Commerce Department's National Institute of Standards and Technology will hold an exploratory workshop on developing Federal Information Processing Standards (FIPS) for key escrow encryption, specifically to include software implementations. This effort is being initiated to further the Administration's commitment to federal use of key escrow encryption. Industry representatives and other interested parties are invited to the workshop to provide their perspectives on the desirable characteristics of key escrow encryption standards to NIST and other federal officials. Government representatives also will present their objectives and preliminary approach to this standards development process. Discussion will also include proposals for follow-on activities. For discussion purposes, one initial option for this standards activity may be to create a generic key escrow encryption standard containing criteria for federal use of key escrow techniques implemented in either software or hardware. This high-level standard could then be supplemented with lists of validated key escrow techniques. (Currently FIPS 185, "Escrowed Encryption Standard," a hardware-based standard, is the only FIPS-approved key escrow technique.) Guidance would also be needed to guide selection of appropriate key escrow techniques for particular applications. Key escrowing will be used by federal agencies (and others, if they so choose) in conjunction with FIPS-approved encryption techniques. Development and implementation of such standards are necessary to guide federal agencies in effectively and securely implementing key escrow encryption. If you would like to make a presentation with your recommendations for the development of federal key escrow standards, please contact Ed Roback at NIST on 301-975-3696. Presentations may be limited in length to accommodate all speakers. The meeting is open to the public, although seating is limited to approximately 100 individuals. Advance registration is requested; please call Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov to register. The meeting will be held at Gaithersburg Hilton Hotel, 620 Perry Parkway, Gaithersburg, Maryland. 8/17/95 -- From patl at skyclad.lcs.mit.edu Wed Aug 23 07:55:42 1995 From: patl at skyclad.lcs.mit.edu (Patrick J. LoPresti) Date: Wed, 23 Aug 95 07:55:42 PDT Subject: PGP for pine In-Reply-To: Message-ID: <199508231455.KAA00345@skyclad.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "seawolf" == "Sameer R Manek" writes: seawolf> Does anyone know of an addon to the Pine mailer that seawolf> supports PGP? the only PGP software i could find required seawolf> me to first compose a letter in an editor then run it seawolf> through a pgp signature program then finally read it into my seawolf> favorite mailer. seawolf> I'm looking for something that is hopefully transparent, or seawolf> if not relatively quick to do. "mkpgp" is probably the best PGP/Pine interface. Email "deviate at lipschitz.sfasu.edu" for more information. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMDtBSnr7ES8bepftAQGa8wP+OPvqYNQ5d/UEEo5WKjlmhg7eEtgzsURR V92IRWAmtm/CyYS/TZSLjQaCJhjw0OCy5+tcELtJYZeUUxpLtwg1Cm4h3RtowyBj Ou69FTKjqb56/n52afVe1mt7WGEXO9AfomrNc/rWVwhIWSMpEhTWJiccju4cVY4U mac8kq4h5mI= =Bsru -----END PGP SIGNATURE----- From rah at shipwright.com Wed Aug 23 08:59:31 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 23 Aug 95 08:59:31 PDT Subject: e$: The Book-Entry/Certificate Distinction Message-ID: At 10:02 AM 8/23/95, Perry E. Metzger wrote: >Actually, what you've just described is general commercial paper, not >just a bond. Anything that lists a sum certain in money to be paid on >a date certain (with various other parameters, too, like a place) is >negotiable commercial paper. Checks, notes, and other instruments are >all commercial paper. They are not, by the way, certificates in the >sense that I suspect you mean. I really don't know. If a digital personal debt certificate isn't a bond, but is a subset of commercial paper, we may be quibbling about definitions, like Tim was saying. So, let's look at this for a second. First, a check is a kind of certificate pointing to a book entry in a bank somewhere, payable upon demand. A note or commercial paper is a promise to pay money plus interest, cash included, at a certain time in the future. So's a bond, but the duration is longer. It's easy to see how they're all certificates, though they can be held at a clearinghouse and thus be be book-entries. Clear as mud, I guess... I'll try better next time when I've gotten more running room. We agree that it's a fixed income instrument of some kind, right? Certainly it's not completely anonymous, but your pseudonymous key can borrow money if its reputation is clean enough. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From cjl at welchlink.welch.jhu.edu Wed Aug 23 09:04:54 1995 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Wed, 23 Aug 95 09:04:54 PDT Subject: PGP for pine/PINESIGN 2.0 In-Reply-To: Message-ID: On Tue, 22 Aug 1995, Sameer R. Manek wrote: > Does anyone know of an addon to the Pine mailer that supports PGP? > the only PGP software i could find required me to first compose a > letter in an editor then run it through a pgp signature program > then finally read it into my favorite mailer. > > I'm looking for something that is hopefully transparent, or if not > relatively quick to do. > > R.A. Hayden has posted this to the list before. I also recall Raph Levien's premail, but I don't know if it works for PINE, any satisfied customers out there?. I admit I haven't tried either of these myself, though I would be interested in the results of a *Cypherpunks sign with PINE* comparison of the various solutions for PGP integration into PINE. I might even be persuaded to beginning signing my posts to the list. :-) C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) After a couple of comments, I've updated Pinesign to a new version. This new version adds the ability to choose whether your ascii signature (ie $HOME/.signature) is added. Some mail servers get confused by extra text, so the ability to make sure nothing extra is added was requested. Basically, if you want to sign the message both digitally and asciilly (is that a word :-), just press return twice after you exit your composing editor. Otherwise, make the selections you want specific to the type of message you are sending. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= #!/bin/sh # PINESIGN v2.0 # Written by: Robert A. Hayden # PINESIGN is a simple program that will allow you to automatically sign # your email and news messages composed with the Pine 3.89 mail reader. It # may also work with other mail and news programs, but it has not been # tested. # INSTRUCTIONS FOR CONFIGURING PINE # # You need to define the following options in Pine. This can be done # either via the SETUP options in the main menu of Pine, or via editing # the .pinerc. # # A) signature-file=" " (an empty space) # B) enable-alternate-editor-cmd # C) enable-alternate-editor-implicitly (optional but recommended) # D) signature-at-bottom # E) editor= # INSTRUCTIONS FOR CONFIGURING PINESIGN # # The PGP program must be in your path, and the PGPPATH environment # variable must be defined. See the PGP documentation for details. # # Double check that the first line of this program points to sh. # # Edit the SIGPATH and PINEEDITOR variables to point at your signature # (if any) and the editor you wish to use for your Pine mail. Default # signature will be the file .signature in your $HOME directory. # Default editor is pico -z -t. SIGPATH=$HOME/.signature-pine PINEEDITOR='pico -z -t' # INSTRUCTIONS FOR USING PINESIGN # # When you compose a message, you will compose your message as normal. # # When you exit your editor (control-X in Pico), you will receive a prompt # asking if you wish to add your signature file to the message. If you # respond with y, Y or just press return, your text signature file (often # $HOME/.signature) will be appended to your message. If you type # anything else, your message will not have your signature added. # # Next, you will be prompted as to whether you wish to PGP sign your # message. If you answer with y, Y or return, you will be prompted for your # PGP passphrase and then dumped back to the address/subject section of # Pine. If you type anything else, your message will not be signed. # # If you selected it to be added, your .signature file will be appended # AFTER your digital signature. # # If you have not defined your alternate editor to be run implicitly, you # will need to start it manually. If you do not run the alternate editor, # your .signature file will not be appended and you will also have to do # that manually. It is highly recommended that your define your alternate # editor to run implicitly. ### DO NOT EDIT ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING ### $PINEEDITOR $1 clear echo -n "Would you like to add your ASCII signature to this message? [y] " read SIG echo " " echo -n "Would you like to sign this message with your PGP signature? [y] " read PGP if [ "$PGP" = "y" ] then pgp -sat +comment="PGP Signed with PineSign 2.0" $1 mv $1.asc $1 fi if [ "$PGP" = "Y" ] then pgp -sat +comment="PGP Signed with PineSign 2.0" $1 mv $1.asc $1 fi if [ "$PGP" = "" ] then pgp -sat +comment="PGP Signed with PineSign 2.0" $1 mv $1.asc $1 fi if [ "$SIG" = "y" ] then echo " " >> $1 cat $SIGPATH >> $1 fi if [ "$SIG" = "Y" ] then echo " " >> $1 cat $SIGPATH >> $1 fi if [ "$SIG" = "" ] then echo " " >> $1 cat $SIGPATH >> $1 fi From perry at piermont.com Wed Aug 23 09:13:21 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 23 Aug 95 09:13:21 PDT Subject: e$: The Book-Entry/Certificate Distinction In-Reply-To: Message-ID: <199508231613.MAA10539@frankenstein.piermont.com> Robert Hettinga writes: > So, let's look at this for a second. First, a check is a kind of > certificate pointing to a book entry in a bank somewhere, payable upon > demand. Actually, it isn't. Its an instruction to the bank to pay to someone's order. Note that the existance of a check doesn't guarantee that there are funds in the bank that can pay. The check isn't a certificate of the existance of funds -- only of the existance of an order by the account holder. > A note or commercial paper is a promise to pay money plus interest, > cash included, at a certain time in the future. So's a bond, but the > duration is longer. It's easy to see how they're all certificates, though > they can be held at a clearinghouse and thus be be book-entries. Well, the point that I'm trying to make is that a bond certificate is, provided you don't think its a forgery, an actual bond. It isn't, however, the actual underlying money, because the issuer can default. If someone is trying to buy a bond the bond certificate in some sense allows you to clear the transfer, but it clears the transfer of the bond, not the payment of the obligation. I'm probably being a bit obtuse here, but I suspect my point is made... Perry From dan at milliways.org Wed Aug 23 09:17:45 1995 From: dan at milliways.org (Dan Bailey) Date: Wed, 23 Aug 95 09:17:45 PDT Subject: DES & RC4-48 Challenges Message-ID: <199508231617.AA25787@ibm.net> On Tue, 22 Aug 1995 00:43:20 EDT you wrote: >The forms of differential cryptanalysis that I'm aware of require The >cracker to adaptively atack the encrypting or decrypting device. I >therefore do not believe that they are especially applicable to >financial transactions schemes, most of which change keys quite >frequently. > >JWS According to Biham and Shamir's Differential Cryptanalysis of DES, "An interesting feature of the new attack is that it can be applied with the same complexity and success probability even if the key is frequently changed and thus the collected ciphertexts are derived from many different keys. The attack can be carried out incrementally, and one of the keys can be computed in real time while it is still valid. this is particularly important in attacks on bank authentication schemes, in which the opponent needs only one opportunity to forge a multi-million dollar wire transfer, but has to act quickly before the next key changeover invalidates his message. This is the first published attack which is capable of breaking the full DES in less than the complexity of the exhuastive search of 2^55 keys." (7-8) The problem with this attack, of course, is generation and analysis of all the required chosen plaintexts. The analysis phase eats up 2^37 time looking at 2^36 ciphertexts from a universal set of 2^47 chosen plaintexts. Brute-forcing SSL has a worst-case time complexity on the order of 2^40. It appears that complexity for breaking 16-round DES is on the order of 2^37, according to Biham and Shamir. (87) Is there any published source code available for this type of attack? The book itself doesn't contain any code, just lots of proofs. Since 2^40 > 2^37, I think a group effort would be capable of mounting this attack. Dan ****************************************************************************** "I think, therefore I am" - Descartes Dan Bailey "I don't think, therefore I'm a moustache." - Sartre dan at milliways.org Worcester Polytechnic Institute and The Restaurant at the End of the Universe ****************************************************************************** From tcmay at got.net Wed Aug 23 09:18:12 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 23 Aug 95 09:18:12 PDT Subject: (Fwd) 1995 Nanotechnology Conference Message-ID: At 9:00 AM 8/23/95, J. Kent Hastings wrote: >Tim says that quantum codebreaking and nanotech ain't gonna happen, >because of things he explained in the past on the list, now available in >the archive. I found a great Web version of the cypherpunks archive at http: >//www.hks.net/cpunks/index.html and will indeed catch up on the >quantum coherence subject. I didn't mean to sound so dismissive, just that we've been around and around on this one, and it's very, very, very far off. Some interesting philosophical interests, but no evidence that the "instant factorization" will ever be feasible. >RSA Data Security printed an article in their newsletter, by one of the >inventors of working quantum cryptography, which stated that there is >a risk of cracking RSA because of efficient hardware factorization. Why >would they make this up about their own product? OK Tim, I'll catch up >before making further comments on quantum codebreaking. They put this stuff in their newsletters because they have to fill space, it's a sexy topic, and it's been in the news. But they won't keep running the same article every few months, which is my main point. >Now about nanotech: The Moore(?) scale mentioned here says the >processing power of hardware capacity doubles every 12 or 18 months for >a given amount of money. In about 20 years only nanotech will be on the >curve. Will hardware progress just come to a grinding halt then or what? >What's going on here? I thought cpunx were pro-nanotechnology. Well, though this will sound like name-dropping, I know both Gordon Moore of Intel and Eric Drexler of nanotechnology fame. In fact, I used to go to Ted Kaehler's "Assembler Multitudes" nanotech discussion group in Palo Alto, every month for a couple of years. So, I follow nanotech pretty closely. And it's as far off now as it was in 1985 when I first met Eric. (Well, not technically, but essentially.) Moore's Law is an observation of past behavior, not a law of nature. Gordon thought the curve would "slow down" around 1980 or so. It didn't, for various reasons. But many of us expect it will. Consider that a new wafer fab capable of building these "Moore's Law" devices has increased in price from about $50 million a couple of decades ago to about $1.5 billion today. Lots of reasons for this, which I won't go into here (yes, discussions may be found in the archives!). If this "Barrett's Law" trend continues, the cost of a new wafer fab will equal the GNP sometime around 2020. Before anyone (Kent?) mentions table-top nanotech factories, ha! Anyway, there are discussion groups for nanotech. Plenty of places to discuss the progress and lack of progress. Not even the simplest logic device has ever been built out of molecular gears and whatnot, and the claim that biotech will be the route to nanotech is of course only speculation. This is why I think nanotech discussion is inappropriate for this list. More specifically, why I think vague promises about what nanotech may someday mean are far afield from any real issues. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From wilcoxb at nagina.cs.colorado.edu Wed Aug 23 09:21:44 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Wed, 23 Aug 95 09:21:44 PDT Subject: True Names and Webs of Trust In-Reply-To: <"8TnD63.0.a82.oVlEm"@gargantua> Message-ID: <199508231621.KAA27079@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > >>>>> "Bryce" == Bryce Wilcox writes: > (in a PGP signed message) > > [...] > Bryce> You are quite right that this paragraph was unclear. > [...] > > Bad signature, doesn't match file content :))) Bryce, why don't you > really PGP-sign a mail when you agree you were unclear ? :))) :-) Good one. The truth is that I was testing to see if anyone paid attention to my sigs. Thanks for your response! I promise not to deliberately invalidate any more clearsigs. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDtVZPWZSllhfG25AQGfvQQAiBDxjYwPTukPfX5vjn8ZOMWmuzYznJax 25CDar/W8LgP3vKV8pNMUHfDUj8EN8JwvPnV/1Q++jgWcgZ8Bis0FLt59wznqm8I Ke9hiFAWxn6KHuAiz5nvlsh0xOuTwoJ/rSaQHJZlulvG6ZK1SeK0rfmY/MNMrCrc OLr7j1JVWHc= =yBpE -----END PGP SIGNATURE----- From sean at escape.ca Wed Aug 23 09:24:58 1995 From: sean at escape.ca (Sean A. Walberg) Date: Wed, 23 Aug 95 09:24:58 PDT Subject: PGP for pine/PINESIGN 2.0 In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I use mkpgp. It is a script that requres a lot of setting up, but once you learn what you are doing it makes sense. Depending on how you want it, it can be totally transparent. Personally, I took it off of total transparency, and now use it by invoking it with Atl-& I lost the site where I got it from, but I have it on disk if anybody wants it sent. It includes instructions, and once it is going is totally slick. Sean o-------------------o----------------------o-----------------------o | Sean Walberg, | Tech Support | Pas_al, _obol, BASI_, | | sean at escape.ca | escape communication | PostS_ript, T_L... | | Mail for PGP key | 925-4290 | C fills all the holes | o----------------] http://www.escape.ca/~sean [--------------------o -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDtVmt82JgvRKzQZAQGkAwP/cZU3+P2I6HB1fso4b1acv9O/QZWmPBw7 paP1jvkn0Vs9mU3yfF5kbvv6v7o/RMgm21+v/TVxnWnPnvDbHbqG/qnJmSHo1bhZ lAoq26iwD1Urg8HXVPbnOti8PrboF2J5/cBIyQyC7tXtNI9t+ZgFu8V90QmPOHLl wuhvOaHPjAg= =iR37 -----END PGP SIGNATURE----- From tcmay at got.net Wed Aug 23 09:30:57 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 23 Aug 95 09:30:57 PDT Subject: Personal: Any relation to Dan Farkas? Message-ID: Personal Henry, I just saw your name and wondered if you're any relation to Dan Farkas, a mathematician (last I heard) who attended the same university I did in the late 1960s. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From andrew_loewenstern at il.us.swissbank.com Wed Aug 23 09:31:04 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Wed, 23 Aug 95 09:31:04 PDT Subject: Certificates/Anonymity/Policy/True Names Message-ID: <9508231630.AA01613@ch1d157nwk> Michael Froomkin writes: [...hypothetical screwups by CA leading to lawsuits snipped...] > Since (in the absence of any rules given the newness of the > technology) it is very likely that a rich CA would get nuisance > suits every time a deal in which it particiapted went sour, the > absence of rules will either raise costs CAs have to charge (e.g. > to buy insurance) or will keep rich folk out of the industry (which > isn't good either, since you want CAs to buy security and to last). > Thus the need for clear liability rules. What about when the CA signing key is stolen, factored, or otherwise falls into the wrong hands, thereby possibly making every signature made by the CA worthless, or at least questionable? I assume liability will be based on the CA's efforts to ensure the integrity of the signatures it makes (and therefore the confidentiality of the secret key components), but what constitutes due diligence? As we all know, security measures cover a very wide range and can reach ridiculous proportions on both ends of the spectrum... How much security will be 'enough' from a legal standpoint...? andrew From loofbour at cis.ohio-state.edu Wed Aug 23 09:35:56 1995 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Wed, 23 Aug 95 09:35:56 PDT Subject: The End of the Ecash Trial? Message-ID: <199508231635.MAA07961@mummy.cis.ohio-state.edu> I have yet to see a date, but Digicash states several times in their press releases that Cyberbucks are only a trial currency, and that at some point in the future the trial will come to an end. Will the bottom drop out of the c$ market at that point? Without Digicash to authenticate currency, it would appear to be impossible to trade c$ coins. If and when Digicash announces an end date for the trial, I would expect to see quite a spectacular crash in the "real cash for ecash" market. The only way to preserve the market would appear to be providing an ecash-for-ecash exchange with a new bank, presumably a licensee of the Digicash software. Such a bank could, out of little more than good will and a desire to kick-start a new e-currency, offer to exchange c$ for the new ecash. Or, perhaps we just shrug our shoulders, kiss our hardly-earned Cyberbuck goodbye, and mumble about how it was fun while it lasted. Either way, in order to preserve the new e-currency's value -- and correct my economics where flawed -- we need the assurance that the money supply will not experience unreasonable growth. The ecash trial has Digicash's promise of a c$1M cap; is this trust sufficient leverage for the user to leave any amount of value in the Cyberbuck, or its successor? nathan From tcmay at got.net Wed Aug 23 09:37:28 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 23 Aug 95 09:37:28 PDT Subject: e$: The Book-Entry/Certificate Distinction Message-ID: At 3:53 PM 8/23/95, Robert Hettinga wrote: >At 10:02 AM 8/23/95, Perry E. Metzger wrote: > >>Actually, what you've just described is general commercial paper, not >>just a bond. Anything that lists a sum certain in money to be paid on >>a date certain (with various other parameters, too, like a place) is >>negotiable commercial paper. Checks, notes, and other instruments are >>all commercial paper. They are not, by the way, certificates in the >>sense that I suspect you mean. > >I really don't know. If a digital personal debt certificate isn't a bond, >but is a subset of commercial paper, we may be quibbling about definitions, >like Tim was saying. Whoah, there! I wasn't saying we were "quibbling" about definitions, I was saying that different people have different names for things and different interpretations, and that it behooves us to figure out what the real definitions are, the standard names, and not invent new names when existing names will do. And that one benefit of class libraries for the "things" of commerce, finance, crypto, etc., may be make it clearer what is being described. Just my two "aptical bearer-verified physico-tokens." --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From andrew_loewenstern at il.us.swissbank.com Wed Aug 23 09:54:33 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Wed, 23 Aug 95 09:54:33 PDT Subject: DES & RC4-48 Challenges Message-ID: <9508231653.AA01631@ch1d157nwk> Dan Bailey writes: > According to Biham and Shamir's Differential Cryptanalysis of DES, > "An interesting feature of the new attack is that it can be applied > with the same complexity and success probability even if the key > is frequently changed and thus the collected ciphertexts are derived > from many different keys. The attack can be carried out > incrementally, and one of the keys can be computed in real time > while it is still valid. this is particularly important in attacks > on bank authentication schemes, in which the opponent needs only > one opportunity to forge a multi-million dollar wire transfer, but > has to act quickly before the next key changeover invalidates his > message. This is the first published attack which is capable of > breaking the full DES in less than the complexity of the exhuastive > search of 2^55 keys." (7-8) > The problem with this attack, of course, is generation and > analysis of all the required chosen plaintexts. If I read this correctly, then the keys used for generation of the chosen plaintext-cyphertext pairs is irrelevant and once the required computation is done, one can crack any '...one of the keys can be cputed in real time while it is still valid.'.. So what, exactly does this mean? Can I do most, if not all of the feeding of chosen plaintext into my personal DES box in my basement, do the required computation (admittedly there is a lot of work to do here), then go out and start breaking wire-transfers with a minimal of chosen plaintext? That is what the above quotation would seem to imply. Seems incredible... I surely must be reading much more into the passage than is really there... andrew From tcmay at got.net Wed Aug 23 09:56:56 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 23 Aug 95 09:56:56 PDT Subject: Personal: Flub Message-ID: At 5:00 PM 8/23/95, Timothy C. May wrote: >Personal > >Henry, > >I just saw your name and wondered if you're any relation to Dan Farkas, a >mathematician (last I heard) who attended the same university I did in the >late 1960s. Sorry abou this! I hit the "Cancel" button as soon as the transfer started, and had hoped I'd caught it before it went out to the list. --Tim ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From Andrew.Spring at ping.be Wed Aug 23 10:09:32 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Wed, 23 Aug 95 10:09:32 PDT Subject: Random Hiss from Mac mike Message-ID: I've been looking at using the Mac's Sound Input Manager for hardware RNG. The advantage of it is that (1) most macs have a microphone port these days, (2) it doesn't involve any user interaction, (3) the API is easy. What I don't know, is how secure it is. Or more precisely, I don't know how much entropy is contained in the signal. In the simplest case, where the microphone is not attached, the signal consists of long runs of '0x80's alternating with '0x7f's. Now, I have no problem transforming this into uniformly distributed RN's : just hash the buffer with MD5. My question is, how many bytes get fed into the hash? Obviously, enough bytes so that I have 128 bits of entropy. Preliminary tests give me a max entropy of about .65 bits per sample byte. That's not very much, but if I can sample at ~20 KHz, that's 1625 bytes per second. That's estimated by recording the length of runs and computing the entropy over the entire sample: i.e. the sum (for k = 1 to 120) of -(fraction of runs of length k * log2 of that fraction). That works out to about 3.3 bits per run with an average run of 5.1 bytes. I suspect there's much less entropy in that signal than even this estimate, but I don't have any way to conduct tests with pure 50 cycle power and uniform ambient temperature. Or whatever else biases the signal. For all I know, every time someone in this building starts his microwave it biases the signal. Does anybody have any experience/advice in this area? -- Thank you VERY much! You'll be getting a Handsome Simulfax Copy of your OWN words in the mail soon (and My Reply). PGP Print: 0529 C9AF 613E 9E49 378E 54CD E232 DF96 Thank you for question, exit left to Funway. From rah at shipwright.com Wed Aug 23 10:31:55 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 23 Aug 95 10:31:55 PDT Subject: e$: The Book-Entry/Certificate Distinction Message-ID: At 1:06 PM 8/23/95, Timothy C. May wrote: >Whoah, there! > >I wasn't saying we were "quibbling" about definitions, I was saying that >different people have different names for things and different >interpretations, and that it behooves us to figure out what the real >definitions are, the standard names, and not invent new names when existing >names will do. Agreed. My apologies for characterizing it as "quibbling". Chain-gun Hettinga here, type first, and let God sort 'em out. A meta-reference to the problem I was talking about, I suppose. And, given what Perry said later, it's not so much a fight over definitions as I thought. >And that one benefit of class libraries for the "things" of commerce, >finance, crypto, etc., may be make it clearer what is being described. Amen. Tim, just what does "aptical" mean? ;-). Cheers, Bob ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From rah at shipwright.com Wed Aug 23 10:32:12 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 23 Aug 95 10:32:12 PDT Subject: The End of the Ecash Trial? Message-ID: At 12:35 PM 8/23/95, Nathan Loofbourrow wrote: >I have yet to see a date, but Digicash states several times in their >press releases that Cyberbucks are only a trial currency, and that at >some point in the future the trial will come to an end. We've talked about this a little bit on ecm. Someone from Digicash is on record there as saying that trading in c$ came as a complete surprise. The hitch about continuing to honor c$ is that there needs to be a bank. Someone correct me if I'm wrong, but it seems that the current system does work on an offline, peer-to-peer basis. Nonetheless, ocassionally, you still need to verify that the money hasn't been double spent, and for that you need a bank. The problem with being a bank is the price of the bank software, which is where David Chaum and Co. want make their money. Thus, the last price I got (offhand) from David on the phone a year ago was $250k + 10% of net profits. Given the cost of hardware, people, lawyers, and if you actually back the certificates with dollars in a bank of deposit (not being what we want do to here, admittedly) bankers, and more lawyers. Could add up to a mulitmillion dollar proposition. Of course, it could be done with donated professional time, bandwidth, hardware and donated bank software from Digicash. But it's hard to see that happening from here... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From kinney at bogart.Colorado.EDU Wed Aug 23 10:51:17 1995 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Wed, 23 Aug 95 10:51:17 PDT Subject: Random Hiss from Mac mike In-Reply-To: Message-ID: <199508231739.LAA24796@bogart.Colorado.EDU> Andrew Spring writes: > I've been looking at using the Mac's Sound Input Manager for hardware RNG. [...] > In the simplest case, where the microphone is not attached, the signal > consists of long runs of '0x80's alternating with '0x7f's. Now, I have no > problem transforming this into uniformly distributed RN's : just hash the > buffer with MD5. [...] > Does anybody have any experience/advice in this area? Yeah, I played with this idea a while ago and eventually gave up on it, exactly because of those long runs of 0x80's and 0x7f's. I'm not sure how you estimate 0.65 bits of entropy per byte sampled when you have long strings of repeating bytes like that. The thing is that event timings (the Time Manager allows you microsecond resolution) and mouse position measurements give you so much more entropy than the sound port that it's hardly worth it, IMO. -- Will From rjc at clark.net Wed Aug 23 11:11:12 1995 From: rjc at clark.net (Ray Cromwell) Date: Wed, 23 Aug 95 11:11:12 PDT Subject: Personal: Flub In-Reply-To: Message-ID: <199508231810.OAA03332@clark.net> > >Henry, > > > >I just saw your name and wondered if you're any relation to Dan Farkas, a > >mathematician (last I heard) who attended the same university I did in the > >late 1960s. > > Sorry abou this! > > I hit the "Cancel" button as soon as the transfer started, and had hoped > I'd caught it before it went out to the list. You should have pressed the escape key. ;-) ____ || From sjb at austin.ibm.com Wed Aug 23 11:20:04 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Wed, 23 Aug 95 11:20:04 PDT Subject: A glance at the future of missing child identification In-Reply-To: <199508210136.VAA09171@bb.hks.net> Message-ID: <9508231819.AA19515@ozymandias.austin.ibm.com> Lucky Green writes >BTW, is there a futures market that allows you to bet real money? If you mean something like Idea Futures, but with real money, I haven't seen one. I *have* seen "Iowa Electronic Markets", run by U Iowa, which has real-money futures on certain political campaigns (Presidential, Republican Convention, and Powell Nomination). See . I e-mailed the person responsible asking about the legalities of doing such a thing, as true gambling on presidential elections isn't legal. She indicated that they had a letter from the appropriate governmental agency which promised to take no action as long as they adhered to certain limits (a maximum on purchases being the most significant). Apparently they've already had requests to make some fairly *large* ($500,000 or more) investments. From fstuart at vetmed.auburn.edu Wed Aug 23 11:28:52 1995 From: fstuart at vetmed.auburn.edu (Frank Stuart) Date: Wed, 23 Aug 95 11:28:52 PDT Subject: Government Accountability through Cryptography Message-ID: <199508231828.NAA02667@snoopy.vetmed.auburn.edu> Recently, there have been many scandals (Ruby Ridge, Whitewater, the death of Vince Foster, Waco) involving the government. Even if the government is completely innocent, the perception of corruption is damaging. A big part of the problem comes from claims that incriminating documents have been hidden, destroyed, or altered. I believe I have a solution. If the government would just encrypt (using 64 bit keys or less) all their internal documents and publish them electronically, they could be checked when questions arise. The key should be held in escrow by a private company to be released only by court order, executive order, or act of Congress. Since this is very similar to the administration's proposal on cryptography, I'm sure they won't object. Perhaps we should lobby Congress. Frank Stuart | (Admiral Grace) Hopper's Law: fstuart at vetmed.auburn.edu | It's easier to get forgiveness than permission. From hfarkas at ims.advantis.com Wed Aug 23 11:31:26 1995 From: hfarkas at ims.advantis.com (Henry W. Farkas) Date: Wed, 23 Aug 95 11:31:26 PDT Subject: Personal: Flub In-Reply-To: <199508231810.OAA03332@clark.net> Message-ID: On Wed, 23 Aug 1995, Ray Cromwell wrote: > > I hit the "Cancel" button as soon as the transfer started, and had hoped > > I'd caught it before it went out to the list. > > You should have pressed the escape key. ;-) 186,000 miles per second. It's not just a good idea, it's the law. (I tried to resist, folks, really I did, but Ray had to go and make his [escape] joke, so it's actually his fault. ;-) =========================================================================== Henry W. Farkas | Me? Speak for IBM? Fat chance. hfarkas at ims.advantis.com |------------------------------------------------ hfarkas at vnet.ibm.com | http://newstand.ims.advantis.com/henry henry at nhcc.com | http://www.nhcc.com/~henry --------------------------------------------------------------------------- PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52 B3 80 34 1C CE 38 EC 53 Public key at: pgp-public-keys at pgp.mit.edu, and other popular key servers. --------------------------------------------------------------------------- Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not fast, but it's not bad, and we're cheaper than the guy down the street!" =========================================================================== From tcmay at got.net Wed Aug 23 11:36:51 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 23 Aug 95 11:36:51 PDT Subject: Aptical foddering Message-ID: At 5:31 PM 8/23/95, Robert Hettinga wrote: >Tim, just what does "aptical" mean? ;-). > As in "aptical foddering." I put this as my occupation on my draft registration form (Selective Service, aka "the draft") in 1969, from memories of a science fiction story. The canonical nonsense term, but vaguely plausible. I have used it often in the past 26 years. Someone about a year ago (sorry, forgot whom) sent me a note saying he recognized this from a Keith Laumer short story, something along the lines of "Graduating Class" or somesuch. (Not this title, but something with a school or class theme.) Relevance to crypto? If you have to ask what aptical foddering has to do with crypto....! --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From jeffb at sware.com Wed Aug 23 11:39:19 1995 From: jeffb at sware.com (Jeff Barber) Date: Wed, 23 Aug 95 11:39:19 PDT Subject: Certificates/Anonymity/Policy/True Names Message-ID: <9508231839.AA15687@wombat.sware.com> [ Oops -- this was supposed to go to the list too. ] Michael Froomkin writes: [ Note: I've rearranged a couple of paragraphs ] > On Mon, 21 Aug 1995, Bill Stewart wrote: > > > can be substantial even if the suit is bogus.) Under what conditions do > > you expect somebody to sue a CA? > > CA certifies key saying that holder has corporate power to enter into > deals upto $1million. Keyholder commits fraud, arguably outside > corparate powers. > CA certifies that a document is authentic and time-stamps it. Lawyers > did not do due dilligence, books were cooked, everyone who touches > document gets sued. This seems to be confusing different entities. The roles in these examples aren't the CA's role. In the usual crypto lingo, the CA only certifies that a key belongs to a certain individual. Some entity within the corporation is responsible for saying whether an individual can do deals up to $1 million. Some other organization provides time-stamps (though it's possible that a CA could be dragged into your second example). But let's keep the terminology straight: a CA as used in crypto literature means the agent who certifies that "this key belongs to X" (for some definition of X). > CA certifies you are Jack Ripper based on phony id. In fact you are Sam > Spade. CA sued for recovery of ensuing fraud. > > In each of these cases, if the CA did exactly what it promises and no > more, it (arguably) deserves a way to short-circuit the suit, thus > keeping its costs down. This is a better example to start from. I agree with your sentiment but don't necessarily agree with the conclusion. Let's start from the important "if" in your sentence. If the CA publicly guarantees only that it checks for a certain ID and can prove it did this (perhaps by producing a picture or photocopy of the ID it examined), it shouldn't have too much trouble defending the case. No reason why it should need any special short-circuit. Eventually, successful defenses will show that it's a waste of time to attack the CA if the CA did what it promised. If it guarantees more (say, that "this key *really* belongs to 'X'"), then it better be prepared to establish that fact to its own satisfaction before issuing the certificate (via birth certificates, passports, fingerprints, retinal scans or all of the above). If it fails to do those things, then it is and should be liable. After all, that's what the CA is getting paid for: to keep the promise it's implicitly making and take the heat to back up its promise. > Since (in the absence of any rules given the newness of the technology) it > is very likely that a rich CA would get nuisance suits every time a deal > in which it particiapted went sour, the absence of rules will either > raise costs CAs have to charge (e.g. to buy insurance) or will keep rich > folk out of the industry (which isn't good either, since you want CAs to > buy security and to last). Thus the need for clear liability rules. I think this is just part of the landscape for a CA. Again, that's what they're getting paid for. As for the rules, the courts will work those out through litigation. How else? :-) BTW, VeriSign is acting as a CA now for Netscape Commerce Server and Open Market Secure Web Server certificates, and perhaps others -- see: http://www.verisign.com/ I don't know exactly what guarantee VeriSign's making or what they expect their liability to be, but they are making a reasonable effort to establish the identity of server certificate holders (copy of letters of incorporation, business licenses and so forth). And they are charging $290 for a first-year certificate. It seems to me this $290 (though not huge for a business) is a lot more than it costs them just to check the papers and execute the mechanics of creating the certificate. The rest is their compensation for taking the "risk" of issuing the certificate's implicit guarantee. Presumably, some of that money goes toward insuring themselves against the kinds of claims you cited above. Just my thoughts -- IANAL. -- Jeff From mfroomki at umiami.ir.miami.edu Wed Aug 23 11:50:14 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Wed, 23 Aug 95 11:50:14 PDT Subject: Certificates/Anonymity/Policy/True Names In-Reply-To: <199508220238.TAA22713@ix5.ix.netcom.com> Message-ID: <199508231824.LAA24781@comsec.com> On Mon, 21 Aug 1995, Bill Stewart wrote: > can be substantial even if the suit is bogus.) Under what conditions do > you expect somebody to sue a CA? CA certifies key saying that holder has corporate power to enter into deals upto $1million. Keyholder commits fraud, arguably outside corparate powers. CA certifies you are Jack Ripper based on phony id. In fact you are Sam Spade. CA sued for recovery of ensuing fraud. CA certifies that a document is authentic and time-stamps it. Lawyers did not do due dilligence, books were cooked, everyone who touches document gets sued. In each of these cases, if the CA did exactly what it promises and no more, it (arguably) deserves a way to short-circuit the suit, thus keeping its costs down. Since (in the absence of any rules given the newness of the technology) it is very likely that a rich CA would get nuisance suits every time a deal in which it particiapted went sour, the absence of rules will either raise costs CAs have to charge (e.g. to buy insurance) or will keep rich folk out of the industry (which isn't good either, since you want CAs to buy security and to last). Thus the need for clear liability rules. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm From hallam at w3.org Wed Aug 23 11:55:33 1995 From: hallam at w3.org (hallam at w3.org) Date: Wed, 23 Aug 95 11:55:33 PDT Subject: Digital cash project? Re: The End of the Ecash Trial? In-Reply-To: <199508231635.MAA07961@mummy.cis.ohio-state.edu> Message-ID: <9508231854.AA22322@zorch.w3.org> >The only way to preserve the market would appear to be providing an >ecash-for-ecash exchange with a new bank, presumably a licensee of the >Digicash software. Such a bank could, out of little more than good >will and a desire to kick-start a new e-currency, offer to exchange c$ >for the new ecash. Or, perhaps we just shrug our shoulders, kiss our >hardly-earned Cyberbuck goodbye, and mumble about how it was fun while >it lasted. Well I might be interested in setting up such a scheme, but I'm not sure that the Chaumian Annonymity guarantees could be provided as is. This is because of Chaum's patent on blind signatures. There are schemes which offer weaker annonymity and also schemes which provide for faster movement of currency. The scheme I am currently looking at employs both symmetric and asymmetric keying to provide for fast transfers of cash after a connection is set up. The mode of payment is of the fraction of cents per page type so RSA is too expensive. Who would be interested in such a trial? Who would be interested in writing code? There are complications if the Web consortium is involved since we are obliged to provide code to our members one month in advance of the official release. But that is for source I beleive, I don't think that there would be a problem with trial users or with exchanging code with collaborators. After the one month period all consortium code becomes copyright but freely avaliable for use for any purpose, its the X consortium contract in fact. Cyberbucks could be siphoned out of the Chaum system by simply agreeing to exchange e-cash for whatever the new currency is. It would also be possible to go in the other direction perhaps, "I promise to pay the bearer on demand the sum of one cyberbuck". Since most cyberbuck users are looking to control access to a resource its not clear that the cyberbuck model is what is needed. It might be possible to deploy a resource contention arbitration mechanism which was not convertible. This would also avoid many of the regulatory problems of e-cash. Phill From trei at process.com Wed Aug 23 12:02:24 1995 From: trei at process.com (Peter Trei) Date: Wed, 23 Aug 95 12:02:24 PDT Subject: SSL Challenge - problem with NT client? Message-ID: <9508231902.AA26831@toad.com> (I think we need a separate code cracking list) I've got the NT client up and running. It can connect to the server, and download the challenges and I can request and select keyspace. But I can't seem to ungray the 'search' button, so I can't test it. Any ideas? Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From Damien.Doligez at inria.fr Wed Aug 23 12:05:39 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Wed, 23 Aug 95 12:05:39 PDT Subject: The sorry state of non-US crypto Message-ID: <9508231905.AA28419@couchey.inria.fr> >Italy: ftp://ftp.dsi.unimi.it/pub/security/crypt/ >UK: ftp://ftp.ox.ac.uk/pub/crypto/ >Croatia: http://pgp.rasip.fer.hr/ >Germany: ftp://ftp.darmstadt.gmd.de/pub/crypto/ Don't forget Australia: http://psych.psy.uq.oz.au/~ftp/Crypto/ It's especially relevant because there is a version of Mosaic that uses 128-bit SSL (i.e. truly secure). I have most of these pointers in my SSL crack Web page (which has evolved quite a bit in one week). -- Damien From BFERREIR at pchardy.petro-canada.ca Wed Aug 23 12:15:03 1995 From: BFERREIR at pchardy.petro-canada.ca (Ferreira, Ben 296-4158) Date: Wed, 23 Aug 95 12:15:03 PDT Subject: PGP for elm Message-ID: <303B8EF5@smtpgw.pccw.petro-canada.ca> Anyone know if there is a PGP interface or elm version that supports PGP? From dan at milliways.org Wed Aug 23 12:50:05 1995 From: dan at milliways.org (Dan Bailey) Date: Wed, 23 Aug 95 12:50:05 PDT Subject: DES & RC4-48 Challenges Message-ID: <199508231949.AA25702@ibm.net> On Wed, 23 Aug 95 11:53:22 -0500 you wrote: >Dan Bailey writes: >> According to Biham and Shamir's Differential Cryptanalysis of DES, >> "An interesting feature of the new attack is that it can be applied > >If I read this correctly, then the keys used for generation of the chosen >plaintext-cyphertext pairs is irrelevant and once the required computation is >done, one can crack any '...one of the keys can be cputed in real time while >it is still valid.'.. > I haven't read this entire book, mainly because a lot of it is over my head with some pretty esoteric proofs. The impression I got was that if the cryptanalyst is steadily keeping up with the key changes until he collects the required 2^36 from a pool of 2^47 valid plaintext/cyphertext pairs, he then can recover the last key used. I don't understand what constitutes a "valid" pair in this context. Also, I'm not sure if all the computation he's done to get to that point is applicable in his attack on the next key. It appears not. If all of his precomputation was somehow salvagable, I think we'd already have heard about someone actually doing it. But then again, I don't understand how his precomputation could *not* be applicable. He'd just have to drop off the computations done for the first key. Perhaps the difficulty in this problem comes from not knowing when the source is changing keys. According to Schneier, "To get the requisite data for this attack, you have to encrypt a 1.5Mbits/second data stream of chosen plaintext for almost three years." (240) With the massively-parallel nature of Cypherpunks, this is probably feasible, assuming we could figure out what needed to be done. Another angle is cracking a reduced-round version of DES. 8-round DES can be analyzed in 2^9 using differential cryptanalysis. Since I'm sure the press doesn't really understand using multiple rounds in iterated cryptosystems, maybe that little detail would slip by. 2^9 could easily be handled by an Alpha in the evening. Dan >So what, exactly does this mean? Can I do most, if not all of the feeding of >chosen plaintext into my personal DES box in my basement, do the required >computation (admittedly there is a lot of work to do here), then go out and >start breaking wire-transfers with a minimal of chosen plaintext? That is >what the above quotation would seem to imply. > >Seems incredible... I surely must be reading much more into the passage than >is really there... > >andrew > > > ****************************************************************************** "I think, therefore I am" - Descartes Dan Bailey "I don't think, therefore I'm a moustache." - Sartre dan at milliways.org Worcester Polytechnic Institute and The Restaurant at the End of the Universe ****************************************************************************** From mfroomki at umiami.ir.miami.edu Wed Aug 23 12:52:45 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Wed, 23 Aug 95 12:52:45 PDT Subject: Australia and Encryption Policy (fwd) Message-ID: Don't know quite how I became a Denning <--> cypherpunks conduit, but there you are; anyway this time she is passing on Orlowski's response to Ross Anderson. I have no part in this debate, honest. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki ---------- Forwarded message ---------- Date: Wed, 23 Aug 1995 15:29:17 -0400 (EDT) From: Dorothy Denning To: MFROOMKI at umiami.ir.miami.edu Cc: denning at cs.cosc.georgetown.edu Subject: Australia and Encryption Policy ----- Begin Included Message ----- From perry at piermont.com Wed Aug 23 12:57:14 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 23 Aug 95 12:57:14 PDT Subject: is there... Message-ID: <199508231956.PAA10953@frankenstein.piermont.com> Is there an online version of Raph's anonymous remailer list for FTP or on the web? I suddenly need to give it to someone. .pm From janzen at idacom.hp.com Wed Aug 23 13:06:59 1995 From: janzen at idacom.hp.com (Martin Janzen) Date: Wed, 23 Aug 95 13:06:59 PDT Subject: Pointer to InfoWeek article: "Internet Thieves" Message-ID: <9508232006.AA02989@sabel.idacom.hp.com> The current online issue of InformationWeek contains an article about new threats to data security. Nothing in the article should be new to most Cypherpunks readers, but those who are interested can find the article at: http://techweb.cmp.com/iw/current/42mtweb.htm To its credit, IW has no obnoxious registration procedure; just click and read. Here's a sample: =============================================================================== INTERNET THIEVES Trade in black-market data is a growing problem for business. What, if anything, can be done? By Clinton Wilder and Bob Violino (Issue date: August 28, 1995) The new frontier of cyberspace represents vast opportunities for innovation, entrepreneurship, and profit-making. But there is also a dark side to the online world, one that poses a worrisome threat to the security of corporations. The Internet has spawned an illegal market in which thieves use the latest Net software tools to trade stolen information, including corporate trade secrets. [...] =============================================================================== -- Martin Janzen janzen at idacom.hp.com From cjl at welchlink.welch.jhu.edu Wed Aug 23 13:12:06 1995 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Wed, 23 Aug 95 13:12:06 PDT Subject: Remailer list pinging by e-mail In-Reply-To: <199508231956.PAA10953@frankenstein.piermont.com> Message-ID: On Wed, 23 Aug 1995, Perry E. Metzger wrote: > > Is there an online version of Raph's anonymous remailer list for FTP > or on the web? I suddenly need to give it to someone. > > .pm > Try sending a message to mg5n+remailers at andrew.cmu.edu the automagical reply should be the most current listing of Raph's list. C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From futplex at pseudonym.com Wed Aug 23 13:14:45 1995 From: futplex at pseudonym.com (Futplex) Date: Wed, 23 Aug 95 13:14:45 PDT Subject: FBI Files on Clipper Release In-Reply-To: Message-ID: <9508232014.AA18754@cs.umass.edu> A FBI document reads: # To ensure that this occurs, legislation mandating the # use of Government-approved encryption products or # adherence to Government encryption criteria is required. Ex-AAG Jo Ann Harris told a Senate Judiciary Subcommittee in 1994: $ we have absolutely no intention of mandating private use of a particular $ kind of cryptography, I ranted: % Just what real legal recourse do we have against lying scum in the % bureaucracy ? Brian Davis writes: > You sure are anxious to prosecute government officials. You're damn right I'm anxious to prosecute government officials who appear to have willfully lied about public policy in testimony before Congress ! Look, plenty of people here are honest-to-[insert your higher power of choice here] anarchists. I happen to be at most an anarchogroupie ;) and I'm reasonably comfortable with the U.S. version of representative democracy. [Note to the list: I'm not looking to spark any sort of debate about political philosophy, on or off the list. I'm not interested in arguing semantics, so don't bother trying.] For representative democracy to be even vaguely democratic at all, the representatives need to level with their constituents as much as possible. I certainly intend to hold public officials speaking in an official capacity about official business to a high standard of conduct. > What is untrue about her statement. Maybe she meant it's OK to use > ROT-13 but nothing else ... How could that be compatible with "no intention of mandating...a particular kind of cryptography" ? > And you guys complained about the Jake Baker prosecution! Non-sequitur. How is the Baker case relevant to this ? -Futplex "Say goodbye to the clowns in Congress" -Elton John/Bernie Taupin From loki at obscura.com Wed Aug 23 13:35:03 1995 From: loki at obscura.com (Lance Cottrell) Date: Wed, 23 Aug 95 13:35:03 PDT Subject: is there... In-Reply-To: <199508231956.PAA10953@frankenstein.piermont.com> Message-ID: There is a link to the list from my home page. I don't remember the URL for the list, but my page is http://obscura.com/~loki/Welcome.html -Lance On Wed, 23 Aug 1995, Perry E. Metzger wrote: > > Is there an online version of Raph's anonymous remailer list for FTP > or on the web? I suddenly need to give it to someone. > > .pm > ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From sjb at austin.ibm.com Wed Aug 23 13:53:04 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Wed, 23 Aug 95 13:53:04 PDT Subject: Out of state gambling In-Reply-To: <199508171002.MAA01952@utopia.hacktic.nl> Message-ID: <9508232052.AA14383@ozymandias.austin.ibm.com> Anonymous writes >Could someone, perhaps a furriner, perhaps talk to the folks >at casino.org and see if they would be willing to open a book on >presidential election outcomes. Or perhaps organize something with >an enterprising London/Moscow gambling house, preferably with fast >IP feed, and constantly updated odds on the web. None of this is necessary. The University of Iowa's Business School already has this sort of thing. They run a real-money futures market which currently has the following three markets: 1996 Presidential Election 1996 Republican Convention Nomination 1996 Colin Powell Nomination The URL is Just as an aside, the Republicans have been steadily losing ground over the last three months. The difference between the Republican coupon and the Clinton reelection coupon is about 1/2 cent, down from 10 cents or so a few months ago. From sjb at austin.ibm.com Wed Aug 23 14:57:33 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Wed, 23 Aug 95 14:57:33 PDT Subject: RUB_han In-Reply-To: <199508171545.LAA10941@pipe1.nyc.pipeline.com> Message-ID: <9508232157.AA18612@ozymandias.austin.ibm.com> How does one go about retrieving the text of these articles? From ab411 at detroit.freenet.org Wed Aug 23 15:00:49 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Wed, 23 Aug 95 15:00:49 PDT Subject: MD5 in DOS Message-ID: <199508232159.RAA28864@detroit.freenet.org> nobody wrote: >im looking for a md5 binary that will run on dos. >can anyone give me a pointer? There is a program for DOS called MDx which does both MD4 and MD5, and is pretty fast, too. It can be found at: ftp://oak.oakland.edu/SimTel/msdos/fileutil/xsum11.zip or ftp://garbo.uwasa.fi/pc/fileutil/xsum11.zip Or at mirrors of the SimTel or Garbo archives. I cannot claim to be unbiased, though -- I wrote it (with a little help from Phil Karn's fast assembly MD5 translate function!) xsum 1.1 is freeware. -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From denning Wed Aug 23 12:13:05 1995 From: denning (Dorothy Denning) Date: Wed, 23 Aug 95 15:13:05 EDT Subject: Australia and Encryption Policy Message-ID: Ross Anderson posted a message on the net recently stating that Australia was proposing an encryption policy that would force residents to use weak cryptography while banks would get key escrow. His source was a talk by Steve Orlowski, who is Assistant Director, Security Management, in the Australian Attorney-General's Department. Attached is a copy of an open letter by Mr. Orlowski in response to that post. He is not proposing that individuals be forced to use weak encryption. Key escrow would be an option available to anyone wanting a high level of encryption. Organizations and individuals could escrow their own keys if desired. This message and his letter may be forwarded. Dorothy Denning --------------- Dear Thank you for your comments on the subject of the use of encryption by private individuals. Firstly I would like to make the point that the debate has arisen from one person's interpretation of a paper I gave at a conference on "Cryptography Policies and Algorithms" The full text of that paper is now available on the net at http://commerce.anu.edu.au/comm/staff/RogerC/RogersHome.html The paper carries a disclaimer at the top that the views are mine and do not necessarily represent the views of the Australian Government. The paper sets out the Government's policy on telecommunications interception, which includes the issue of the use of cryptography as: "As a result of the Report, Australia is, among other TI issues, monitoring the impact of encryption in the telecommunications interception area and will re-examine matters in 1997 following the opening of the telecommunications area to full competition." Telecommunications covers both voice and data communications. The last paragraph of the paper says that there is a need to expand the cryptography debate to cover the needs of individual users in the context of the information superhighway rather than current Internet users. The paper also points out that issues suh as cost, convenience and public confidence in cryptography systems will be the main issues. Public confidence is explained in terms that as long as it meets the general requirement for privacy it will be acceptable. I still maintain that the general user of the superhighway in the next century will be satisfied with a lower level of encryption which will meet that and cost and user friendliness requirements. On specific point made in the Internet message, the paper does not suggest, either directly or by implication, that individuals should be banned from using encryption. Regarding the use of higher level encryption, the paper supports the concept of commercial key escrow where organisations hold their own keys but may be required to provide them in response to a court order. The same would apply to individuals who could either hold there own keys or store them with a commercial body. Access to those keys would be by court order and in that respect is no different to existing procedures for the interception or seizure of telephone conversations or paper records. There is no suggestion that these basic principles, and protection of individual's rights in general, should be changed If individuals were to use lower level encryption there would be no need for them to maintain copies of any keys for such systems. To my mind this is preferable to a requirement for keys to be maintained for all encryption systems, which could be the result if universal key escrow were introduced. Finally on the question of interception, the general public expects a reasonable level of law enforcement to ensure the protection of their person and property. Governments are required to find a balance between this and the rights of individuals to privacy. Part of this balance is to ensure that law enforcement authorities convince a court that there is a need to carry out an interception. There is no suggestion that this fundamental approach should be changed. The paper certainly does not suggest tha the Attorney-General's Department should become a centralised interception authority. In fact such a role would not be consistent with its role as a source of advice to Government. I hope the above clarifies both the Government's policy and my personal views on these matters. I consider this to be an open letter and have no objection to it being used as such. Yours sincerely Steve Orlowski From cme at TIS.COM Wed Aug 23 15:31:19 1995 From: cme at TIS.COM (Carl Ellison) Date: Wed, 23 Aug 95 15:31:19 PDT Subject: Random Hiss from Mac mike In-Reply-To: <199508232105.OAA27566@comsec.com> Message-ID: <9508232228.AA17098@tis.com> >Date: Wed, 23 Aug 1995 19:09:35 +0100 >From: Andrew.Spring at ping.be (Andrew Spring) >I've been looking at using the Mac's Sound Input Manager for hardware RNG. [...] >I suspect there's much less entropy in that signal than even this estimate, [...] >Does anybody have any experience/advice in this area? I would try injecting noise and seeing how well you can control the output signal. I would also do a Fourier transform of the output and look for cyclic behavior -- then see how the frequency spectrum can be modified by turning machinery on and off, turning radios on and off, .... You can also try various compression algorithms to see how much entropy they claim to see. When that's done, you can then use some of my ranno conditioning code, free on the net (although written for UNIX, for now): http://www.clark.net/pub/cme/html/ranno.html I especially like running a pseudo-random stream through ranM and then a hash, to obliterate any patterns which might sneak past your analysis. - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From adam at bwh.harvard.edu Wed Aug 23 15:59:15 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 23 Aug 95 15:59:15 PDT Subject: Random Hiss from Mac mike In-Reply-To: Message-ID: <199508232258.SAA24087@bwh.harvard.edu> Take a look at RFC 1750. It discusses randmoness. If your input to MD5 consists of two long strings of constants, your output from MD5 only has really a very few bits of entropy (I think you end up with 7, or possibly 14 if there are two transitions. Not a lot of entropy at all.) | I've been looking at using the Mac's Sound Input Manager for hardware RNG. | The advantage of it is that (1) most macs have a microphone port these | days, (2) it doesn't involve any user interaction, (3) the API is easy. | | What I don't know, is how secure it is. Or more precisely, I don't know | how much entropy is contained in the signal. | | In the simplest case, where the microphone is not attached, the signal | consists of long runs of '0x80's alternating with '0x7f's. Now, I have no | problem transforming this into uniformly distributed RN's : just hash the | buffer with MD5. Again, the output of a hash is only as good as its input. If you input 40 random bits, and 88 known bits, we only need to search the 40 known bits. If you input a string of the form 00000011, with 2 runs of some length, we don't have to search 11100111 as a possibility. There are only 8 strings which match if your constraints are 8 bits, starting with 0, and only a single transition to a different state. So, by knowing those rules, we only have to search 2^3 strings instead of 2^8. If there isn't a microphone, and the OS gives you a steady stream, then the sound port is a bad source of randomness, even with a hash. Use mouse movement, keyboard input, or the parity of long strings of either of those. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From shamrock at netcom.com Wed Aug 23 16:15:17 1995 From: shamrock at netcom.com (Lucky Green) Date: Wed, 23 Aug 95 16:15:17 PDT Subject: PacBell's idea of a good password Message-ID: <199508232310.TAA08757@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - From the PacBell Messsage Center (voice mail) brochure: "Make it easier to remember your password by choosig a code you use already, i.e. a PIN number or birth date." - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMDu1OyoZzwIn1bdtAQEvlAF+ObOioS3uF8obI6BRhtjfkZdvRAztTlUa uCjeR0AH2MzNEgTFM0mCSXuTnyy/trG0 =rg3O -----END PGP SIGNATURE----- From ylo at cs.hut.fi Wed Aug 23 19:25:00 1995 From: ylo at cs.hut.fi (Tatu Ylonen) Date: Wed, 23 Aug 95 19:25:00 PDT Subject: The sorry state of non-US crypto In-Reply-To: Message-ID: <199508240224.FAA06635@shadows.cs.hut.fi> > > I just spent an hour surfing the various crypto/cypherpunks web sites. In > > this hour I did not come across a single non-US site that carried anything > > else but PGP. Most non-US sites just carry rants about the evil ITAR, and > Try these URL's: Finland: ftp://ftp.funet.fi/pub/crypt Sweden: ftp://ftp.sunet.se/pub/security/tools/crypt Russia: ftp://ftp.kiae.su/pub/unix/crypto Norway: ftp://ftp.unit.no/pub/unix/security Australia: ftp://ftp.psy.uq.os.au/pub/Crypto I have created a set of WWW pages at http://www.cs.hut.fi/ssh/crypto that contains a lot of material and references to cryptographic software, algorithms, and related information available outside the US. I'll expand the pages as I get suggestions for more things to put there. The pages will probably be quite stable and I'll try to maintain them, so it is possible to refer to those pages wherever references are needed for crypto archives outside the United States. Tatu From jirib at sweeney.cs.monash.edu.au Wed Aug 23 19:43:22 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Wed, 23 Aug 95 19:43:22 PDT Subject: e$: The Book-Entry/Certificate Distinction In-Reply-To: Message-ID: <199508240241.MAA07578@sweeney.cs.monash.edu.au> Hello rah at shipwright.com (Robert Hettinga) and stevenw at iglou.com (Steven Weller) and cypherpunks at toad.com [certificates have their own inherent worth etc] > In such a system, where does credit come in? If I have a certificate that > is worth X, then does the recipient know that it's from my "credit card"? > How do I obtain credit, and in what form does it exist? There's no reason for the recipient to know it's from your credit card. You simply obtain cash from your bank as a loan and then give it to the recipient. If you want to provide the convenience of CC (ie avoid having to go to the ATM first), you could allow wallets to communicate with the bank via the merchant's equipment, in effect building an ATM into every point-of-sale terminal. wallet via merchant to bank: withdraw X from account Y bank via merchant to wallet: here is X in e-cash wallet to merchant: here is X in e-cash If you do not wish the bank to know which merchant it was, you could send it via an anonymizing service or two. > Furthermore, how do we assess the value of real physical things in a system > like this? Well, same as in any other system: "how much are you willing to give me for this?" Jiri -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) From hallam at w3.org Wed Aug 23 19:59:21 1995 From: hallam at w3.org (hallam at w3.org) Date: Wed, 23 Aug 95 19:59:21 PDT Subject: The End of the Ecash Trial? In-Reply-To: Message-ID: <9508240258.AA22751@zorch.w3.org> >The problem with being a bank is the price of the bank software, which is >where David Chaum and Co. want make their money. Thus, the last price I >got (offhand) from David on the phone a year ago was $250k + 10% of net >profits. Given the cost of hardware, people, lawyers, and if you actually >back the certificates with dollars in a bank of deposit (not being what we >want do to here, admittedly) bankers, and more lawyers. Could add up to a >mulitmillion dollar proposition. So Dave expects a Bank to pay him $250,000 + 10% so they can't find anything out about their customers spending habits. Dosen't sound as if its all that tempting a proposition for them, they are expected to both create the market and pay the monopolist to participate in it. If Chaum had given his system away, got everyone using it he might have a Netscape type situation. As it is I can't see a great deal of incentive for the people he expects money from to give it him. I don't think this is a going proposition at the moment. It might work for Motorway service tolls and such. I can easilly see a method of getting a political party to buy into such a scheme. It would be kind of ironic given the political motivations of most annonymous payment supporters if the government turned out to be the only organisation likely to buy the product. Personally I don't like Motorway service tolls. Any other people have some ideas about people likely to pay 0.25 M +10% of profits? Perhaps it could be used for gambling? Phill From dmandl at panix.com Wed Aug 23 20:09:03 1995 From: dmandl at panix.com (David Mandl) Date: Wed, 23 Aug 95 20:09:03 PDT Subject: is there... Message-ID: At 3:56 PM 8/23/95, Perry E. Metzger wrote: >Is there an online version of Raph's anonymous remailer list for FTP >or on the web? I suddenly need to give it to someone. > >.pm http://www.cs.berkeley.edu/~raph/remailer-list.html --D. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From jis at mit.edu Wed Aug 23 20:57:45 1995 From: jis at mit.edu (Jeffrey I. Schiller) Date: Wed, 23 Aug 95 20:57:45 PDT Subject: PGPfone Release is coming soon! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- As you may have seen, the news media has picked up on the upcoming PGPfone release. This note is to let you know that we at MIT are working with Phil Zimmermann and the PGPfone team to distribute PGPfone from MIT. We expect to have a *BETA* test version (Macintosh Only) of PGPfone available shortly. We will distribute PGPfone via anonymous FTP from net-dist.mit.edu. Look in the /pub/PGPfone directory (which doesn't yet exist). We will also be distributing PGP via the World Wide Web from: http://web.mit.edu/network/pgpfone This "Home" page already exists, but doens't have the distribution yet. Feel free to check it periodically, as it will be changed as soon as the distribution is ready. -Jeff -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDv4lMUtR20Nv5BtAQEyFAP+J3oFHuwKiOu56CtYSvA7WJUGgZg37zRj QPmMfnOD5/9nGUXGsQjs3NTMwV4Y+de4mM3Qxi/O/G0ID1aGod8pPbDkyh6wG594 FVWLu6c1E7pZcge1/Iv9nwBKbHAhOzh368YYMTIsiIlE3hjRB37/iVmIcQsOhleQ 4Qp8aJSEim8= =Mskz -----END PGP SIGNATURE----- From penny at tyrell.net Wed Aug 23 21:15:32 1995 From: penny at tyrell.net (Alan Penny) Date: Wed, 23 Aug 95 21:15:32 PDT Subject: e$: The Book-Entry/Certificate Distinction Message-ID: <199508240410.AA14034@tyrell.net> The other night I heard that some of the rules for selling stock have been changed to allow companies to sell stock directly to investors. I have been thinking that this may have the potential to support an interesting system. Imagine "Portfolio Accounts" with a debit-card like access method. Instead of paying for an item at a store with money or credit you use your Portfolio-Account card and buy the item with shares/micro-shares of stock. Stock brokers may offer this type of service in response the competition of companies bypassing them. Stock brokers could setup services that mediate between transactions calculating trades and values "on-the-fly" (anonymity could be tricky to build into this system). If the company you worked for paid you with stock instead of money this would complete the loop. Portfolio Accounts could be "cashed out" but if they have all of the attributes of money and don't suffer from inflation why not keep your stock invested. This also has the interesting feature of avoiding all taxes. Until you "cash out" your account you would not have to pay taxes, if you never need cash out your account, you never need to pay taxes. I suspect that our friendly governments would try to "correct" this "problem" in the long run if they can. Steven Weller writes: [snip] > > In such a system, where does credit come in? If I have a certificate that > is worth X, then does the recipient know that it's from my "credit card"? > How do I obtain credit, and in what form does it exist? > Could credit be supported by distributed futures market system? > > Furthermore, how do we assess the value of real physical things in a system > like this? If you had a stock transaction mediated economy the "currency" in this system would be backed buy the goods and services produced by companies issuing stock. You could view stock in this system as private currencies, and there would be thousands of competing currencies. I have been thinking that this might be a viable path to denationalized currencies. Stock certificates could be based on crytographic verification protocols. If all the stock in this system were 'bearer-based' (i.e., you posess it you own it) you could also support cash-like anonymity as well. > > > -- > Steven Weller +1 502 454 0054 (voice) > OS-9 Consultancy and Software +1 502 451 5935 (fax) > Finger for public key 00 02 3C 2F 83 76 D3 77 2A 95 E8 90 94 9A 9D 74 > http://iglou.com/windsorgrp stevenw at iglou.com or realtime at well.sf.ca.us > > Cordially, [-------------------------------------------------------------------------] [ Public pgp-key: email penny at tyrell.net with subject as 'send pgp-key' ] [ My opinions are mine. I have scored 90% on the the Turing Test. ] [ Alan Penny, penny at tyrell.net ] From poodge at econ.Berkeley.EDU Wed Aug 23 21:48:42 1995 From: poodge at econ.Berkeley.EDU (Sam Quigley) Date: Wed, 23 Aug 95 21:48:42 PDT Subject: Linux brutessl client Message-ID: <199508240448.VAA12304@quesnay.Berkeley.EDU> Hi. I've been able to compile a working brutessl 1.02 cllient under linux and gcc 2.7.0, but I get abysmal search speeds. My system is a pentium 60, which, according to the docs, ought to have a speed of something over 14100 kps (that's what a 486dx2/66 with no rotate left macro gets). brutessl -t reports that my system can do 11200 keys per second. Is there any obvious reason this number is so much lower than expected? I'm reasonably certain gcc implemets a rotl macro, but I don't know how to make use of it -- has anyone out there gotten assembly.c to compile under gcc? Finally, are there any additional optimizations for pentium machines available? thanks, -sq From jamesd at echeque.com Wed Aug 23 21:56:56 1995 From: jamesd at echeque.com (James A. Donald) Date: Wed, 23 Aug 95 21:56:56 PDT Subject: Shared secrets and corporations in Cyberspace. Message-ID: <199508240456.VAA06659@blob.best.net> How can collective entities hold keys? Corporations derive their cohesion partly from realspace coercion, and partly by trust based on face to face interactions among the participants, and partly from their brand name. Trusts derive their cohesion primarily from trust, again based on face to face interaction. A cyberspace corporation would derive its cohesion primarily from its name identification and the public key associated with its brand name. Consumers would presumably wish there financial instruments to be signed to the public key of Megacorp life insurance, rather than Megacorp's insurance saleman, for fear that otherwise their funds might go astray, or they might get bad software, etc, and the private key corresponding to that public key will sign the employees paycheques. If a cyberspace corporation does not have a valued brand name it is likely to disintegrate into its components, in the way that some realspace corporations did in the boisterous early days of silicon valley. But this creates a problem of "owning the corporation". If one man knows the corporations secret key, he can pretty much tell the shareholders to go take a hike. If two men know the secret key, it probably will not remain secret much longer. One solution is to use truenames, rather than keys as the "real identity" -- set up financial transaction software so that it considers that any key signed by a proper authority certifying the key to be the key of Megacorp is a valid Megacorp key, that all such keys are equivalent, and that the authority will only issue keys to one entity called Megacorp. Then when folk start fighting over who is the real Megacorp, the authority resolves the dispute by conventional means. Current proposals for transaction software are based on truenames and trees-of-trust. This is not too bad as long as we have a forest, not a single tree, but still, one would like to have some arrangement whereby a large number of people could share a single key, and can buy and sell interests in that key, whereby we can have the mechanisms of shared ownership without the need for an external authority to enforce it. Obviously trusts will work fine in Cyberspace, but trusts are by their nature small and undemocratic. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jamesd at echeque.com Wed Aug 23 22:28:20 1995 From: jamesd at echeque.com (James A. Donald) Date: Wed, 23 Aug 95 22:28:20 PDT Subject: e$: The Book-Entry/Certificate Distinction Message-ID: <199508240528.WAA09482@blob.best.net> At 12:01 PM 8/22/95 -0400, Robert Hettinga wrote: > It's easy > to see how a combination of certification technology and cryptographically > anonymous voting protocols allow the direct election of a company's board > members without proxies -- another hierarchical device -- for instance. It is not so easy for me to see how such protocols allow the shareholders to control the company's keys if the CEO tells the shareholders to go and stick their heads in a bucket. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From zinc at zifi.genetics.utah.edu Wed Aug 23 22:44:43 1995 From: zinc at zifi.genetics.utah.edu (zinc) Date: Wed, 23 Aug 95 22:44:43 PDT Subject: Linux brutessl client In-Reply-To: <199508240448.VAA12304@quesnay.Berkeley.EDU> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 23 Aug 1995, Sam Quigley wrote: > Date: Wed, 23 Aug 1995 21:48:33 -0700 > From: Sam Quigley > To: cypherpunks at toad.com > Subject: Linux brutessl client > > > Hi. > > I've been able to compile a working brutessl 1.02 cllient under linux > and gcc 2.7.0, but I get abysmal search speeds. > > My system is a pentium 60, which, according to the docs, ought to have > a speed of something over 14100 kps (that's what a 486dx2/66 with no > rotate left macro gets). > > brutessl -t reports that my system can do 11200 keys per second. i'm running linux 1.2.11 on my DX4-100 (might be faster than your P60) and i get these results.. zifi:~/crypto/ssl> brutessl -t BruteSSL 1.0 Self test... OK 17 minutes and 8 seconds per segment, 16300 keys per second. zifi:~/crypto/ssl> file brutessl brutessl: ELF 32-bit LSB executable i386 (386 and up) Version 1 the perl code doesn't seem to work quite right for me though, giving errors when i try to use more than one option at a time, ie. Identifier "main::dkltrc4" used only once: possible typo. anyway, i'm not sure i'll be participating this time as i won't be around too much. ciao, - -pjf patrick finerty = zinc at zifi.genetics.utah.edu = pfinerty at nyx.cs.du.edu U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA! ** FINGER zinc-pgp at zifi.genetics.utah.edu for pgp public key - CRYPTO! zifi runs LINUX 1.2.11 -=-=-=WEB=-=-=-> http://zifi.genetics.utah.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDwSA03Qo/lG0AH5AQG1jQP/ec+MO0BTFGF53eWohIlCBxpdaXnCnFJe 9TvhbRPX7kjuVyVKcuT6KdHrZ/+qrsLAXCrlml5UuAemUmyAE4NeR3NrbJ7rgXWg g+UfzIC46799/MNu0XQeCZdip2aq+3VojakoPcd/VThW7BUKxdJeNyP/C8XhjxMg +tLRnuiVrjA= =xGxM -----END PGP SIGNATURE----- From dneal at usis.com Wed Aug 23 22:54:02 1995 From: dneal at usis.com (David Neal) Date: Wed, 23 Aug 95 22:54:02 PDT Subject: Brute SSL Challenge Message-ID: <199508240552.AAA00601@gnupln8.usis.com> Just skip this silly little message if you know enough to optimize the brutessl code. Didn't know of a better place to put this, so please no flames. Hopefully everyone on here is accomplished enough to know optimizing the brutessl code helps immensely. If not, well I used gcc -O6 -funroll-loops -fomit-frame-pointer -finline-functions -c search.c gcc -O6 -funroll-loops -fomit-frame-pointer -finline-functions -o brutessl \ brutessl.c search.o To go from 5,000 keys per second to 10,100 keys per second. From tcmay at got.net Wed Aug 23 23:00:26 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 23 Aug 95 23:00:26 PDT Subject: e$: The Book-Entry/Certificate Distinction Message-ID: At 4:10 AM 8/24/95, Alan Penny wrote: >The other night I heard that some of the rules for selling stock have >been changed to allow companies to sell stock directly to investors. >I have been thinking that this may have the potential to support an >interesting system. My company sold stock to me directly, through a Stock Participation Plan and an Incentive Stock Option Plan. >Imagine "Portfolio Accounts" with a debit-card like access method. I use a debit card which directly accesses my stock account. More on this in a moment. >Instead of paying for an item at a store with money or credit you use >your Portfolio-Account card and buy the item with shares/micro-shares >of stock. Stock brokers may offer this type of service in response the >competition of companies bypassing them. Stock brokers could setup >services that mediate between transactions calculating trades and values >"on-the-fly" (anonymity could be tricky to build into this system). This is where it breaks down. Stock prices are denominated in dollars (or the local currency, as applicable). And local purchases are denominated in dollars. Nobody pays "one microMicrosoft" for a loaf of bread. They pay $1. And Microsoft stock sells for $100, not 100 loaves of bread. >If the company you worked for paid you with stock instead of money this >would complete the loop. The IRS and other tax authorities have this one figured out: barter economies are not generally a way to avoid taxes. >This also has the interesting feature of avoiding all taxes. Until you >"cash out" your account you would not have to pay taxes, if you never >need cash out your account, you never need to pay taxes. I suspect that >our friendly governments would try to "correct" this "problem" in the >long run if they can. If you are paid in barter for some service, taxes are still owed, based on the estimated value of services rendered. By the way, a simpler example than all this talk of partial shares of companies is simply to talk about paying each other in gold, or oil, or any other commodities. Try to convince the IRS that taxes are not owed because one was paid in ounces of gold instead of dollars. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From inglem at adnetsol.com Wed Aug 23 23:29:09 1995 From: inglem at adnetsol.com (Mike Ingle) Date: Wed, 23 Aug 95 23:29:09 PDT Subject: Shared secrets, virtual corporations Message-ID: <199508240628.XAA00538@cryptical.adnetsol.com> < Collective holding of signer keys > There are protocols that allow a group of people to collectively hold a key. A message is passed down the line, each person in turn operating on it, and at the end it has been signed. In this way the board of directors can sign a message without any one person having the key. These protocols can probably be combined with a secret-sharing system, so that a message can be signed if a certain percentage of the key-share holders collaborate. This allows voting, with the object of the vote getting signed only if >50% vote for it. Taking a share away from someone is a bit of a problem. If someone needs to lose his voting privileges, you probably have to generate a new key and sign it with the old one, then revoke the old one. Mike From somogyi at digmedia.com Wed Aug 23 23:35:16 1995 From: somogyi at digmedia.com (Stephan Somogyi) Date: Wed, 23 Aug 95 23:35:16 PDT Subject: Subject: ANNOUNCE: 2nd SSL challenge - we need your compute! Message-ID: At 15:16 23.8.95, aba at dcs.exeter.ac.uk wrote: > Any platforms you would like to see pre-compiled binaries for, send them > along, the source code is available from the ftp, and http addresses > above. A MAC binary would be nice also. I have a working version of BruteSSL 1.02 (without SKSP client) for Power Macintosh. However, as I don't want to run the risk of violating ITAR, I'm still investigating ways of making it available. Suggestions are welcome. Stephan ________________________________________________________________________ Stephan Somogyi Wer bremst hat Angst Digital Media From Piete.Brooks at cl.cam.ac.uk Wed Aug 23 23:51:01 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Wed, 23 Aug 95 23:51:01 PDT Subject: Linux brutessl client In-Reply-To: Message-ID: <"swan.cl.cam.:164680:950824065040"@cl.cam.ac.uk> > the perl code doesn't seem to work quite right for me though, giving > errors when i try to use more than one option at a time, ie. > Identifier "main::dkltrc4" used only once: possible typo. Sorry about that .... I discovered that there was a problem with "require" under perl 5.001 (if one does a require on getopts.pl, the perl CRASHES with some flag combinations) so I inlined getopts.pl, and changed the comments, but left the first part of the sentance -- the "if you have no getopts" was omitted. SO: in brief do *NOT* add the "s" flag to the first line of brclient ! There are new versions of brloop and brclient which might cope better with problems with the transatlantic link -- you should use brc0.09 and brl0.03 > anyway, i'm not sure i'll be participating this time as i won't be around > too much. All the better -- your machine will have more cycles for CRACKing ! The purpose of SKSP is to make it work when you are not in ... There is a "how to" page referenced from http://www.brute.cl.cam.ac.uk/brute/ which includes some "fault finding" tips. If you have problems, look there first. If that doesn't help, email me, and I'll add any "common" problems to the "how to". From gjeffers at socketis.net Wed Aug 23 23:52:30 1995 From: gjeffers at socketis.net (Gary Jeffers) Date: Wed, 23 Aug 95 23:52:30 PDT Subject: Global Investing using Electronic Tools Message-ID: <199508240929.EAA26390@mail.socketis.net> The Business Week Guide to Global Investments using Electronic Tools. Dear Cypherpunks, While I was hunting around a Waldenbooks store, I found the above named book. Its by Robert Schwabach, published by Osborne McGraw-Hill. It retails at $39.95 and comes with 3 3 1/2" diskettes. I just glanced thru it. It may be of interest to some Cypherpunks. I don't know if it would be useful for PRIVATE foreign investing or not. Yours Truly, Gary Jeffers  From jamesd at echeque.com Thu Aug 24 00:00:30 1995 From: jamesd at echeque.com (James A. Donald) Date: Thu, 24 Aug 95 00:00:30 PDT Subject: (Fwd) 1995 Nanotechnology Conference Message-ID: <199508240700.AAA15310@blob.best.net> Crypto relevance -- slight. At 09:47 AM 8/23/95 -0700, Timothy C. May wrote: > Moore's Law is an observation of past behavior, not a law of > nature. Gordon thought the curve would "slow down" around > 1980 or so. It didn't, for various reasons. But many of us > expect it will. > > Consider that a new wafer fab capable of building these > "Moore's Law"devices has increased in price from about $50 > million a couple of decades ago to about $1.5 billion today. During the entire period that Moore's law has been in effect, we have used light to print the wafers. Now, with phase shifting masks in billion dollar fabs, we are reaching the absolute limits of light. If we go up to higher frequencies, we lose refraction, and phase shifting fails. Refractable light craps out at about .3 to .15 microns. Intel is currently at .35 microns. There will be a slight hiccup or a major hesitation in Moore's law as the fabs switch to a non optical printing process. Current contenders are: * Synchrotron radiation (twenty billion dollar fabs, or worse.) * ions (fab price jumps a few times higher than current fab price.) * electrons (no great escalation in fab price, but a radical drop in production rates) * flexible direct contact. (fab price goes way down, back to producing ICs in your garage.) The flexible direct contact method has enough horsepower to take us all the rest of the way down merge with biotech and to produce wires one atom thick -- assuming that people manage to get anything useful out of it at all. There have been very large investments in all of the above research projects, and so far non of them have worked as yet. (But they are all of them a hell of a lot closer to working than nanotech.) --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From stewarts at ix.netcom.com Thu Aug 24 00:05:28 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 24 Aug 95 00:05:28 PDT Subject: Random Hiss from Mac mike Message-ID: <199508240702.AAA24391@ix6.ix.netcom.com> At 07:09 PM 8/23/95 +0100, Andrew Spring wrote: >In the simplest case, where the microphone is not attached, the signal >consists of long runs of '0x80's alternating with '0x7f's. Now, I have no >problem transforming this into uniformly distributed RN's : just hash the >buffer with MD5. If you know that's what the signal looks like, you can improve it a lot by run-length encoding before doing the MD5, e.g. crunch the output down to a series of count1 value1 count2 value2 count3 value3 (if you stick to runs of 255, you can use 1 byte for each.) That gives you a much shorter input to the MD5, and a more realistic view of how much random data you have. (I suppose it may make it harder to do things like Fourier transforms on it...) #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From Piete.Brooks at cl.cam.ac.uk Thu Aug 24 00:06:01 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Thu, 24 Aug 95 00:06:01 PDT Subject: Brute SSL Challenge In-Reply-To: <199508240552.AAA00601@gnupln8.usis.com> Message-ID: <"swan.cl.cam.:169220:950824070545"@cl.cam.ac.uk> > Hopefully everyone on here is accomplished enough to know > optimizing the brutessl code helps immensely. If not, well I used > > gcc -O6 -funroll-loops -fomit-frame-pointer -finline-functions -c search.c > gcc -O6 -funroll-loops -fomit-frame-pointer -finline-functions -o brutessl \ > brutessl.c search.o > > To go from 5,000 keys per second to 10,100 keys per second. If people could send me timings for various compilers / flags I'll collate a table of speeds [see brutessl.h 1.02 for an example -- I tried using different sizes for the RC4 info and it appears that only ALPHAs really gain by using int] I recommend that you do not blindly use the above flags -- I just tried it on our fastest machines (SGIs) and it *REDUCED* the speed from 35200 to 28400. From aba at dcs.exeter.ac.uk Thu Aug 24 00:31:41 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 24 Aug 95 00:31:41 PDT Subject: Brute SSL Challenge Message-ID: <9157.9508240731@exe.dcs.exeter.ac.uk> > gcc -O6 -funroll-loops -fomit-frame-pointer -finline-functions -c search.c > gcc -O6 -funroll-loops -fomit-frame-pointer -finline-functions -o brutessl \ > brutessl.c search.o You wouldn't happen to have gcc under DOS would you? Or anyone else with djgcc for DOS? What would be really nice would be a 32 bit DOS executable, which is very hard to obtain with any PC software, and compiling it 16 bit suffers a huge performance hit. In search of a 32 bit DOS binary, Adam From zinc at zifi.genetics.utah.edu Thu Aug 24 00:54:28 1995 From: zinc at zifi.genetics.utah.edu (zinc) Date: Thu, 24 Aug 95 00:54:28 PDT Subject: Linux brutessl client In-Reply-To: <"swan.cl.cam.:164680:950824065040"@cl.cam.ac.uk> Message-ID: On Thu, 24 Aug 1995, Piete Brooks wrote: > Date: Thu, 24 Aug 1995 07:50:32 +0100 > From: Piete Brooks > To: zinc > Cc: Sam Quigley , cypherpunks at toad.com > Subject: Re: Linux brutessl client > > I discovered that there was a problem with "require" under perl 5.001 > (if one does a require on getopts.pl, the perl CRASHES with some flag > combinations) so I inlined getopts.pl, and changed the comments, but left > the first part of the sentance -- the "if you have no getopts" was omitted. > > SO: in brief do *NOT* add the "s" flag to the first line of brclient ! i just want to mention that i obtained the newest code from the web site, compiled and everything is working fine. i started brloop as a background process, hope that's ok... anyway, seems to be doing ok. i guess i'll know tomorrow when the cracking starts. i think i'll try to get things working on an SGI i have access to as well. -pjf patrick finerty = zinc at zifi.genetics.utah.edu = pfinerty at nyx.cs.du.edu U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA! ** FINGER zinc-pgp at zifi.genetics.utah.edu for pgp public key - CRYPTO! zifi runs LINUX 1.2.11 -=-=-=WEB=-=-=-> http://zifi.genetics.utah.edu From aba at dcs.exeter.ac.uk Thu Aug 24 00:55:28 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 24 Aug 95 00:55:28 PDT Subject: Subject: ANNOUNCE: 2nd SSL challenge - we need your compute! Message-ID: <9231.9508240754@exe.dcs.exeter.ac.uk> > I have a working version of BruteSSL 1.02 (without SKSP client) for > Power Macintosh. However, as I don't want to run the risk of > violating ITAR, I'm still investigating ways of making it > available. Suggestions are welcome. Just send it along... several people have been shipping various DOS binaries out of the US, with out the source. The presumption taken was that as long as they didn't ship search.c or assembly.c, there is no crypto source, and the binary could not be used to encrypt anything. (Also it's for SSL with 40 bit keys which is export approved anyway). You can ship a diff for brutessl.c (which contains no crypto code) if you want the mods to be mixed back in (please include some kind of #ifdef __MAC or whatever the standard _i_am_a_mac macro is). Or if that makes you uncomfortable, well we'll do with out the source. Reckon you'd be safe enough. Anyone think otherwise? Adam From zinc at zifi.genetics.utah.edu Thu Aug 24 01:13:09 1995 From: zinc at zifi.genetics.utah.edu (zinc) Date: Thu, 24 Aug 95 01:13:09 PDT Subject: Brute SSL Challenge In-Reply-To: <"swan.cl.cam.:169220:950824070545"@cl.cam.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 24 Aug 1995, Piete Brooks wrote: > Date: Thu, 24 Aug 1995 08:05:33 +0100 > From: Piete Brooks > To: David Neal > Cc: cypherpunks at toad.com > Subject: Re: Brute SSL Challenge > > > Hopefully everyone on here is accomplished enough to know > > optimizing the brutessl code helps immensely. If not, well I used > > > > gcc -O6 -funroll-loops -fomit-frame-pointer -finline-functions -c search.c > > gcc -O6 -funroll-loops -fomit-frame-pointer -finline-functions -o brutessl \ > > brutessl.c search.o > > > > To go from 5,000 keys per second to 10,100 keys per second. > > If people could send me timings for various compilers / flags I'll collate a > table of speeds [see brutessl.h 1.02 for an example -- I tried using different > sizes for the RC4 info and it appears that only ALPHAs really gain by using int] > > I recommend that you do not blindly use the above flags -- I just tried it on > our fastest machines (SGIs) and it *REDUCED* the speed from 35200 to 28400. this resulted in a fairly significant increase on my machine (486 DX4-100 running Linux 1.2.11) stats: w/o optimizations: 17 minutes and 45 seconds per segment, 15800 keys per second . w/ opts: 16 minutes and 56 seconds per segment, 16500 keys per second. - -pjf patrick finerty = zinc at zifi.genetics.utah.edu = pfinerty at nyx.cs.du.edu U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA! ** FINGER zinc-pgp at zifi.genetics.utah.edu for pgp public key - CRYPTO! zifi runs LINUX 1.2.11 -=-=-=WEB=-=-=-> http://zifi.genetics.utah.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDw0ZU3Qo/lG0AH5AQHuPAP/ZVR6Vec6vSj5uR5pgUiuFii1lEjT/6Xi exPlRugI8bR5ClRZbGf+55ARRF63UXUFj9yaX4gGSE86K3guy/1o09r06VqcgIgv i2QwhSE+kGfYNYhy7sm7u7pI+esSaa1OBOX0s2Gh9uz/TKUxJy+C/RJx3y3KKwQF 9UBkYocFEWY= =MiL5 -----END PGP SIGNATURE----- From cg at bofh.lake.de Thu Aug 24 04:54:28 1995 From: cg at bofh.lake.de (Cees de Groot) Date: Thu, 24 Aug 95 04:54:28 PDT Subject: Linux brutessl client In-Reply-To: <199508240448.VAA12304@quesnay.Berkeley.EDU> Message-ID: A non-text attachment was scrubbed... Name: not available Type: application/x-pgp-message Size: 26 bytes Desc: not available URL: From eay at mincom.oz.au Thu Aug 24 05:36:30 1995 From: eay at mincom.oz.au (Eric Young) Date: Thu, 24 Aug 95 05:36:30 PDT Subject: Crypto DLL's/SSLeay 0.4.5 Message-ID: Just in case people are interested, I've put the most recent version of my SSL (SSLeay) library up on ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/ The big differece with this realease is that it builds under Windows 3.1. The DLL's for the libraries are there as well as the ported demo programs. I've used Borland C 4.0 and the .IDE file plus source code are in the distribution. The DLL's contain routines for MD2, MD5, RC4, DES (every mode you could want :-), IDEA, RSA, SSL and all the X509 etc stuff that is part of life with SSL. The library even compiled under MSDOS :-). Since my code base will always be unix first, the code is not optimised for 16bit and probably never will be, but still, the algorithms work and the code is free for comercial and non-comercial use. The applications need work to make them nice under Windows, but hell, I'm only writing a library :-). On the PGPphone issue, I Personally I feel SSLphone would be a much better way of doing things. If some-one has a 'voice' over modem program already, they should be able to slip SSL into it in only a few days. For phone over modem, authentication is not really required and what exists in my library is everything required for the encryption side of things. those URL's again http://www.psy.uq.oz.au/~ftp/Crypto/ ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps eric -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups that the message contents :-) From perry at piermont.com Thu Aug 24 06:11:58 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 24 Aug 95 06:11:58 PDT Subject: Crypto DLL's/SSLeay 0.4.5 In-Reply-To: Message-ID: <199508241311.JAA13033@frankenstein.piermont.com> Eric Young writes: > On the PGPphone issue, I Personally I feel SSLphone would be a much > better way of doing things. Oh, yeah? No user certificates, no way to verify whats on the other end. No assurances that you aren't being tricked into using a weak algorithm because negotiation doesn't take place under cover of signature. Lots of little potential cracks. Thanks, but no thanks. This is not to slight your code. I'm slighting the protocol. If folks want to secure links, stick to clean protocols to do the key negotiation. I'm a fan of variants of STS myself, Photuris being a biggie. > For phone over modem, authentication is not really required And why is that? Perry From carolann at censored.org Thu Aug 24 06:38:39 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Thu, 24 Aug 95 06:38:39 PDT Subject: A good war cry is hard to find. Message-ID: <199508241338.GAA11347@mailhost.primenet.com> Brother, can you spare a CPU cycle? Give me your tired, your poor, your spare CPU cycles! I never met a spare CPU cycle I didn't like. Ladies & Gentlemen, start your spare CPU cycles! Love Always, Carol Anne -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From mfroomki at umiami.ir.miami.edu Thu Aug 24 06:45:13 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Thu, 24 Aug 95 06:45:13 PDT Subject: e$: The Book-Entry/Certificate Distinction In-Reply-To: <199508240410.AA14034@tyrell.net> Message-ID: On Wed, 23 Aug 1995, Alan Penny wrote: [snip]> > This also has the interesting feature of avoiding all taxes. Until you > "cash out" your account you would not have to pay taxes, if you never > need cash out your account, you never need to pay taxes. I suspect that > our friendly governments would try to "correct" this "problem" in the > long run if they can. > Nyet. Any time you barter A for B, even electronically, you have a taxable event. All you have done in the above is describe a system in which it is harder to detect the taxable event. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki From mnorton at cavern.uark.edu Thu Aug 24 07:01:53 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Thu, 24 Aug 95 07:01:53 PDT Subject: e$: The Book-Entry/Certificate Distinction In-Reply-To: Message-ID: Income tax, right--but may not this be correct about excise taxes? MacN On Thu, 24 Aug 1995, Michael Froomkin wrote: > On Wed, 23 Aug 1995, Alan Penny wrote: > [snip]> > > This also has the interesting feature of avoiding all taxes. Until you > > "cash out" your account you would not have to pay taxes, if you never > > need cash out your account, you never need to pay taxes. I suspect that > > our friendly governments would try to "correct" this "problem" in the > > long run if they can. > > > Nyet. Any time you barter A for B, even electronically, you have a > taxable event. All you have done in the above is describe a system in > which it is harder to detect the taxable event. > > A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) > Associate Professor of Law | mfroomki at umiami.ir.miami.edu > U. Miami School of Law | > P.O. Box 248087 | It's hot here. And humid. > Coral Gables, FL 33124 USA | > See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki > > From jya at pipeline.com Thu Aug 24 07:33:12 1995 From: jya at pipeline.com (John Young) Date: Thu, 24 Aug 95 07:33:12 PDT Subject: DYS_sys Message-ID: <199508241432.KAA09835@pipe2.nyc.pipeline.com> The New York Observer [NYC weekly], August 28, 1995. "Off The Grid: Non-Slaves of New York. 'Sovereign citizenship' isn't just for the power line-tapping, compound-dwelling white supremacists anymore. A guide to getting The System off your back, New York-style." They do not run around in military fatigues, they are not holed up in Central Park, and for the most part, they do not fall into the fringes of the extreme right or the extreme left. Yet here they are, in the center of the Center, going about their daily lives with nary an A.T.M. or credit card in their name, without a Social Security or voter registration card, without insurance or bank accounts and driving with licenses they themselves have rescinded. And one more thing: They do not pay any income taxes. What was made clear by Oklahoma City and Waco and Ruby Ridge, Idaho, and by Ross Perot and the Unabomber and most recently, Bill Bradley, is that dissatisfaction with "the system" is pervasive in this country. Living off the grid is the most personal way of expressing that discontent. But, says Sharon Biggs, who teaches a three-phase, 40 week course out of her Washington Heights home on how to successfully remove oneself from the system, "the complexion is no longer that of the wronged individual or visionary. It has moved into the mainstream -- people who suspect that there is something wrong." DYS_sys (17kb) From aba at dcs.exeter.ac.uk Thu Aug 24 07:44:17 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 24 Aug 95 07:44:17 PDT Subject: SSL CHALLENGE: 3 hours to go... Message-ID: <11274.9508241443@exe.dcs.exeter.ac.uk> The start time for the kick off on the race to crack Hal's 2nd challenge is fast approaching... 18:00 GMT That's only a little over 3 hours away. Please start your brloop clients if you have not already. Chuck in any net connected unix boxes, never mind how old or slow, they'll still help. Be ready with the WWW interface at 18:00 GMT if you don't have direct IP. The client runs the brute forcer at nice -20, so it shouldn't interfere with users. All code, and step by step instructions for setup on: http://www.brute.cl.cam.ac.uk/brute/ or ftp://ftp.brute.cl.cam.ac.uk/pub/brute/ Binaries available for DOS, Windows 95/NT, generic C code for unix & others. Please run the socket code if you can, it'll provide best utilisation, and least work for you. May the race being... The c$ prize fund has reached c$ 342.30, and the more compute you personally contribute the greater chance you have of winning it :-) Adam From fc at all.net Thu Aug 24 08:28:46 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Thu, 24 Aug 95 08:28:46 PDT Subject: Let Me Repeat, the Raids Must Be Stopped! A PROFOUND THREAT TO FREEDOM OF SPEECH ON THE INTERNET In-Reply-To: <199508231002.DAA03500@infinity.c2.org> Message-ID: <9508241527.AA06465@all.net> Begin RANT It seems to me that the cure to the scientology situation is to get TROs claiming that they have your copyrighted material and seize their computers for your examination and removal, file law suits in each of the venues against the CoS and each of the individuals (jointly and severally) in each venue, publishing all information on the servers containing it via anonymous remailers (from accounts gotten free via Compuserve, AOL, delphi, etc. and/or paid for with cash) to mailing lists all over the world, getting the entire contents placed on-line in a country that doesn't enforce copyright restrictions and get pointers to it from all over the web, send massive email to all church members (the list gleaned from their computers) giving them all the details of the internal church financial dealings, and on and on. end RANT -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From frissell at panix.com Thu Aug 24 08:44:09 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 24 Aug 95 08:44:09 PDT Subject: Subject: ANNOUNCE: 2nd SSL challenge - we need your compute! Message-ID: <199508241543.LAA07735@panix.com> At 03:16 PM 8/23/95 +0100, aba at atlas.ex.ac.uk wrote: >-----BEGIN PGP SIGNED MESSAGE----- > > >[a copy of final announce, start time 18:00 GMT, tomorrow (Thu), as >posted to a list of USENET groups] Is that really 1800 GMT or 1800 BST? 1400 or 1300 hrs EDT? I'm ready to hurl my 7800 keys/sec 486/66 into the fray. I should be able to do about 24 segments over 12 hours tonight using brutessl.exe 1.02 for DOS. Maybe I should have been in line at Midnight to get WIN/95 so I could run it automatically. The 32-bit Windows version does *not* work with my old Windows 3.11 even with the latest Microsoft 32-bit add in. DCF "No Ossifer, I'm not smoking. I'm burning this tobacco in protest against the fascistic policies of the Food and Drug Administration." From hallam at w3.org Thu Aug 24 08:51:03 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 24 Aug 95 08:51:03 PDT Subject: Let Me Repeat, the Raids Must Be Stopped! A PROFOUND THREAT TO FREEDOM OF SPEECH ON THE INTERNET In-Reply-To: <9508241527.AA06465@all.net> Message-ID: <9508241549.AA23185@zorch.w3.org> I think its simpler than that, a judge simply needs to look at the facts of the case, declare the warrants to be void, order the property returned and require payment of the 4.7 Million to Wollerstein before the courts will consider the matter further. The problem seems to be that the US courts don't have the balls to deal with this type of behaviour. From danisch at ira.uka.de Thu Aug 24 08:52:11 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Thu, 24 Aug 95 08:52:11 PDT Subject: The sorry state of non-US crypto Message-ID: <9508241550.AA01200@elysion.iaks.ira.uka.de> There are also some links on http://iaks-www.ira.uka.de/subjects/crypto.html to ftp-servers with cryptographic stuff outside USA/Canada. The page contains several crypto-related links and is written in german language, but the ftp links at the end of the page are language-independent. Hadmut From aba at dcs.exeter.ac.uk Thu Aug 24 08:56:32 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 24 Aug 95 08:56:32 PDT Subject: Subject: ANNOUNCE: 2nd SSL challenge - we need your compute! In-Reply-To: <199508241543.LAA07735@panix.com> Message-ID: <11763.9508241555@exe.dcs.exeter.ac.uk> Duncan Frissell writes on cpunks: > Is that really 1800 GMT or 1800 BST? 1400 or 1300 hrs EDT? Yep really 18:00 GMT, ie slightly over 2 hours from now approx. > I'm ready to hurl my 7800 keys/sec 486/66 into the fray. I should be able > to do about 24 segments over 12 hours tonight using brutessl.exe 1.02 for > DOS. Maybe I should have been in line at Midnight to get WIN/95 so I could > run it automatically. > > The 32-bit Windows version does *not* work with my old Windows 3.11 even > with the latest Microsoft 32-bit add in. Yep, getting a decent 32 bit app for windows / DOS seems to be a problem alright. Pity as the 32 bit app runs appreciably faster. I made a plea for a DJGCC (DOS port of GNU cc) compiled binary, that would run under bog standard DOS, and with full 32 bit, if we can find anyone with the software to do it. Any takers? The prize fund has grown to c$ 372.30. Ready, steady, go! Adam From monty.harder at famend.com Thu Aug 24 09:11:37 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Thu, 24 Aug 95 09:11:37 PDT Subject: True Names and Webs of Trust Message-ID: <8AFC259.0003000363.uuout@famend.com> BW> Be that as it may, I still think that Zimmermann assumed that BW> key<->real-life-identity mappings would be the primary purpose for the Web BW> of Trust when he wrote "pgpdoc1.txt". And I think he was wrong about that. BW> It is not "arrogant" or "offensive" to say that someone was wrong when you BW> believe that to be the case. Actually, this is what qualifies as a "wicked problem". Until pgp 1.0 came along, there was no way to know how people would =actually= use a public-key system. (Sure, there were lots of theories, and a few academic experiments, but those don't count as RL.) Phil tried to anticipate the kinds of errors that would be made by people unaccustomed to thinking in terms of attacks and threat models. Face it, the average.net.person is not into game theory. Phil was under severe time pressure to get a workable public key system out the door before the government slammed it shut in his face. Now that we have had an opportunity to observe people using the system, we can identify nuances that could never have been debugged on the test bench. We can explain to people the various paradigms for viewing keys, and the importance of being able to trust the "identity" of an anon.id, which seems oxymoronic on the face of it. Some kind of explanation by analogy seems in order: We all know of movie stars who changed their names for Show Biz, or authors who wrote under pseudonyms. Take Mark Twain for example. A person who had read a Twain book, or had friends (his own WOT) tell him how good/bad Twain books were, would develop his opinion of the man's work. His ultimate decision to (not) buy a particular Twain book has nothing to do with the True Name of Mr. Clemens. Where it =does= come into play is in the realm of law. Had Twain libelled a person, the means to identify the Man behind the Mask would be integral to executing the judgement of the court. And even then, if there were sufficient continuing royalties that could be attatched to satisfy the judgement, it would only be necessary to know the True Name of the publisher. So we must be very careful of what it is that we are certifying when we sign something. This is what needs to be addressed in future versions of PGP. * Free the Wisner Five! * Free the Wisner Five! * Free the Wisner Five! --- * Monster at FAmend.Com * From sjb at austin.ibm.com Thu Aug 24 09:21:07 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Thu, 24 Aug 95 09:21:07 PDT Subject: Spooks and Hackers, etc. In-Reply-To: Message-ID: <9508241620.AA13830@ozymandias.austin.ibm.com> Brad Dolan writes >"We need to see that police are surfing the Internet just as other people >are," Doyle said. "This is a good example of where the law is slower than >technology." Duh! Isn't the law *supposed* to be slower than technology? It would take a *complete* idiot to try to make a law about, say, intelligent programs or uploads or whatever. It's when law wants to be *faster* than technology that we get stupidity like the CDA. From jk at digit.ee Thu Aug 24 09:54:41 1995 From: jk at digit.ee (Jyri Kaljundi) Date: Thu, 24 Aug 95 09:54:41 PDT Subject: brloop not working Message-ID: I just dont seem to get brloop working. It says: Command failed -- brutessl missing ? what seems to be wrong is that it tries to execute command: brutessl - although brutessl does not have a command line option '-'. Why is the '-' there after brutessl ? o tel: +372 6308994 o> Message-ID: <9508241716.AA16094@veronica.EBT.COM> From: Nathan Loofbourrow Date: Wed, 23 Aug 1995 12:35:39 -0400 I have yet to see a date, but Digicash states several times in their press releases that Cyberbucks are only a trial currency, and that at some point in the future the trial will come to an end. Will the bottom drop out of the c$ market at that point? Will there be a collectors market for c$? Does Chaumian cash work as collectable antiques? What is the difference in value of a "real" signed Mickey Mantle baseball card vs. one mechanically imprinted? Will "original" digical cash have the cachet normally associated with obsolescent objects consisting primarily of protons and neutrons? How much will the "provenance" of my e-cash be worth? I am assuming that the provenance of e-cash will be the same credentials which made it unforgable in the first place; presumably a (hobbyist?) organization will maintain the books determining authenticity, with an obvious self-interest to keep it afloat. So what happens if a collectors market for antique e-cash springs up? Or is this even conceptually possible? Or is is possible only if enough people to make a market believe it is possible? Will Digicash open their books or transfer them to the Smithsonian (or the computer museum) or something? Is there a market value for the obsolete c$ database? I wouldn't think so, but... -- david taffs From patrick at Verity.COM Thu Aug 24 10:15:52 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 24 Aug 95 10:15:52 PDT Subject: Linux brutessl client Message-ID: <9508241712.AA15565@cantina.verity.com> > I've been able to compile a working brutessl 1.02 cllient under linux > and gcc 2.7.0, but I get abysmal search speeds. > > My system is a pentium 60, which, according to the docs, ought to have > a speed of something over 14100 kps (that's what a 486dx2/66 with no > rotate left macro gets). > > brutessl -t reports that my system can do 11200 keys per second. I only get 5900 keys/second on a SPARCstation 5:) Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From hallam at w3.org Thu Aug 24 10:20:17 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 24 Aug 95 10:20:17 PDT Subject: Spooks and Hackers, etc. In-Reply-To: <9508241620.AA13830@ozymandias.austin.ibm.com> Message-ID: <9508241718.AA23321@zorch.w3.org> >Brad Dolan writes >>"We need to see that police are surfing the Internet just as other people >>are," Doyle said. "This is a good example of where the law is slower than >>technology." >Duh! Isn't the law *supposed* to be slower than technology? It would >take a *complete* idiot to try to make a law about, say, intelligent >programs or uploads or whatever. It's when law wants to be *faster* >than technology that we get stupidity like the CDA. I'm somewhat suprised that a police force would be talking in these terms, in the UK the police have been looking at USEnet et al for over a decade. I don't think the CDA has anything to do with the law keeping up, its the opposite. Its about cynical and unscrupulous politicians using public ignorance to portray themselves as the saviours of society. First create a straw man then fight it. All the net is doing is exposing the weakness of the press. Events like the cyberporn scandal simply illustrate the normal modus-operandi, they are not abberations caused by `poor journalism'. It is worth reading Chomsky's analysis of the press. If one excludes the anti-establishment attacks the underlying thesis is consistent with observation. The established press is not pro-active but reactive, it does not seek to inform but to entertain. Facts are checked for acceptability and plausibility rather than for accurracy. It is here that the most potent effects of the Web will be found. There is now an international normative infrastructure. It is much harder for a political system to sustain a stocoma. Consider, Lybia is accussed of involvement in the Pan Am/Lockerbie bombing, despite the fact that the evidence is tenuous and that the US was until recently accusing Syria of having authored the crime there is a call for international sactions. On the other hand it is the tenth aniversary of the sinking of the Rainbow Warrior and the murder of one of its crew by the French Secret service. Far from appologising for this crime and imprisoning those responsible France has even decorated one of the murderers. Consider also the insistence on the Japanese appologising for World War II despite the lack of an equivalent appology by the British for their imperial conquests or the US for their attack on Vietnam. Exposing the international nature of attrocity weakens its power to coerce a population into externalising conflict. It is scarcely controvertial that were the true facts of the Iraqui invasion of Kewait to be generally known the Iraqui population would have considerably less support for Saddam. International communication will weaken nationalist ties and isolationism. It will no longer be possible to present issues in the same moral famework, ie a frameworkin which "right" is automatically equated with self-interest. Phill H-B From Piete.Brooks at cl.cam.ac.uk Thu Aug 24 10:28:40 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Thu, 24 Aug 95 10:28:40 PDT Subject: brloop not working In-Reply-To: Message-ID: <"swan.cl.cam.:150900:950824172806"@cl.cam.ac.uk> > I just dont seem to get brloop working. The server is being HAMMERED again .... There appears to be a failure mode whereby when busy, clients call up, say "HELO", then "QUIT" :-(( This adds to the hammering :-(( > It says: > Command failed -- brutessl missing ? > what seems to be wrong is that it tries to execute command: > brutessl - The code expects brclient to return one line which is the comamnd line flags for brutessl, followed by the config data. As brclient is failing, brutessl is being called without the expected args :-( > although brutessl does not have a command line option '-'. Why is the '-' > there after brutessl ? The first arg of brutessl is the file from which to read the config info. "-" is a unix convention for the file "stdin". SO: go grab brclient 0.12 which has a more efficient "-L" flag. go read http://www.brute.cl.cam.ac.uk/brute/how2run.html in particular, create .brloop.rc containing tailored=true checkcmds=false BRNAME="Jyri Kaljundi" BRID="jk at digit.ee" which will stop it checking the commands, set the ID, etc ... [[ NB: Other users should change BRNAME and BRID !! ]] From pjm at ionia.engr.sgi.com Thu Aug 24 10:28:42 1995 From: pjm at ionia.engr.sgi.com (Patrick May) Date: Thu, 24 Aug 95 10:28:42 PDT Subject: brloop not working In-Reply-To: Message-ID: <199508241726.KAA15369@ionia.engr.sgi.com> -----BEGIN PGP SIGNED MESSAGE----- Jyri Kaljundi writes: > I just dont seem to get brloop working. It says: > > Command failed -- brutessl missing ? > > what seems to be wrong is that it tries to execute command: > > brutessl - > > although brutessl does not have a command line option '-'. Why is the '-'= > =20 > there after brutessl ? I get something similar: ionia:/usr/people/pjm/src/ssl> brloop +++ Command failed -- brutessl missing ? Scalar found where operator expected at (eval 12) line 3, near "*($p" (Missing operator before $p?) +++ FAILED on attempt 1 usage: brutessl [-q] brutessl [-q] -r [] brutessl [-q] -t [[:]] I'll just use the Web keyspace server if I don't get the time to hack around with it. pjm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDy2P+5Yg08fDKehAQHXvwQAtaV8M5cjrPQKQIRNk0W7u9pcMkacCTL9 74K0V21JwOlUwNkBpjJZi9RFsq0LCKh0GG2ETf9LsL9aDeNFiWZvSukYGZj4L324 J2MrcmhWbqwkoYO/Ij9+bGcKqWr9fSEvXFSMQIAGM3FghZv0jyU8T8PlovXU8hjv G64TqxKhmuw= =To2P -----END PGP SIGNATURE----- From sean at escape.ca Thu Aug 24 10:40:33 1995 From: sean at escape.ca (Sean A. Walberg) Date: Thu, 24 Aug 95 10:40:33 PDT Subject: Linux brutessl client In-Reply-To: <9508241712.AA15565@cantina.verity.com> Message-ID: On Thu, 24 Aug 1995, Patrick Horgan wrote: > I only get 5900 keys/second on a SPARCstation 5:) My SPARC 5 does 9600 :( However, I have to run it on a 386DX 33 that only gets 1400 :{ Sean o-------------------o----------------------o-----------------------o | Sean Walberg, | Tech Support | Pas_al, _obol, BASI_, | | sean at escape.ca | escape communication | PostS_ript, T_L... | | Mail for PGP key | 925-4290 | C fills all the holes | o----------------] http://www.escape.ca/~sean [--------------------o From merriman at arn.net Thu Aug 24 10:58:45 1995 From: merriman at arn.net (David K. Merriman) Date: Thu, 24 Aug 95 10:58:45 PDT Subject: brutessl client Message-ID: <199508241809.NAA06774@arnet.arn.net> Well, my 386SX-33 (w/FPU) is doing about 1000/sec, my Compaq Deskpro386/20e (w/fpu) is doing 1000/s, and my 486DX2-80 is doing 8100/s. The two 386 machines will be working on it full time, the 486 will be time-slicing with 'real work'. Now all I need is some keyspace :-) Dave Merriman This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From loofbour at cis.ohio-state.edu Thu Aug 24 11:04:39 1995 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Thu, 24 Aug 95 11:04:39 PDT Subject: The End of the Ecash Trial? In-Reply-To: <199508231635.MAA07961@mummy.cis.ohio-state.edu> Message-ID: <199508241803.OAA25715@brain.cis.ohio-state.edu> David Taffs writes: > Will there be a collectors market for c$? Does Chaumian cash work > as collectable antiques? Not if no authority exists to certify that your coins are unspent. Otherwise, I can just keep trading my coins back and forth to Digicash and saving copies of the used ones. nathan From jthomas at access.digex.net Thu Aug 24 11:56:46 1995 From: jthomas at access.digex.net (Joe Thomas) Date: Thu, 24 Aug 95 11:56:46 PDT Subject: SSL CHALLENGE: Can't search with Win32 client! In-Reply-To: <11274.9508241443@exe.dcs.exeter.ac.uk> Message-ID: I've got some keyspace, from various projects and test projects on the server, but no matter what key range I select, I can't get the Search button to be active (not greyed out). Anybody else getting this? Joe From gt7508b at prism.gatech.edu Thu Aug 24 12:22:50 1995 From: gt7508b at prism.gatech.edu (PHrEaK!) Date: Thu, 24 Aug 95 12:22:50 PDT Subject: PGPfone Release is coming soon! (fwd) Message-ID: <199508241922.PAA20604@acmex.gatech.edu> > As you may have seen, the news media has picked up on the upcoming > PGPfone release. This note is to let you know that we at MIT are working > with Phil Zimmermann and the PGPfone team to distribute PGPfone from > MIT. We expect to have a *BETA* test version (Macintosh Only) of PGPfone > available shortly. Is there a unix version planned??? -- =-=-=-=-=-=-= Tom Cross AKA The White Ninja / Decius 6i5 */^\* -=-=-=-=-=-=-=- -=-=-=-=-=- TWN615 at mindvox.phantom.com GT7508B at prism.gatech.edu =-=-=-=-=-=-= =- "Government is not a reason, not an eloquence; it is a force. Like fire, =- -=- it is a dangerous servant and a fearful master." -- George Washington -=-= From cwe at Csli.Stanford.EDU Thu Aug 24 12:33:51 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Thu, 24 Aug 95 12:33:51 PDT Subject: Matt Blaze's paper on Clipper... Message-ID: <199508241933.MAA21565@Csli.Stanford.EDU> Hi! I don't seem to be able to locate it, but I had it earlier on. Do anyone know where it is? I'm talking to a reporter about the EPIC alert, and wants to show him Matt's attack. /Christian W From blane at eskimo.com Thu Aug 24 12:36:21 1995 From: blane at eskimo.com (Brian Lane) Date: Thu, 24 Aug 95 12:36:21 PDT Subject: Brute SSL Challenge In-Reply-To: <9157.9508240731@exe.dcs.exeter.ac.uk> Message-ID: On Thu, 24 Aug 1995 aba at atlas.ex.ac.uk wrote: > You wouldn't happen to have gcc under DOS would you? > > Or anyone else with djgcc for DOS? > > What would be really nice would be a 32 bit DOS executable, which is > very hard to obtain with any PC software, and compiling it 16 bit > suffers a huge performance hit. > > In search of a 32 bit DOS binary, In the same vein, a 32 bit OS2 version would be nice. I'm not sure how brutessl works exactly, but if it could connect to the server, get its key assignments, and then chug away while disconnected from the net I could see what kind of speed I get out of my 40MHz 486. Brian From trei at process.com Thu Aug 24 12:38:06 1995 From: trei at process.com (Peter Trei) Date: Thu, 24 Aug 95 12:38:06 PDT Subject: SSL CHALLENGE: Can't search with Win32 client! Message-ID: <9508241937.AA10860@toad.com> > I've got some keyspace, from various projects and test projects on the > server, but no matter what key range I select, I can't get the Search > button to be active (not greyed out). > Anybody else getting this? > Joe I did. If you look at 'properties' you'll probably find the data needs updating. click up 'update' to do this. It now seems to be working form me. Now if only I could get the 'search status' window to tell me something... Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From aba at dcs.exeter.ac.uk Thu Aug 24 12:58:49 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 24 Aug 95 12:58:49 PDT Subject: Brute SSL Challenge In-Reply-To: Message-ID: <13157.9508241956@exe.dcs.exeter.ac.uk> > In the same vein, a 32 bit OS2 version would be nice. There a 32 bit OS2 app which TJ Hardin compiled, it's on the ftp and web site. It was compiled with the OS2 version of gcc. > I'm not sure how brutessl works exactly, but if it could connect to the > server, get its key assignments, and then chug away while disconnected > from the net I could see what kind of speed I get out of my 40MHz 486. A the moment, there is no C code version of the client, it's perl only, and I suspect would not work under OS/2 even with the perl for OS2 even without a fair bit of work. You could, however, use the WWW key doler, there's a place where you can request keyspace. Adam From duncan at hasp.com Thu Aug 24 13:00:00 1995 From: duncan at hasp.com (Duncan J Watson) Date: Thu, 24 Aug 95 13:00:00 PDT Subject: SSL CHALLENGE: Can't search with Win32 client! In-Reply-To: <9508241937.AA10860@toad.com> Message-ID: <9508241604.ZM99@titan.hasp.com> The process seems to be from our admittedly thick-fingered experimentation to be as follows: 1) start the client 2) insert the server in the server edit box "sksp.brute.cl.cam.ac.uk" 3) put 19957 in the port edit box 4) push the update button. 5) Select Hal Finney's SSL 2nd Challenge from the drop box 6) Push the update button again 7) request a small number of key segments (1-10) 8) Select the returned keys and then push the Search button 9) Fill out the dialog box and let the search proceed. At this point your computer is checking keys. To view the progress Select options from the menu the select view searches... You will see the progress in a seperate dialog box. This is my understanding. YMMV djw On Aug 24, 3:40pm, Peter Trei wrote: > Subject: Re: SSL CHALLENGE: Can't search with Win32 client! > > > I've got some keyspace, from various projects and test projects on the > > server, but no matter what key range I select, I can't get the Search > > button to be active (not greyed out). > > > Anybody else getting this? > > > Joe > > I did. If you look at 'properties' you'll probably find the data needs > updating. click up 'update' to do this. It now seems to be working form > me. > > Now if only I could get the 'search status' window to tell me something... > > > > Peter Trei -- Duncan J Watson Email:Duncan at hasp.com Tech Support Manager/Sys Admin Ph#: +1 212 564 5678 Aladdin Software Security Inc Fax#: +1 212 564 3377 :::finger Duncan at hasp.com for PGP key::: http://www.hasp.com/ From dccotey at zonev.uccs.edu Thu Aug 24 13:04:38 1995 From: dccotey at zonev.uccs.edu (Daniel C. Cotey) Date: Thu, 24 Aug 95 13:04:38 PDT Subject: WinNT or Linux for SSL challenge ? Message-ID: I have a pentium 90 that will be set up to dual boot WinNT 3.5 server and linux 1.2.8, is one of them significantly faster ? --- --- Daniel Cotey dccotey at serf.uccs.edu dccotey at ecepc44.uccs.edu From jered at MIT.EDU Thu Aug 24 13:05:36 1995 From: jered at MIT.EDU (jered at MIT.EDU) Date: Thu, 24 Aug 95 13:05:36 PDT Subject: SSL CHALLENGE: 0.11 borken? Message-ID: <199508242005.QAA03863@narn.atype.com> I had several machines running brloop 0.03 and brclient 0.11, and none of them appeared to be sending ACKs back to the server. Is this a known problem? It might account for the large number of unACKed keyspaces. brloop 0.04 and brclient 0.12 seem to work well, however. --Jered jered at mit.edu From droelke at spirit.aud.alcatel.com Thu Aug 24 13:08:11 1995 From: droelke at spirit.aud.alcatel.com (Daniel R. Oelke) Date: Thu, 24 Aug 95 13:08:11 PDT Subject: SSLbrute progress. Message-ID: <9508242007.AA19900@spirit.aud.alcatel.com> Date: Thu Aug 24 20:02:47 GMT 1995 Two hours into it, and the key numbers that brclient is returning show about 5% allocated already.... That brings this to closure in around 24 hours - 12hours for 1/2 the space. Although - I also just checked the status, and it doesn't seem to be up to date with the keys I am getting, and it doesn't show any that it does have under my name as being acked. This could be just a delay thing I guess, but it could also be that I just updated brloop and brclient to the latest versions. Has anyone else thought of putting Damien's slave code that checks for idle tty's, etc into brutessl? Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX http://spirit.aud.alcatel.com:8081/~droelke/ From jered at MIT.EDU Thu Aug 24 13:32:08 1995 From: jered at MIT.EDU (jered at MIT.EDU) Date: Thu, 24 Aug 95 13:32:08 PDT Subject: BruteSSL: WTF? 0c2b-cf7a NOACK 0c2b 50000 Joe Thomas Message-ID: <199508242031.QAA04083@narn.atype.com> It appears that Joe Thomas has more or less locked (until things start getting reassigned) most of the keyspace. Even if he had a MasPar, it would still take him more than 2 days to check this space. Does anyone know what the deal with this is? A simple error? A malicious attack? (I think that the SKSP is far to insecure to be effective....I could falsely ACK parts of the keyspace if I wanted to be mean.) An NSA agent who will check that keyspace and return the results in the next hour? --Jered jered at mit.edu From Piete.Brooks at cl.cam.ac.uk Thu Aug 24 13:41:18 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Thu, 24 Aug 95 13:41:18 PDT Subject: SSL CHALLENGE: 0.11 borken? In-Reply-To: <199508242005.QAA03863@narn.atype.com> Message-ID: <"swan.cl.cam.:219400:950824204042"@cl.cam.ac.uk> > I had several machines running brloop 0.03 and brclient 0.11, and > none of them appeared to be sending ACKs back to the server. The probability of getting an ACK back is indeed small :-(( > Is this a known problem? yes -- this is why all the WWW pages and my messages to cypherpunks say "please get the latest code" ... > It might account for the large number of unACKed keyspaces. I fear so :-(( > brloop 0.04 and brclient 0.12 seem to work well, however. Whew ! brclient 0.13 is now out to try to track down the problem which is causing the comgestion ... It seems that old brloop's keep calling the server, and sending HELO, COMM and then QUIT (Greet, Introduce, Part) i.e. not actually do anything :-( [ Some only manage "HELO" or "HELO COMM" ] These systems are hammering the server, and I suspect are the cause of the congestion. I have added more logging to brclient 0.13, and it has caused the problem to disappear ... From trei at process.com Thu Aug 24 13:51:45 1995 From: trei at process.com (Peter Trei) Date: Thu, 24 Aug 95 13:51:45 PDT Subject: SSL CHALLENGE: ALERT! probable misallocation of keys? Message-ID: <9508242051.AA13777@toad.com> I've been looking at the allocated list of keys, and I notice a possible problem: One user has allocated 50,000 segements: 0c2b-cf7a NOACK 0c2b 50000 Joe Thomas Now, it's possible this fellow has some vast farm of high-speed workstations, but I doubt it. Finger suggests that this is a linux box. My suspicion - and let me apologize in advance if I'm wrong - is that Mr. Thomas thinks he's allocated himself 50,000 keys, whereas he's actually got 838,860,800,000. Mr Thomas, if you're listening, PLEASE tell us what's going on. You've reserved 3/4 of the keyspace, and you're going to screw up the search unless you have an NSA-sized data center. I suggest we assume this is an error, and remove the block from the reserved list so that it can be re-allocated. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From aba at dcs.exeter.ac.uk Thu Aug 24 14:06:52 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 24 Aug 95 14:06:52 PDT Subject: BruteSSL: WTF? 0c2b-cf7a NOACK 0c2b 50000 Joe Thomas Message-ID: <13509.9508242106@exe.dcs.exeter.ac.uk> > It appears that Joe Thomas has more or less locked > (until things start getting reassigned) most of the keyspace. Even > if he had a MasPar, it would still take him more than 2 days to > check this space. Presumably it's just an error, never attribute to malice what can be explained by simple error (as the saying goes). > Does anyone know what the deal with this is? A simple error? A > malicious attack? (I think that the SKSP is far to insecure to be > effective....I could falsely ACK parts of the keyspace if I wanted > to be mean.) You could falsely ACK keyspace, but it's designed so that it would be hard to do this by accident, one of the nos is a checksum, which is trivial to calculate (for a malicious user who cared to read the source), but 1/65536 of getting it right by accident. It'll sort itself out tho', because the way Piete Brooks has written it, when keyspace reaches FFFF, it starts re-assigning the ones which aren't acked yet, so the 50000 keys will start getting assigned again. Adam From jthomas at ogi.com Thu Aug 24 14:09:31 1995 From: jthomas at ogi.com (Joe Thomas) Date: Thu, 24 Aug 95 14:09:31 PDT Subject: Keys for ssl search Message-ID: >0c2b-cf7a NOACK 0c2b 50000 Joe Thomas > >You have allocated over 3/4 of the total search space. >I think that you accidently "bit off more than you can chew" >The count is 2^24 keys per keyspace. > >Please return the extra keys and select a reasonable number (like 1 or 2) >unless you have a superfast cluster of Crays. (Noted by several others, too) Sorry about this! The Windows NT client asked "how many keys" I wanted to check, not how many key segments. 50,000 sounded like a few seconds' work on my P120. I've attempted to return the keys using the "reject" button (again on the Win32 client), but I don't think it took. If anyone can tell me what the quickest way to return these keys is, I'd really appreciate it. Sorry, all, Joe Thomas From tedwards at src.umd.edu Thu Aug 24 14:11:45 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Thu, 24 Aug 95 14:11:45 PDT Subject: SSL CHALLENGE: 0.11 borken? In-Reply-To: <"swan.cl.cam.:219400:950824204042"@cl.cam.ac.uk> Message-ID: Just downloaded the newest stuff and got: usage: brutessl [-q] brutessl [-q] -r [] brutessl [-q] -t [[:]] usage: brutessl [-q] brutessl [-q] -r [] brutessl [-q] -t [[:]] usage: brutessl [-q] brutessl [-q] -r [] brutessl [-q] -t [[:]] usage: brutessl [-q] brutessl [-q] -r [] brutessl [-q] -t [[:]] usage: brutessl [-q] brutessl [-q] -r [] brutessl [-q] -t [[:]] Server not responding: Timed out What do you make of that? (I'm running Linux) -Thomas From harry at starbase.sj.unisys.com Thu Aug 24 14:13:59 1995 From: harry at starbase.sj.unisys.com (harry at starbase.sj.unisys.com) Date: Thu, 24 Aug 1995 14:13:59 -0700 (PDT) Subject: EPIC states FBI files concluded that Clipper must be mandatory (fwd) Message-ID: <14a48a4c397df5b0c3596bf2e659c3c3@NO-ID-FOUND.mhonarc.org> Forwarded-by: bostic at bsdi.com (Keith Bostic) Forwarded-by: Wendell Craig Baker FOR RELEASE: August 16, 1995, 2:00 p.m. EST CONTACT: David Sobel (202) 544-9240 FBI FILES: CLIPPER MUST BE MANDATORY WASHINGTON, DC - Newly-released government documents show that key federal agencies concluded more than two years ago that the "Clipper Chip" encryption initiative will only succeed if alternative security techniques are outlawed. The Electronic Privacy Information Center (EPIC) obtained the documents from the Federal Bureau of Investigation under the Freedom of Information Act. EPIC, a non-profit research group, received hundreds of pages of material from FBI files concerning Clipper and cryptography. The conclusions contained in the documents appear to conflict with frequent Administration claims that use of Clipper technology will remain "voluntary." Critics of the government's initiative, including EPIC, have long maintained that the Clipper "key-escrow encryption" technique would only serve its stated purpose if made mandatory. According to the FBI documents, that view is shared by the Bureau, the National Security Agency (NSA) and the Department of Justice (DOJ). In a "briefing document" titled "Encryption: The Threat, Applications and Potential Solutions," and sent to the National Security Council in February 1993, the FBI, NSA and DOJ concluded that: Technical solutions, such as they are, will only work if they are incorporated into *all* encryption products. To ensure that this occurs, legislation mandating the use of Government-approved encryption products or adherence to Government encryption criteria is required. Likewise, an undated FBI report titled "Impact of Emerging Telecommunications Technologies on Law Enforcement" observes that "[a]lthough the export of encryption products by the United States is controlled, domestic use is not regulated." The report concludes that "a national policy embodied in legislation is needed." Such a policy, according to the FBI, must ensure "real- time decryption by law enforcement" and "prohibit[] cryptography that cannot meet the Government standard." The FBI conclusions stand in stark contrast to public assurances that the government does not intend to prohibit the use of non-escrowed encryption. Testifying before a Senate Judiciary Subcommittee on May 3, 1994, Assistant Attorney General Jo Ann Harris asserted that: As the Administration has made clear on a number of occasions, the key-escrow encryption initiative is a voluntary one; we have absolutely no intention of mandating private use of a particular kind of cryptography, nor of criminalizing the private use of certain kinds of cryptography. According to EPIC Legal Counsel David Sobel, the newly- disclosed information "demonstrates that the architects of the Clipper program -- NSA and the FBI -- have always recognized that key-escrow must eventually be mandated. As privacy advocates and industry have always said, Clipper does nothing for law enforcement unless the alternatives are outlawed." Scanned images of several key documents are available via the World Wide Web at the EPIC Home Page: http://www.epic.org/crypto/ban/fbi_dox/ -30- _________________________________________________________________________ Subject: FBI Files on Clipper Released _________________________________________________________________________ David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://epic.org Washington, DC 20003 * ftp/gopher/wais cpsr.org From aba at dcs.exeter.ac.uk Thu Aug 24 14:14:54 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 24 Aug 95 14:14:54 PDT Subject: SSL CHALLENGE: ALERT! probable misallocation of keys? Message-ID: <13538.9508242114@exe.dcs.exeter.ac.uk> Peter Trei writes on cpunks: > My suspicion - and let me apologize in advance if I'm wrong - is > that Mr. Thomas thinks he's allocated himself 50,000 keys, whereas > he's actually got 838,860,800,000. A quite plausible theory, hadn't thought of that. > You've reserved 3/4 of the keyspace, and you're going to screw up the > search unless you have an NSA-sized data center. > > I suggest we assume this is an error, and remove the block from the > reserved list so that it can be re-allocated. Piete's server is more reslient than that! What happens is that when it reaches FFFF, it'll start doling out yet unacked keys on the assumption that they were mistakes, or that they were slow machines, or WWW doled ones which the user forgot to ack. This is better for speed reasons also, as it means everybody gets something to do right up to the end, there'll be a mad scrabble at the end where multiple people are working on the same keyspace, as it wraps around the remaining unacked bits of key, but the 1st person to ack gets credited for it, and that way it gets done as quickly as possible. Adam From jthomas at ogi.com Thu Aug 24 14:15:11 1995 From: jthomas at ogi.com (Joe Thomas) Date: Thu, 24 Aug 95 14:15:11 PDT Subject: SSL CHALLENGE: ALERT! probable misallocation of keys? Message-ID: You're right, I asked (I thought) for 50,000 keys -- a couple seconds' work on my machine -- and got back 50,000 segments. The WinNT client thinks it's sent them back, but the web page still lists them as mine. I can't find a form on Adam's web site for sending back keys, either. >I suggest we assume this is an error, and remove the block from the >reserved list so that it can be re-allocated. Please do, if you can! Thanks, Joe From cwe at Csli.Stanford.EDU Thu Aug 24 14:17:09 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Thu, 24 Aug 95 14:17:09 PDT Subject: SSL CHALLENGE: ALERT! probable misallocation of keys? In-Reply-To: <9508242051.AA13777@toad.com> Message-ID: <199508242116.OAA23923@Csli.Stanford.EDU> | I've been looking at the allocated list of keys, and I notice a possible | problem: One user has allocated 50,000 segements: Where can one observe the progress of the computations? What is allocated etc? /Christian From nesta at cynico.com Thu Aug 24 14:23:24 1995 From: nesta at cynico.com (Nesta Stubbs) Date: Thu, 24 Aug 95 14:23:24 PDT Subject: SSL CHALLENGE In-Reply-To: <9508242051.AA13777@toad.com> Message-ID: I have a small linux box doing 1000 keys per second. I had to re-download the brloop and brclient, cuse when I viewed them on the WWW page and attempted ot save them I forgo that Lynx will truncate soem lines, leaving me with some errors. I got complete correct versions an the box is chugging away. Nesta Stubbs "Betsy, can you find the Pentagon for me? Cynico Network Consulting It has five sides and a big parking lot" nesta at cynico.com -Fred McMurray- From tedwards at src.umd.edu Thu Aug 24 14:25:06 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Thu, 24 Aug 95 14:25:06 PDT Subject: brloop not working In-Reply-To: <"swan.cl.cam.:150900:950824172806"@cl.cam.ac.uk> Message-ID: Ah, found the problem. where is that "-" coming from??? [Linux] ++ nice -20 brutessl - 2977 d42f 1 usage: brutessl [-q] brutessl [-q] -r [] brutessl [-q] -t [[:]] I've stopped it until I can get that fixed. brclient is way huge now...I can't see how to get rid of the "-". -Thomas From tedwards at src.umd.edu Thu Aug 24 14:35:56 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Thu, 24 Aug 95 14:35:56 PDT Subject: brloop not working In-Reply-To: <"swan.cl.cam.:150900:950824172806"@cl.cam.ac.uk> Message-ID: On Thu, 24 Aug 1995, Piete Brooks wrote: > The first arg of brutessl is the file from which to read the config info. > "-" is a unix convention for the file "stdin". OK - I dig this, but brutessl on my Linux box is still complaining about usage...(sorry about the bandwidth but I assume other people are probably having similar problems) + eval brclient -dklLtssl|(read a;nice -20 brutessl - $a)|(read a;echo $a 1>&2; echo $a) |brclient -AlLtssl ++ brclient -dklLtssl ++ brclient -AlLtssl ++ read a ++ read a ++ nice -20 brutessl - usage: brutessl [-q] brutessl [-q] -r [] brutessl [-q] -t [[:]] -Thomas From Piete.Brooks at cl.cam.ac.uk Thu Aug 24 14:37:03 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Thu, 24 Aug 95 14:37:03 PDT Subject: brloop not working In-Reply-To: Message-ID: <"swan.cl.cam.:239560:950824213618"@cl.cam.ac.uk> > Ah, found the problem. where is that "-" coming from??? [Linux] brloop in the shell variable "cmd". #:10: the actual command to do the work .... cmd="${cmd-$brclient -dklLt$type|(read a;nice -20 $brute$type - \$a)|(read a; echo ' '\$a 1>&2; echo \$a) |$brclient -AlLt$type}" > ++ nice -20 brutessl - 2977 d42f 1 > usage: brutessl [-q] > brutessl [-q] -r [] > brutessl [-q] -t [[:]] > > I've stopped it until I can get that fixed. brclient is way huge now...I > can't see how to get rid of the "-". "-" is the name of the -- it's a unix convention for "stdin". brutessl 1.0 was incompatible with bruterc4 -- that was the reason for releasing brutessl 1.01 If you are stuck with brutessl 1.0, fix cmd to be #:10: the actual command to do the work .... cmd="${cmd-$brclient -dklLt$type|(read a;nice -20 $brute$type -- - \$a)|(read a; echo ' '\$a 1>&2; echo \$a) |$brclient -AlLt$type}" i.e. prefix the "-" with "-- " From jk at digit.ee Thu Aug 24 14:43:54 1995 From: jk at digit.ee (Jyri Kaljundi) Date: Thu, 24 Aug 95 14:43:54 PDT Subject: SSL CHALLENGE: ALERT! probable misallocation of keys? In-Reply-To: <13538.9508242114@exe.dcs.exeter.ac.uk> Message-ID: On Thu, 24 Aug 1995 aba at atlas.ex.ac.uk wrote: > What happens is that when it reaches FFFF, it'll start doling out yet > unacked keys on the assumption that they were mistakes, or that they > were slow machines, or WWW doled ones which the user forgot to ack. Just a dumb question: when brutessl-brclient-brloop will find the key, will it report it to the keyserver right away? What I mean is can I just start the brloops on my machines and log out, and not have to look at the display all the time? BTW how can I log brloop's output into a file and not to the screen? Juri o tel: +372 6308994 o> Message-ID: <"swan.cl.cam.:242090:950824214413"@cl.cam.ac.uk> > OK - I dig this, but brutessl on my Linux box is still complaining about > usage...(sorry about the bandwidth but I assume other people are probably > having similar problems) OK -- I'll leave CP on the CC list then ... + eval brclient -dklLtssl|(read a;nice -20 brutessl - $a)|(read a;echo $a 1>&2; echo $a) |brclient -AlLtssl ++ brclient -dklLtssl ++ brclient -AlLtssl ++ read a ++ read a ++ nice -20 brutessl - That's the problem -- "brclient -dklLtssl" failed to return any keys, [ congestion of the server :-((( ] so brutessl was called with just the "-" which brloop put there. From syshtg at gsusgi2.Gsu.EDU Thu Aug 24 14:46:28 1995 From: syshtg at gsusgi2.Gsu.EDU (Tom Gillman) Date: Thu, 24 Aug 95 14:46:28 PDT Subject: brloop not working In-Reply-To: Message-ID: <199508242146.RAA21529@gsusgi2.Gsu.EDU> > > > The first arg of brutessl is the file from which to read the config info. > > "-" is a unix convention for the file "stdin". > > OK - I dig this, but brutessl on my Linux box is still complaining about > usage...(sorry about the bandwidth but I assume other people are probably > having similar problems) > > ++ nice -20 brutessl - > usage: brutessl [-q] segments> > brutessl [-q] -r [] > brutessl [-q] -t [[:]] > Use 'nice -20 brutessl -- -' instead. The '--' tells getopts() not to parse anything else as arguments, then the next '-' will be interpreted correctly. Tom -- Tom Gillman, Unix/AIX Systems Weenie |"For a privacy advocate to determine Wells Computer Center-Ga. State Univ. |the best way to do key escrow is like (404) 651-4503 syshtg at gsusgi2.gsu.edu |a death penalty opponent choosing I'm not allowed to have an opinion. |between gas or electricity"-D.Banisar key to UNIX: echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq'|dc From poodge at econ.Berkeley.EDU Thu Aug 24 14:46:48 1995 From: poodge at econ.Berkeley.EDU (Sam Quigley) Date: Thu, 24 Aug 95 14:46:48 PDT Subject: SSL CHALLENGE: ALERT! probable misallocation of keys? In-Reply-To: <9508242051.AA13777@toad.com> Message-ID: <199508242146.OAA13613@quesnay.Berkeley.EDU> >>>>> "Peter" == Peter Trei writes: > I've been looking at the allocated list of keys, and I notice a > possible problem: One user has allocated 50,000 segements: > 0c2b-cf7a NOACK 0c2b 50000 Joe Thomas > Now, it's possible this fellow has some vast farm of high-speed > workstations, but I doubt it. Finger suggests that this is a > linux box. [...] Finger reports that it is indeed a linux (1.2.9) box with a low load average (0.00, 0.00, 0.00 right now), but that Mr. Thomas is on from nemesis.ogi.com. nemesis refuses finger, telnet, and ftp connections, but, on WWW connect, asks for a userid and password for the "Marcam Development WWW site at nemesis.ogi.com." Marcam (http://www.marcam.com) makes something to do with computers, so Mr. Thomas could well have a bunch of computers at his disposal... (Even so, 50000 is a big number) I can't actually figure out what, specifically, Marcam makes. They produce applications which reduce costs, increase flexibility, and the whole shebang... but nowhere does it say what the programs *do*... Smells like an NSA front. -sq :) From poodge at econ.Berkeley.EDU Thu Aug 24 14:51:20 1995 From: poodge at econ.Berkeley.EDU (Sam Quigley) Date: Thu, 24 Aug 95 14:51:20 PDT Subject: SSL CHALLENGE: ALERT! probable misallocation of keys? In-Reply-To: <199508242116.OAA23923@Csli.Stanford.EDU> Message-ID: <199508242151.OAA13622@quesnay.Berkeley.EDU> >>>>> "Christian" == Christian Wettergren writes: > Where can one observe the progress of the computations? What is > allocated etc? try http://www.brute.cl.cam.ac.uk/cgi-bin/brute?op=stats How often is this updated? I've allocated (and ACKed) more keyspace than it shows I have, and I wonder if my requests might have gotten munged. So far, the only thing it shows I've acked is the keyspace I manually ACKed over the WWW interface (actually, I ACKed it a bunch of times -- the forms weren't producing responses, so I resent them a couple times..) -sq From Piete.Brooks at cl.cam.ac.uk Thu Aug 24 14:52:49 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Thu, 24 Aug 95 14:52:49 PDT Subject: SSL CHALLENGE: ALERT! probable misallocation of keys? In-Reply-To: <199508242116.OAA23923@Csli.Stanford.EDU> Message-ID: <"swan.cl.cam.:244760:950824215153"@cl.cam.ac.uk> > Where can one observe the progress of the computations? What is > allocated etc? See "inspect the current status of the search" on http://www.brute.cl.cam.ac.uk/brute/ Note that I have disabled auto-generation of the stats file to help reduce the congestion ... From lile at art.net Thu Aug 24 15:08:01 1995 From: lile at art.net (Lile Elam) Date: Thu, 24 Aug 95 15:08:01 PDT Subject: EPIC states FBI files concluded that Clipper must be mandatory (fwd) Message-ID: <199508242205.PAA05087@art.net> This was interesting... ----- Begin Included Message ----- From Piete.Brooks at cl.cam.ac.uk Thu Aug 24 15:11:49 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Thu, 24 Aug 95 15:11:49 PDT Subject: SSL CHALLENGE: ALERT! probable misallocation of keys? In-Reply-To: Message-ID: <"swan.cl.cam.:251950:950824220946"@cl.cam.ac.uk> > Just a dumb question: when brutessl-brclient-brloop will find the key, > will it report it to the keyserver right away? IF it manages to get a word in edgeways, yes. However, I fear some ACKS are being lost :-( > What I mean is can I just start the brloops on my machines and log out, > and not have to look at the display all the time? Indeed -- it's meant to run unattended. HOWEVER, due to the problems with loosing ACKs, it would be useful to send the output to a log file, and then check that all the scanned segments made it to the server [[ NB: stats updates are currently manual !! ]] > BTW how can I log brloop's output into a file and not to the screen? sh: brloop >> logfile 2>&1 & csh brloop >>& logfile & (I think) Aliter: "nohup brloop &" might do it From ghio at cmu.edu Thu Aug 24 15:12:55 1995 From: ghio at cmu.edu (Matthew Ghio) Date: Thu, 24 Aug 95 15:12:55 PDT Subject: Matt Blaze's paper on Clipper... In-Reply-To: <199508241933.MAA21565@Csli.Stanford.EDU> Message-ID: Christian Wettergren asked: >I don't seem to be able to locate it, but I had it earlier on. >Do anyone know where it is? > >I'm talking to a reporter about the EPIC alert, and wants to show >him Matt's attack. ftp.research.att.com /dist/mab/essproto.ps From jsimmons at goblin.punk.net Thu Aug 24 15:13:34 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Thu, 24 Aug 95 15:13:34 PDT Subject: Brutesslos2.exe won't run Message-ID: <199508242211.PAA31692@goblin.punk.net> Trying to run brutesslos2.exe on my OS/2 box, I get: SYS1804: The system cannot find the file EMX -- Jeff Simmons jsimmons at goblin.punk.net From cwe at Csli.Stanford.EDU Thu Aug 24 15:14:53 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Thu, 24 Aug 95 15:14:53 PDT Subject: server congestion? Message-ID: <199508242214.PAA25424@Csli.Stanford.EDU> Couldn't one take advantage of the 50.000 mistake, by setting up a second server for that space. I guess things will screw up when the first server reaches FFFF, as indicated earlier. What would be nice is if one could divide up the key between servers also. Another thing that might decrease the load on the server is if we start allocating more blocks at a time, lets say 2-4 blocks each time. Wouldn't that help? /Christian From cwe at Csli.Stanford.EDU Thu Aug 24 15:16:45 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Thu, 24 Aug 95 15:16:45 PDT Subject: SSL CHALLENGE: ALERT! probable misallocation of keys? In-Reply-To: Message-ID: <199508242215.PAA25512@Csli.Stanford.EDU> | BTW how can I log brloop's output into a file and not to the screen? #!/bin/sh brloop > /tmp/worklog.ssl 2>&1 & is what I did. /Christian From trei at process.com Thu Aug 24 15:21:49 1995 From: trei at process.com (Peter Trei) Date: Thu, 24 Aug 95 15:21:49 PDT Subject: SSL Challenge: some thoughts on the process. Message-ID: <9508242221.AA18067@toad.com> Well, the game's afoot, and I have a few preliminary thoughts on the process. 1. We need some protection against massive allocation of keys - perhaps an upper limit of a few hundred segments. Piete had better be ready to loop the server - at this rate FFFF will be allocated sometime tommorrow. 2. It'd be nice if the NT Winsock client could loop, reporting results and getting new keys automatically each time it finished a block. As it is, it's not worth my running it overnight. For each of the P5/90 NT machines I'm using, I'm manually running brutessl with enough key to keep them busy till morning. I'd rather have something that reported results to the server as it went along. This is part of a more general problem. A lot of people are doing this on standalone machines at work, and have no way of checking them during the night. This is doubly true for weekends - theretically if someone hits jackpot at 6pm on Friday, we might not find out till 9am Monday. I will not be running on any work machines over the weekend. 3. Start time was a little ragged - 1800 GMT was named, but the server seemed to come up at 2PM east coast time, which is (I think) 1900 GMT. I think that if we selected 8AM west coast time (1600 GMT?) more people would come online more quickly. 4. There was a massive crush of people trying to get keys from the server at 2. If we ever do this again, we might think about preallocating chunks of keyspace to people according to their promised cpu power, and keeping the *challenge* a secret till the starting gun sounds. Passively serving a page with the challenge would load the server much less than the cgi-based key doler. 5. We needed more pre-publicity on the Net to attract participants - a week would have been better than 24 hours. just some random thoughts.... Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From tedwards at src.umd.edu Thu Aug 24 15:24:31 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Thu, 24 Aug 95 15:24:31 PDT Subject: brloop not working In-Reply-To: <"swan.cl.cam.:242090:950824214413"@cl.cam.ac.uk> Message-ID: On Thu, 24 Aug 1995, Piete Brooks wrote: > That's the problem -- "brclient -dklLtssl" failed to return any keys, > [ congestion of the server :-((( ] > so brutessl was called with just the "-" which brloop put there. I see that can happen, but there is also: ++ brclient -dklLtssl ++ brclient -AlLtssl ++ read a ++ read a ++ nice -20 brutessl - 2977 d42f 1 usage: brutessl [-q] brutessl [-q] -r [] brutessl [-q] -t [[:]] ++ echo Where apparently I did get d42f, but brutessl 1.02 choked - I am going to take the advic of the other poster and add the "--" to the command. Again this is on a Linux box. I suggest that other Linuxers check their logfile for this behaviour. -Thomas From lethin at ai.mit.edu Thu Aug 24 15:40:51 1995 From: lethin at ai.mit.edu (Rich Lethin) Date: Thu, 24 Aug 95 15:40:51 PDT Subject: Server Bottleneck Message-ID: <9508242240.AA26478@grape-nuts> The bottleneck at the server is pretty awful. My clients are spending most of their time in timeout, waiting for keyspace. Also, users on the workstations have complained that the programs eat of lots of system time, despite their being nice'd to +19... --- Concurrent VLSI Arch. Group 545 Technology Sq., Rm. 610 MIT AI Lab Cambridge, MA 02139 (617)-253-0972 From Piete.Brooks at cl.cam.ac.uk Thu Aug 24 15:43:31 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Thu, 24 Aug 95 15:43:31 PDT Subject: SSL CHALLENGE: ALERT! probable misallocation of keys? In-Reply-To: <199508242151.OAA13622@quesnay.Berkeley.EDU> Message-ID: <"swan.cl.cam.:260400:950824223105"@cl.cam.ac.uk> > How often is this updated? whenever I type "make" -- I have disabled auto-updating while the server is over congested ... > So far, the only thing it shows I've acked is the keyspace I > manually ACKed over the WWW interface (actually, I ACKed it a bunch of > times -- the forms weren't producing responses, so I resent them a > couple times..) I fear that some ACKs may be lost :-(( 1) use brloop 0.04 and brclient 0.13 might help 2) send stdout and stderr to a log file and scan it :-( From tedwards at src.umd.edu Thu Aug 24 15:53:09 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Thu, 24 Aug 95 15:53:09 PDT Subject: Linux fix was Re: brloop not working In-Reply-To: <199508242146.RAA21529@gsusgi2.Gsu.EDU> Message-ID: On Thu, 24 Aug 1995, Tom Gillman wrote: > Use 'nice -20 brutessl -- -' instead. The '--' tells getopts() not to parse > anything else as arguments, then the next '-' will be interpreted correctly. I made the change, and while it still chokes when you call brutessl without keys (a feature, right?), it DOES work when you get a valid keyspace. So Linux people might want to change the command in brloop if you are getting the same problems I was: #:10: the actual command to do the work .... cmd="${cmd-$brclient -dklLt$type|(read a;nice -20 $brute$type -- - \$a)|(read a; [Huh, like, I wrote more code ;] -Thomas From don at cs.byu.edu Thu Aug 24 15:53:31 1995 From: don at cs.byu.edu (Donald M. Kitchen) Date: Thu, 24 Aug 95 15:53:31 PDT Subject: server congestion Message-ID: <199508242251.QAA23003@bert.cs.byu.edu> Christian Wettergren: >is if we start allocating more blocks at a time, lets >say 2-4 blocks each time. Wouldn't that help? Heh heh heh Somebody should tell that to the guy who's pulling them down 500 at a time. I have to settle for 32 x 7 at a time, in order to manage runtime at 9 hours. And the clever thing is, I have to stay connected to all 7 machines in order to keep running. Good thing there's an incremental notice, so I can restart if I lose carrier. You know, this is really fun. Too bad the prize isn't something really cool, like a free wastebasket in case Windoze 95 comes my way... Sorry, just felt like it was my turn to babble... Don From jweis at primenet.com Thu Aug 24 16:01:39 1995 From: jweis at primenet.com (Jason Weisberger) Date: Thu, 24 Aug 95 16:01:39 PDT Subject: server congestion? In-Reply-To: <199508242214.PAA25424@Csli.Stanford.EDU> Message-ID: <199508242301.QAA29944@usr1.primenet.com> > > Another thing that might decrease the load on the server > is if we start allocating more blocks at a time, lets > say 2-4 blocks each time. Wouldn't that help? > I've been trying to report via WWW for almost 20 minutes... Yikes! From Piete.Brooks at cl.cam.ac.uk Thu Aug 24 16:03:43 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Thu, 24 Aug 95 16:03:43 PDT Subject: server congestion? In-Reply-To: <199508242214.PAA25424@Csli.Stanford.EDU> Message-ID: <"swan.cl.cam.:271770:950824230145"@cl.cam.ac.uk> > Couldn't one take advantage of the 50.000 mistake, by > setting up a second server for that space. The design of the prtotocol assumes a hierarchy -- maybe in the next attempt. Static partitioning would be possible (e.g. 0000-7ffff and 8000-ffff) but there are problems with acking to the right server, deciding which to contact, etc. > I guess things will screw up when the first server reaches > FFFF, as indicated earlier. Yup. > What would be nice is if one could divide up the key > between servers also. Hierarchy or static ? > Another thing that might decrease the load on the server > is if we start allocating more blocks at a time, lets > say 2-4 blocks each time. Wouldn't that help? I think most of the load is "HELO COMM QUIT" clients. Yes -- we had thought of upping the allocation .... From cwe at Csli.Stanford.EDU Thu Aug 24 16:08:05 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Thu, 24 Aug 95 16:08:05 PDT Subject: server congestion? In-Reply-To: <"swan.cl.cam.:271770:950824230145"@cl.cam.ac.uk> Message-ID: <199508242307.QAA26628@Csli.Stanford.EDU> | The design of the prtotocol assumes a hierarchy -- maybe in the next attempt. Ok, neat. I was merely thinking of a simple static partitioning of it right now. | but there are problems with acking to the right server, deciding which to | contact, etc. I was rather thinking of a simplistic solution right now, looking in the log of active calculators, roughly dividing them up into two similarly sized groups etc. But I guess this isn't as easy as I thought it would be. | > Another thing that might decrease the load on the server | > is if we start allocating more blocks at a time, lets | > say 2-4 blocks each time. Wouldn't that help? | | I think most of the load is "HELO COMM QUIT" clients. | Yes -- we had thought of upping the allocation .... Ok. /Christian From adept at minerva.cis.yale.edu Thu Aug 24 16:15:55 1995 From: adept at minerva.cis.yale.edu (White Adept) Date: Thu, 24 Aug 95 16:15:55 PDT Subject: server congestion In-Reply-To: <199508242251.QAA23003@bert.cs.byu.edu> Message-ID: On Thu, 24 Aug 1995, Donald M. Kitchen wrote: > You know, this is really fun. Too bad the prize isn't something really cool, > like a free wastebasket in case Windoze 95 comes my way... Well, if you win, then we'll chip in and get you a recycling bin. Ben. From ghio at cmu.edu Thu Aug 24 17:01:59 1995 From: ghio at cmu.edu (Matthew Ghio) Date: Thu, 24 Aug 95 17:01:59 PDT Subject: Linux brutessl client Message-ID: I get 11100 keys/sec with Linux/gcc 2.5.8 on a 486/66, optimized with -O2 and -fomit-frame-pointer. -fforce-mem and -funroll-loops made the program run more slowly. I also tried -ffast-math -finline-functions -fforce-addr -fcaller-saves which seemed to make no difference. Now maybe when they get the server working again I can actually try running this. :( From trei at process.com Thu Aug 24 17:15:36 1995 From: trei at process.com (Peter Trei) Date: Thu, 24 Aug 95 17:15:36 PDT Subject: SSL Challenge: Server problems Message-ID: <9508250015.AA22053@toad.com> I can't contact the server to request keyspace anymore - I get a '500 Server error' It looks like 12 hours on a P5/90 are going to waste (could have done 90 segments) Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From cwe at Csli.Stanford.EDU Thu Aug 24 17:24:13 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Thu, 24 Aug 95 17:24:13 PDT Subject: Linux brutessl client In-Reply-To: Message-ID: <199508250023.RAA28560@Csli.Stanford.EDU> | I get 11100 keys/sec with Linux/gcc 2.5.8 on a 486/66, optimized with | -O2 and -fomit-frame-pointer. | | -fforce-mem and -funroll-loops made the program run more slowly. | | I also tried -ffast-math -finline-functions -fforce-addr -fcaller-saves | which seemed to make no difference. I've tried to optimize the SunOS binary, but it seems as if 16400 keys/s is the maximum I can get on a SS10. No changes in optimization flags has helped so far. Has anyone got a better speed than this on a ordinary ss10, with SunOS 414? /Christian From cwe at Csli.Stanford.EDU Thu Aug 24 17:42:30 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Thu, 24 Aug 95 17:42:30 PDT Subject: Cypherpunks Santa Cruz meeting/party Message-ID: <199508250042.RAA28903@Csli.Stanford.EDU> Hi! Anyone in the Palo Alto area going to Tim's who would like to give me a ride there? If so, drop me a line. And Tim, take that as indication that I'm interested in participating in the meeting. :-) /Christian Wettergren Nordic Viking Sweden From jim at acm.org Thu Aug 24 17:59:45 1995 From: jim at acm.org (Jim Gillogly) Date: Thu, 24 Aug 95 17:59:45 PDT Subject: Cypherpunk Brute Squad [Re: SSL Challenge: Server problems] In-Reply-To: <9508250015.AA22053@toad.com> Message-ID: <199508250059.RAA02668@mycroft.rand.org> > "Peter Trei" writes: > I can't contact the server to request keyspace anymore - I get a... > It looks like 12 hours on a P5/90 are going to waste (could have done... Live and/or learn -- looks like the performance is a little better now that they're handing out bigger chunks. The important thing is to learn something new each time so the next one goes more smoothly. Should be nicer with hierarchical servers and so on for the next challenge... DES or lobotomized DES or whatever. Re: the title above. Remember in "Princess Bride" where Prince Humperdinck tells an underling to go search the forest and rout out the troublemakers? When he complained of the difficulty, he was told to form a "brute squad". Jim Gillogly Sterday, 3 Halimath S.R. 1995, 00:59 From Piete.Brooks at cl.cam.ac.uk Thu Aug 24 18:02:38 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Thu, 24 Aug 95 18:02:38 PDT Subject: SSL Challenge: Server problems In-Reply-To: <9508250015.AA22053@toad.com> Message-ID: <"swan.cl.cam.:020170:950825010219"@cl.cam.ac.uk> > I can't contact the server to request keyspace anymore - I get a > '500 Server error' I take that to mean "the WWW server" ... Well, it appears that the congestion has overcome it too ! Seems that cypherpunks hammer it even harder than its usual hight traffic on http://www.cl.cam.ac.uk/coffee/coffee.html I think it's just been running out of process, etc ... It's working OK for me now ... > It looks like 12 hours on a P5/90 are going to waste (could have done > 90 segments) Try again .... BTW: I tracked down the (well, at least one) cause of the "HELO COMM QUIT" sessions ... brclient 0.14 and brloop 0.5 should fix it. If brloop is running, leave it ASIS (if it passes the "L" flag to brclient that is), but replace the brclient script. When the running brutessl finishes, the next one will use the new brclient. Could everyone who's around make this update to reduce the congestion ? Ta. From altitude at cic.net Thu Aug 24 19:54:00 1995 From: altitude at cic.net (Alex Tang) Date: Thu, 24 Aug 95 19:54:00 PDT Subject: server congestion? In-Reply-To: <"swan.cl.cam.:271770:950824230145"@cl.cam.ac.uk> Message-ID: <199508250253.WAA24682@petrified.cic.net> On Thu Aug 24 19:00:15 1995: you scribbled... > > > Couldn't one take advantage of the 50.000 mistake, by > > setting up a second server for that space. > > The design of the prtotocol assumes a hierarchy -- maybe in the next attempt. > > Static partitioning would be possible (e.g. 0000-7ffff and 8000-ffff) > but there are problems with acking to the right server, deciding which to > contact, etc. It would probably be best to have the "child" servers requeset large chunnks of keyspace from a "parent" server. This may require some minimal extension to the protocol. In particular, in the helo, you may want to add a "client type" field which would be either "Client" or "Server". If it's a "Server" the parent server would keep track of the name/ip of the "child" server. If someone tried to ack a set of keyspace that the "child" server was responsible for, the "parent" server would return either a 601 STOP or perhaps a new return code such as 602 ACKHERE The 602 code would differ from the 601 code stop in that the client could come back to either server in the future. This would let a real "Client" could request keys from any server, but would have to ack back to the same server. When the "child" server runs out of keyspace, it would get some more from it's "parent" server. Just my $0.02. ...alex... From an366601 at anon.penet.fi Thu Aug 24 20:00:56 1995 From: an366601 at anon.penet.fi (an366601 at anon.penet.fi) Date: Thu, 24 Aug 95 20:00:56 PDT Subject: The Theory of Nymity (value of True Names) Message-ID: <9508250244.AA26841@anon.penet.fi> the thread has been going around about the value of "true names". this is a complex study of the value of "true names". it dissects the issue and gets to the core of the matter. it suggests there is a valuable *psychological* benefit to the use of true names and that it may even be necessary for "honest communication" in any "society". those of you that argue that true names are irrelevant, why is it that you are the same ones that try to "out" L.D. behind whatever tentacle-of-the-moment he is hiding behind? do you really care, or don't you? actions speak louder than words!! part of L.D.'s demonstrations were the harm that someone with some ingenuity, flair, malice, and boredom could wreak on any cyberspatial community through the use of unrestrained anonymity/pseudonymity. and it appears that some of you still don't get the point. perhaps another reminder or demonstration is in order | /\ |\| /~ L~ ``I have to spew this stuff, or I'd be on the L_ /~~\ | | \_ L_ roof with a high power weapon.'' -Jim Carrey http://www.csn.net/~ldetweil === The Theory of Nymity Detweiler was the first to pioneer the "theory of nymity". Observing that various forms of anonymity and pseudonymity were blurred in the popular consciousness and that the subject was awash with irrational emotionalism and ill-defined terms, he sought to formalize and crystalize the fundamental concepts and distinctions involved. The cypherpunks definitely pioneered forms of nymity, and passionately champion the general issue, particulary its ramifications in cyberspace; however they refuse to confront the issue openly and overtly, suggesting they perceive some sort of stigma or taboo associated with their practices. They also refuse to contemplate negative or potentially disastrous social effects of the associated scenarios, asserting all forms of nymity are either indistinguishable or essentially morally neutral practices that invariably extend the rights of the individual in the face of the oppressive State or massive corporations. They see all forms of nymity as merely one unified hacksaw of the serf, useful and effective in cutting away chains of bondage in the Sisyphean struggle for privacy. Detweiler confronted the diverse implications of nymity by elevating the subject of "nymity" to a study complete in itself. Abstracting from his writings, Detweiler considered the concept of a "nym spectrum" involving the key concepts of receiver of a message, sender, and identity. At various points on the nym spectrum, the receiver has varying degrees of knowledge about the identity of the sender. In a Detweilerian model of nymity, an abstract communications space exists in which messages and their identification can be dissociated from their senders while still being directed at receivers. A set of "formal senders" is juxtaposed or overlaid on top of the "actual senders" analogous to the way formal and actual parameters in structured computer programs are defined and related. A "formal sender" is the labeled origination of a message sent by an "actual sender", who may or may not be identified. The "formal sender" may be identified in some way that is independent from the "actual sender" identification. If an actual sender A is identified as sender B in the message, B is the "formal identification" for the sender whose "actual identity" is A. Detweiler defined the various forms of nymity based on the knowledge of the sender, say party C. This is his critical distinction that cypherpunks denied, arguing that all the forms of nymity he saw a difference between were really interchangeable and indistinguishable, and therefore identical. They do not recognize any relevance of the "knowledge" or mental state of the receiver in regards to messages. (In a sense the philosophy is similar to behaviorism in asserting the invalidity of internal mental state.) A "true name" is defined as a situation where the message is identified from the actual sender, e.g. message sender is identified as "A" who actually sent it. An "anonymous" message is a message with no identification whatsoever. Detweiler sometimes called this "hit and run anonymity". There is no attribution in the message to any sender, either formal or actual. Entity "C" knows the message could be from anyone. A "pseudonym" is defined as a situation where the message has an identification, but the receiver is correctly aware that the identification on the message is not the actual identification. I.e. C receives a message labelled as originating from "B", but C knows that "B" is a nym for some other party that *could be* (but not *necessarily*) actually identified as "A". Detweiler defined "pseudoanonymity" as the blurred situation between the anonymous and the pseudonymous message. The receiver C sees a message as originating from "B", but C is not aware that "B" is a formal nym that may actually identify some other party such as A. Entity A is said to be "pseudospoofing" entity C. The cypherpunks argue that there is in principle no difference between Detweiler's "pseudoanonymity" and the classic "pseudonymity", stating that anywhere there is an "actual" nym, a receiver cannot be sure it is not really a formal one, and vice versa (i.e., any nym is potentially a pseudonym or true name). In fact they say there is fundamentally no distinction to be made between formal and actual nyms. The critical question is of course is how "actual" and "formal" nyms are defined. What does it mean to "identify" a sender with a nym? Detweiler adapted to the ambiguities in the following way. He defined the "actual nym" (or, interchangeably, the "true name") as an identification for party A if for every context where an actual nym applies, that party is identified as A. Call this the "actual nym scenario". The definition appears to be somewhat circular but he was able to derive conclusions from the premise. Suppose that a context was established in which the "actual nym" scenario applied, and a message was identified as from "A". Then "A" is the actual nym of the sender. Suppose that the context is not "actual" (the converse will be considered the "formal") and the message is identified as from B. If there is some "additional information" that B is a "true name", then B is the actual sender, and no other party sent the message (forms of the "additional information clause will be considered below). Otherwise no conclusion can be made about the actual sender. In general, in an "actual context" the actual sender is always the formal sender. In a formal context, the actual sender is dissociated from the formal identity of the message, but "independent information" may pinpoint the actual identity. But the question of how the formal or actual context is established is still unresolved. Detweiler suggested it would be based on the declarations of the message. If the message "declared" it was from an actual sender, the actual context applies. If there is no declaration, the formal context is assumed. Obviously contradictions can arise within these definitions if the sender "lies". Detweiler simply observed that a logical theory could be built up based on his premises from which conclusions could be drawn. Furthermore, there is the fundamental observation that in a formal nymity system, "true" conclusions about actual identity can only be derived from message contents if participants "don't lie". A core premise of the theory is that an entity can express statements such as "my true name is [x]" in the communication system. (This is one form of the "additional information" clause above.) The cypherpunks believe that if the communication system includes only the formal context, there is no such thing as a "lie". Detweiler however maintained that as long as the actual system exists (or more particularly the overlay of a formal system over an actual one), lies can exist, although they may be undetectable within the formal system. (In this sense it is analogous to a Godel Theorem for Nymity, making an observation about a phenomenon that "exists" but is "undetectable" within the formal system, with the parallelism of "mathematical" and "metamathematical" statements mapping to "formal" and "actual" communication systems.) The Detweiler Thesis Detweiler had a preoccupation for considering the "community", which is defined as a formal or actual context in which communication takes place in both ways between a group of entities (i.e. entity A may be a receiver of sender B and vice versa for all members of the group). He explored the implications of both the formally and actually identified communities, and consistently objected to the actual identification scheme as at least uninteresting and at most too constraining, mirroring the quintessentially cypherpunkesque position. However Detweiler diverged from the philosophy by repeatedly emphasizing a basic premise, which is currently unprovable speculation much the same way that the Church-Turing thesis is: in a formally identified community system where participants don't "lie" about actual identity, the communication of the "community" is of "higher quality". A concrete example from everyday experience is that of book publishing. Some books may exist in a "formally identified" community in which all the authors of the community agree to associate their actual identity with the book (the "message"). Other books may exist in a "formally identified" community in which authors identify themselves other than with their "true names". Detweiler asserted that a book could "lie" and state that it was to be taken in the actual context (i.e. "A is the author of this book, and A is not a pseudonym"). Cypherpunks denied there was such a thing as a "lie" this context or even a "true name" in any context. Essentially they consider any statements in the message that refer to identity or its formal vs. actual context as nonexistent, invalid, and/or meaningless. Detweiler suggested that a "scientific community" was an example of a communications system dedicated to actual identities, or at least a formal identification system where the occurence of lying was minimal and considered anomalous, and that its "success" in achieving an overall climate of "quality" communication is partly due to the convention. Detweiler emphasized that it is not the case everyone must be actually identified in the community to fulfill his thesis (which is expressly about formal communities, not actual ones), only that parties in the system "don't lie". The cypherpunks completely, either inadvertently or deliberately, misconstrue or obfuscate his position as asserting that the formal context of nymity is never of "higher quality". Actually, Detweiler frequently expressed an aversion to the actual identity community and championed the formal context of communication as an embodiment of privacy, just as the cypherpunks. But he diverged from the cypherpunks by insisting that "lies exist" in the formal context which they heatedly denied. Another of Detweiler's observations was not only were "lies" possible in a formal communications system, but there were "worse lies" in formal systems that embodied two-way community communication. An example of this is cyberspace, where a sender can ask questions of the receiver such as "are you using a pseudonym?" or "are you communicating under formal names other than [x,y,z]"? (These are examples of the "additional information" clause above that discriminates pseudonymity from pseudoanonymity.) He noted that questions like these can be answered "truthfully" while at the same time not necessarily divulging actual identities, a distinction critical to the understanding of Detweilerian theories. The cypherpunks either asserted that such questions were fundamentally illegitimate and invariably deserved no answer by the receiver, or even that any answer (including a "lie") was justified in response. Detweiler observed that some formal identification systems have some other useful properties, such that "if [a] and [b] are different formal names, [a] and [b] denote different entities". Or, "for all formal names [a], there is a single entity actually identified as [a]." Furthermore, in a community where senders don't "lie", these properties can actually be derived by asking particular questions of the senders. (The question of whether the receiver *must* answer certain questions, or not at all, leads to additional ramifications.) Detweiler's very critical observation, however, was that even though there is additional "knowledge" about the uniqueness of identities in these systems, the mappings of formal nyms to actual identities cannot necessarily be derived. This is the basis of his claim that even if the entities in a formal system "don't lie", they don't necessarily reveal their actual identities, and that this critically desirable property of "privacy" is preserved. The idea of a "true name" is a very problematic and perplexing concept in the same way that the concept of "absolute space" is troubling to the theory of Newtonian mechanics, which Einsteinian relativity sought to remove, starting with the premise that "there is no preferred reference frame". The cypherpunks cite the absurdity of the "true name" concept in an analogous argument and attempt to discredit Detweilerian theories on this basis. However the theory is not based on "true names" but the existence of "entities", hence this cypherpunk position translated to its most basic form, becomes, essentially, "unique communication sources (such as 'humans') don't exist" (or analogously in the Einsteinian metaphor, "mass and energy do not exist"). In other words, assuming that "unique entities exist", and statements about identity can be made in the communication system, it is possible for entity A to say "my true name is 'C'" in one message and in another "my true name is 'B'", a situation which would be considered a "lie"-- the significance of the reference to the entity as "A" is irrelevant. The "true name" of an entity A is simply defined as an arbitrary but unique nym which, if considered the actual identity of A, would not contradict the statements of any of A's messages (or replies to questions). Simply put, the "true name" has the property that if two derivations in the form "[x] has true name [y]" and "[x] has true name [z]" can be made from the meanings of [x]'s statements in [x]'s messages, then y = z. Hence, if entity [x] simultaneously states "my true name is [y]" and "my true name is [z]" in any messages (the receiver is irrelevant) and y != z, then entity [x] is "lying". The essence of the idea of "true identification" is that there is a one-to-one mapping between "entities" and "true names". The representation of the "true name" is irrelevant. Detweiler certainly did not make the absurd claim that a "true name" had any special syntactic properties. He also did not claim that "true name registries" had to be erected to provide the feature, although they could support it. At the core of the concept is the idea that every entity in a "truthful" system must make a choice as to their actual name identification and not "lie" about its properties in messages that refer to it. The cypherpunks ruthlessly ridiculed this concept of communication explicitly involving "trust" and "honesty" between participants. One famous objection was that "that which cannot be enforced should not be prohibited". That is, if the unique mapping of true names to actual entities was not a precise, mathematical certainty, it effectively does not exist. Hence the cypherpunks generally base their model of the reality of communications on fundamentally different premises than Detweiler which reject the existence of the concept of "truthfulness". Detweiler countered by suggesting that communities with communications based on trust and honesty and the contrary not only both exist, but that discrepancies between the two probably existed as well and furthermore were worthy of study. (Again, he conjectured that the "dishonest" communications forums led to "disharmony" without further defining the term.) All these distinctions lie in the area Detweiler denoted under the heading "morality" which again the cypherpunks generally deny exists in an abstract communications system. Hence the key formal ideas of the overall theme that communications systems could lead to significantly different scenarios based on the "honesty" or "truthfulness" of members of a community with respect to identity had been addressed for the first time by Detweiler, but at great cost to Detweiler's credibility within the cypherpunk circles, which have rebuffed, ridiculed, and excommunicated him. Detweiler tended to take this as evidence that the core cypherpunk philosophy was not about seeking privacy, which he went to pains to demonstrate existed in his "honest" systems, but rather a sort of denial of the existence of morality in cyberspace-- that the question of "whether a message 'lies' about it's authors identity" is inherently meaningless, a premise he strongly rejected. The Sociology of Cypherpunkism Detweiler went far beyond theoretical study in his research of these areas of Nymity. He considered the cypherpunk beliefs in these areas worthy of a systematic sociological survey because of the apparent taboos and stigmas the cypherpunks apparently associated with some of their positions, either applied by themselves or that they perceived were held by others. He found they were reluctant to reveal their true beliefs on the subject and consistently refused to answer even vague questions like "how many pseudonyms are you using? are you using any at all? do you think forums where pseudonyms are not used, by agreement of participants, are desirable or could have superior quality?" Detweiler believed to have found signs the cypherpunks actually have very complex beliefs, practices, and techniques in the areas of identity subterfuge which they refuse to reveal except to fellow "insiders", something like an elaborate secret religion or unorthodox sexual practice. For Detweiler, cyberspace and cypherpunkism are a microcosm of the way that humanity seems to mix the concepts of accountability, morality, and identity in an intricate, tangled, inscrutable web, a place where the ideas of "candor" vs. "privacy" are viscerally manifested. Detweiler often observed the interplay between "true name, pseudonymous, and anonymous" messages was somewhat analogous to the Freudian concept of the dance between the superego, ego, and the id, or formal vs. actual identification systems like the subconscious vs. the conscious awareness. (He once even compared pseudospoofing scenarios to demonic posession and multiple personality disorders.) Perhaps his most relentless and enduring theme was that nymity issues are an area inherently worthy of serious or even intense scientific inquiry because they lie at the core of human society and interactions. The Detweilerian distinctions are very critical in understanding the cypherpunk philosophy and the schism with conventional morality he claimed it embodied. Essentially the cypherpunks assert "lies about identity don't exist in cyberspace". Detweiler argued not only that "lies about identity in cyberspace exist", but further claimed that "lies about identity diminish the quality of communications within the community" and that "privacy is not necessarily compromised by honesty". However his position is often erroneously lampooned by the cypherpunks as a ridiculously (but hilariously) distorted charicature such as "true name identification should be enforced by strict laws of the State because pseudonyms are inherently evil" when in fact his distinctions, conclusions, and claims are far more sophisticated and subtle. Whether the Detweiler Thesis asserting "superior quality communication in honest formal indentification systems" can ever be demonstrated, and whether the unrecognizably distorted portrayals of his theories by the cypherpunks are deliberate or due to the inherent incomprehensibility of the concept to peculiar brain anatomies, are the key, unresolved, "open" questions and matters of further research in the study of the sociology of cypherpunkism and the theory of Nymity. ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From Buzz at static.noise.net Thu Aug 24 22:14:33 1995 From: Buzz at static.noise.net (Buzz White) Date: Thu, 24 Aug 95 22:14:33 PDT Subject: Article in Time Magazine In-Reply-To: <199508220416.AA03981@personal.eunet.fi> Message-ID: <41eg3r$8er@nntp.crl.com> "Kari Laine" wrote: >> How many exported software products might have backdoors, >> vulnerabilities, and hidden procedures which are harmfull if ever >> activated? >I am not saying it is so I am just speculating >Windows ? >Microcode of big host systems like the one from IBM? >Each mainframe comes with a line attached. Customer >typically don't have the faintest idea what is going on >that line. I know one customer who stuck a printer >there and though - now we will see ... well he ended >up with printouts he did not have the faintest idea >of their context. >Now does anyone has real evidence of possible >backdoors? >Best Regards >Kari >Kari Laine buster at klaine.pp.fi >LAN Vision Oy Tel. +358-0-502 1947 >Sinikalliontie 14 Fax +358-0-524 149 >02630 ESPOO BBS +358-0-502 1576/1456 >FINLAND All the more reason to use Linux or FreeBSD - an OS you have the source for, on hardware that you can examine. From blane at eskimo.com Thu Aug 24 23:13:05 1995 From: blane at eskimo.com (Brian Lane) Date: Thu, 24 Aug 95 23:13:05 PDT Subject: OS/2 Brute SSL binary Message-ID: <199508250612.XAA12117@mail.eskimo.com> After an evening of installing emx+gcc for OS/2 I have gotten a compiled binary to run on my machine. Its chugging away at 5100 keys/sec. If you want to try out my binaries, ftp over to: ftp.eskimo.com/~blane/brutessl/bruteos2.zip I have included the .exe, the .txt file and the .pf files for hals 2 challenges and the test.pf I think I have it compiled so that you don't need emx.dll on your system, but I can't test it(I have emx installed). Let me know of any problems. I tried the os/2 binaries from the ftp.brute... site, but they insisted on running the DOS command.com shell, and then dying with an error. Good luck! Brian -------------------------------------------------------------------------------------- http://www.eskimo.com/~blane | Finger for PGP Key | 'Space, its so roomy!' - B. Bunny ftp://ftp.eskimo.com/~blane | | -------------------------------------------------------------------------------------- From jamesd at echeque.com Thu Aug 24 23:22:45 1995 From: jamesd at echeque.com (James A. Donald) Date: Thu, 24 Aug 95 23:22:45 PDT Subject: The Theory of Nymity (value of True Names) Message-ID: <199508250622.XAA00966@blob.best.net> Larry Detweiler wrote: > part of L.D.'s demonstrations were the harm that someone with > some ingenuity, flair, malice, and boredom could wreak on any > cyberspatial community through the use of unrestrained > anonymity/pseudonymity. and it appears that some of you still > don't get the point. perhaps another reminder or demonstration > is in order Larry has from time to time attempted to prove that net anarchy is a bad thing, because people can engage in nasty pointless destructive behavior. In addition to his battles with the cypherpunks list over anonymity, he has also argued with pretty much the entire net community that without a central authority it is meaningless to attempt to distinguish between good conduct and bad conduct, and has attempted to prove his thesis by actual demonstration. His accounts have been repeatedly yanked, he has found himself under endless savage attack by a large part of the entire internet, and has repeatedly gone completely insane, possible because of the emotional stress resulting from massive hostility, denigration, and contempt from huge numbers of people. Of late his attacks have become more cautious and less likely to provoke massive retaliation. He appears to have recovered his sanity temporarily. Perhaps another reminder or demonstration is in order. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From poodge at econ.Berkeley.EDU Fri Aug 25 00:07:59 1995 From: poodge at econ.Berkeley.EDU (Sam Quigley) Date: Fri, 25 Aug 95 00:07:59 PDT Subject: random coincidences Message-ID: <199508250707.AAA14271@quesnay.Berkeley.EDU> -----BEGIN PGP SIGNED MESSAGE----- What are some of the more common "coincidences" and non-random correlations that ordinary random number generators (ones found in common computer languages that don't take extensive measures to be random) have? It seems that there's a lot of fuss about getting very random numbers, but unless the numbers produced by ordinary measures have very obvious coincidences, maybe it's a big fuss about nothing...? - -sq -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMD12u1IP+Y8TPTdtAQECmwP/UTLcmOL1sKvOrtO7XcE5mNpr5gjou/Ht kWqIbobOroIsW3YtbL/KbdFmxBhPr9SrynYc76vlqRXG0vai5xOmqRdMyCXs+67U qWWRxlJRhEgbdGNaH2YgSU7MlEIGq64oEWW439wbABG+TMQtV225gzhOUsCEM9qg 3Bun1zOnJIc= =xhWT -----END PGP SIGNATURE----- From eay at mincom.oz.au Fri Aug 25 00:34:10 1995 From: eay at mincom.oz.au (Eric Young) Date: Fri, 25 Aug 95 00:34:10 PDT Subject: Crypto DLL's/SSLeay 0.4.5 In-Reply-To: <199508241311.JAA13033@frankenstein.piermont.com> Message-ID: On Thu, 24 Aug 1995, Perry E. Metzger wrote: > Eric Young writes: > > On the PGPphone issue, I Personally I feel SSLphone would be a much > > better way of doing things. > Oh, yeah? No user certificates, no way to verify whats on the other > end. No assurances that you aren't being tricked into using a weak > algorithm because negotiation doesn't take place under cover of > signature. Lots of little potential cracks. Thanks, but no thanks. :-) Agreed, it depends on how you use SSL and implement it, I have not added it yet but I'll put in my library hooks so an application can refuse to use certain ciphers that are in the library. Currently you can specify your preference of cipher and there is a call to return the cipher being used on an SSL connection. The most recent version of SSLtelnet of ours prints the subject name of the server and the cipher being used, just so you can know if you are using RC4-40 :-). As for authentication, agreed, the key distribution problem for X509 needs work but still, if the audio is good enough, you should know who is on the other end :-). > This is not to slight your code. I'm slighting the protocol. none taken, my main support for SSL is that there is minimal work to be done to make an application support encryption (+ perhaps authentication) over a connection. This means that any work done to improve the SSL library (as in certificate distribution and verification) will instantly be able to be added to all applications using that SSL library. If each one of 15 different appliction has a different cipher/authentication package, there is 15 times the work to upgrade. Hell, to put PGP type authentication in SSL would probably not be very hard. It would require a new certificate type and a new 'verify certificate' routine and that would be about it. Basically I'm a bit lazy, I like to write libraries and then keep on reusing them. > > For phone over modem, authentication is not really required > And why is that? Again, if the voice is clean enough, you should know who is at the other end. If you are talking about a program being at the other end, well thats another matter :-). eric -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups that the message contents :-) From bdavis at thepoint.net Fri Aug 25 02:08:56 1995 From: bdavis at thepoint.net (Brian Davis) Date: Fri, 25 Aug 95 02:08:56 PDT Subject: FBI Files on Clipper Release In-Reply-To: <9508232014.AA18754@cs.umass.edu> Message-ID: On Wed, 23 Aug 1995, Futplex wrote: > A FBI document reads: > # To ensure that this occurs, legislation mandating the > # use of Government-approved encryption products or > # adherence to Government encryption criteria is required. > > Ex-AAG Jo Ann Harris told a Senate Judiciary Subcommittee in 1994: > $ we have absolutely no intention of mandating private use of a particular > $ kind of cryptography, > > I ranted: > % Just what real legal recourse do we have against lying scum in the > % bureaucracy ? > > Brian Davis writes: > > You sure are anxious to prosecute government officials. > > You're damn right I'm anxious to prosecute government officials who appear > to have willfully lied about public policy in testimony before Congress ! You must realize that there can be a difference between what agencies say is necessary and what policy ultimately becomes on that issue. It is because of that distinction that campaigns, such as the ongoing campaign to allow exportation of strong encryption software, are important. The FBI may say they want X, but the policymakers may take the FBI's arguments (always with a grain, or a bucket, of salt), consider other agencies views, public opinion, the persuasiveness of everyone's reasoning, and *then* adopt a policy that satisfies no one completely. > For representative democracy to be even vaguely democratic at all, the > representatives need to level with their constituents as much as possible. > I certainly intend to hold public officials speaking in an official > capacity about official business to a high standard of conduct. As you, and we all, should. That doesn't mean prosecution necessarily. It may mean private protest (letter to Clinton, Reno, et al.), public protest, voting the bastards out, etc. > > What is untrue about her statement. Maybe she meant it's OK to use > > ROT-13 but nothing else ... > > How could that be compatible with "no intention of mandating...a particular kind of cryptography" ? > > > And you guys complained about the Jake Baker prosecution! > > Non-sequitur. How is the Baker case relevant to this ? I disagree that it is a non sequitur. Baker indicted for speech which, to some, constituted a threat. You seek to prosecute former AAG Harris for speech which, to some, was a lie. > > -Futplex > "Say goodbye to the clowns in Congress" -Elton John/Bernie Taupin > Sorry I didn't respond sooner -- email got backed up and I'm not reading chronologically (for some unknown reason). From danisch at ira.uka.de Fri Aug 25 02:43:12 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Fri, 25 Aug 95 02:43:12 PDT Subject: Article in Time Magazine Message-ID: <9508250941.AA00683@elysion.iaks.ira.uka.de> > All the more reason to use Linux or FreeBSD - an OS you have the source for, > on hardware that you can examine. How would you want to examine a pentium processor? Just an idea: Take the block move instructions and attach a little state machine. If a certain sequence of bytes is detected, a fuse somewhere on the chip is burned and the processor could switch irreversible into a mode where it does partial incorrect calculations. Send someone an email, an IP packet or an ethernet packet and you can expect the packet to be moved by a block move command. Hadmut From don at cs.byu.edu Fri Aug 25 02:52:36 1995 From: don at cs.byu.edu (Donald M. Kitchen) Date: Fri, 25 Aug 95 02:52:36 PDT Subject: DigSig laws Message-ID: <199508250951.DAA13176@bert.cs.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- Being a resident of Utah, I was interested in exactly what Utah's digital signature law was about. I knew it had to be somewhat level-headed, since a number of people in little silicon valley must have had their fingers in it... Unfortunately, IANAL for me is more than just a legal disclaimer. Anyone know of any of the legal eagle (ie, judge-l, eff, etc) have analyzed it, or know of any summaries that my search didn't find? (I was lucky to find this link in the first place...) Here is the utah law: gopher://gopher.utah.edu/11/Off%20Campus%20Information/State%20of%20Utah/ Utah%20Legislative%20Bills/1995 (I had to manually gopher it, it's under search bills, it's SB0082) Or perhaps any of you IANAL types would care to try reading it...it sounded like the key had to be escrowed with a legally recognized agent. PS: my compliments to Damien. Oh, I mean, the SSL crack looked nice leading the SF Chronicle's Business headline, but I'm especially thrilled the way the Signal/Noise ratio suddenly improved overnight. It will make reading what happened during my vacation much more interesting from that point on... And for those of you who think that PROMIS is squarely on-topic, . When I can get grep routing results to /dev/null for "whitewater", etc, I'll be sure to share.. Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMDwC48La+QKZS485AQHnnQL9FllVv82m5a0bl0xg5einnt3KR2X4FhPj jdTMiWeCPRW6H84/GWzPdhcHrn0ilvtgnwZTYqaL+1KS6wuPkuMcjOLw8VgxLmO9 CyUAee/zipkTyPnSPlgYp5Nvw0vm+gFn =qurO -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From Piete.Brooks at cl.cam.ac.uk Fri Aug 25 04:11:59 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Fri, 25 Aug 95 04:11:59 PDT Subject: Cypherpunk Brute Squad [Re: SSL Challenge: Server problems] In-Reply-To: <199508250059.RAA02668@mycroft.rand.org> Message-ID: <"swan.cl.cam.:226410:950825111043"@cl.cam.ac.uk> **** Anyone participating in the SSL Challenge who has logs of their searches **** please ensure you read "What to do if you have logs" below ** Anyone who is running a brclient earlier than 0.14 or a brloop earlier ** than 0.05 please ensure you read "current requirements" > Live and/or learn The purpose of this project was the latetr ... > -- looks like the performance is a little better now that they're handing out > bigger chunks. That is just one of the tweaks I made ... > The important thing is to learn something new each time so the next one goes > more smoothly. Indeed -- the current project is a merge of three I had planned ... > Should be nicer with hierarchical servers and so on for the next challenge... > DES or lobotomized DES or whatever. Yeah .... :-) This project arose from the "failed" rc4-40 attempt. Personally I think it worked -- it showed that it was possible to scan a 40 bit address space performing the kind of manipulations needed for brute force attacks. The WWW interface was a pain as it required users to do something, so the norm was to allocate large chunks, etc. Also collating the results was a nightmare ! So we decided that cutting the people out would be a good idea all round. We bolted it all together, and it seemed kind of OK. The plan was then to pass it round a wider audience to check that it ported to other systems and environments, and once it was shown to bsasically work, see how it stood up to heavy usage. Finally we could let it rip & see what it could do. Unfortunately, due to various external pressures, we have ended up rolling all these three into one. It has made it a lot messier than I would have hoped, for which I apologise to you all. rc4-40 had shown that 40bit address spaces could be scanned. hal1 slipped through our fingers, and showed somewhat more than we had planned, i.e. that actual code could be broken by a *single* person (this sounds more impressive, but is technically easier !). We asked for hal2 and hal3 to "check it works" and "watch it zip" repectively. Before he left, Hal gave us hal2, so we combined the two remaining stages. SO: this project is: 1) to shake down the code on different systems 2) to see how it works under real load 3) to see how quickly a 40bit address space can be scanned. Again I apologise to you all that (1) has been non-trivial and that (2) has had unpleasant effects of (1). I think next time we may be ready for (3) ... I was going to summarise some of the lessons so far, but things are getting congested again, so I shall send out this PLEA to ensure recent code is used !! current requirements ==================== PLEASE ensure that you are using a brclient of at least 0.14 ("grep comment.inffo brclient" to discover what you are using) You can updare brclient while brloop is running. Some people are still running old versions, and this is hammering the server. It also helps to run at least brloop 0.05 ("grep BRLOOPCOMMENT brloop"). What to do if you have logs =========================== During the early part of the project, the server was highly congested, and I fear that many ACKs may have been lost :-( If you have logs of the searches your machine(s) did, it would be useful to check that all ACKs got through. Look at the stats page http://www.brute.cl.cam.ac.uk/cgi-bin/brute?op=stats (or something like http://www.brute.cl.cam.ac.uk/cgi-bin/brute?op=stats&project=&proj=2977+Hal%27s +second+challenge&substring=YourID&patt=unacknowledged but with YourID repleaced by the ID ypou use) and look for all the NOACKs. e.g: 008f NOACK 008f 1 Piete Brooks See if there is a corresponding entry in your logs grep -h '2977 [0-9a-f]* 008f [0-9]* [n0-9a-f][o0-9a-f]' and if so, ACK it brclient -Ltssl -a'2977 2a07 008f 1 no' [ If your a HACKer, you can automate it, as in lynx -dump 'http://www.brute.cl.cam.ac.uk/cgi-bin/brute?op=stats&project=&proj =2977+Hal%27s+second+challenge&substring=Piete.Brooks&patt=unacknowledged' | grep ' NOACK ' | while read a b; do grep -h '2977 [0-9a-f]* '$a' [0-9]* [n0-9a-f][o0-9a-f]' ~/BR-*; done | while read a; do brclient -Ltssl -a"$a"; done of the like .... ] From fc at all.net Fri Aug 25 04:23:52 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Fri, 25 Aug 95 04:23:52 PDT Subject: The Theory of Nymity (value of True Names) In-Reply-To: <9508250244.AA26841@anon.penet.fi> Message-ID: <9508251117.AA13712@all.net> > | /\ |\| /~ L~ anonymously spewed forth > L_ /~~\ | | \_ L_ as follows: > > The Theory of Nymity > ... > The cypherpunks definitely pioneered forms of nymity, and passionately > champion the general issue, particulary its ramifications in > cyberspace; however they refuse to confront the issue openly and > overtly, suggesting they perceive some sort of stigma or taboo > associated with their practices. They seem to be openly confronting the issue to me. There is a stigma attached to anonymity - haven't you seen the lone ranger? If you're honest, why do you wear a mask? > They also refuse to contemplate > negative or potentially disastrous social effects of the associated > scenarios, asserting all forms of nymity are either indistinguishable > or essentially morally neutral practices that invariably extend the > rights of the individual in the face of the oppressive State or > massive corporations. I think they contemplate the issues. I think that most of them (us?) realize that: They are the ones likely to be most harmed by a lack of open and honest communication. By identifying themselves they might open themselves to undue risk of harm in the form of harassment, arrest, search and seizure of personal property, etc. The only way they can bot help preserve individual freedom for others and remain free themseleves is by saying some things anonymously. > They see all forms of nymity as merely one > unified hacksaw of the serf, useful and effective in cutting away > chains of bondage in the Sisyphean struggle for privacy. They certainly see the advantages over the disadvantages. > Detweiler confronted the diverse implications of nymity by elevating > the subject of "nymity" to a study complete in itself. Abstracting > from his writings, Detweiler considered the concept of a "nym > spectrum" involving the key concepts of receiver of a message, > sender, and identity. At various points on the nym spectrum, the > receiver has varying degrees of knowledge about the identity of the > sender. There are times when identity is important, and there are times when it is not. Identity is not important when disclosing a danger - if you yell "FIRE!!!" in a burning building, nobody is going to say "Hold on there... before I get out, what's your name and address, and how can you prove that you are who you are?" They recognize the danger you identified and get out of the building. When I buy a can of fruit juice from the local store and pay with cash, if they ask my name and address, I tell them (politely) to stuff it. You don't need to know my identity to trade a fungible for goods or services. That "need to know" phrase is important here. Identity is only important to reveal if there is a legitimate need to know it, and if that need to know outweighs the risks associated with the knowledge. ... > Detweiler defined the various forms of nymity based on the knowledge > of the sender, say party C. This is his critical distinction that > cypherpunks denied, arguing that all the forms of nymity he saw a > difference between were really interchangeable and indistinguishable, > and therefore identical. They do not recognize any relevance of the > "knowledge" or mental state of the receiver in regards to messages. > (In a sense the philosophy is similar to behaviorism in asserting > the invalidity of internal mental state.) I think the cypherpunks recognize that by being anonymous they risk their message being taken less seriously, but they are willing to take the risk because most people on this list seem to evaluate the content of the message more than the sender anyway. Contrast this list to other lists and you will see far fewer personality issues here because, in part, the moderator doesn't inject his/her personality into the discussion all the time. ... > The cypherpunks argue that there is in principle no difference between > Detweiler's "pseudoanonymity" and the classic "pseudonymity", stating > that anywhere there is an "actual" nym, a receiver cannot be sure it > is not really a formal one, and vice versa (i.e., any nym is > potentially a pseudonym or true name). In fact they say there is > fundamentally no distinction to be made between formal and actual > nyms. No - perhaps some of the cypher punks would argue that, but certainly not most. Many cypherpunks use pseudonyms and we trust them to some extent because of the repeated usage of the pseudonym. > The critical question is of course is how "actual" and "formal" nyms > are defined. What does it mean to "identify" a sender with a nym? > Detweiler adapted to the ambiguities in the following way. He defined > the "actual nym" (or, interchangeably, the "true name") as an > identification for party A if for every context where an actual nym > applies, that party is identified as A. Call this the "actual nym > scenario". The definition appears to be somewhat circular but he was > able to derive conclusions from the premise. Hogwash. A rose by any other name would smell as sweet. Names are just conveniences created as a part of language because we are able to use nouns to identify objects. That guy who runs all.net is just as good as Fred Cohen in terms of identifying me, and I rarely use my full name, and there are otyher people in the world with exactly the same full name as mine - even including the Dr. (a mathematician I believe). > Suppose that a context was established in which the "actual nym" > scenario applied, and a message was identified as from "A". Then "A" > is the actual nym of the sender. Suppose that the context is not > "actual" (the converse will be considered the "formal") and the > message is identified as from B. If there is some "additional > information" that B is a "true name", then B is the actual sender, > and no other party sent the message (forms of the "additional > information clause will be considered below). Otherwise no conclusion > can be made about the actual sender. A lot of conclusions can be made about the sender based on the content and context of the message. > In general, in an "actual context" the actual sender is always the > formal sender. In a formal context, the actual sender is dissociated > from the formal identity of the message, but "independent > information" may pinpoint the actual identity. ... > Obviously contradictions can arise within these definitions if the > sender "lies". Detweiler simply observed that a logical theory could > be built up based on his premises from which conclusions could be > drawn. Furthermore, there is the fundamental observation that in a > formal nymity system, "true" conclusions about actual identity can > only be derived from message contents if participants "don't lie". A > core premise of the theory is that an entity can express statements > such as "my true name is [x]" in the communication system. (This > is one form of the "additional information" clause above.) Baloney. If someone claims to be me (likely a masochist) and I am listening, I can identify it for all to see. As long as the society doesn't tollerate excessive amounts of this and fights back against the lack of integrity, it is likely that any person who does this will be detected. The point here is that identity in the form of a name is only a tag we attach for convenience of associating actions with individuals. It doesn't matter what the name is - I don't know the real name of HOBBIT, but I know that s/he says a lot of sensible things. > The cypherpunks believe that if the communication system includes only > the formal context, there is no such thing as a "lie". Detweiler > however maintained that as long as the actual system exists (or more > particularly the overlay of a formal system over an actual one), lies > can exist, although they may be undetectable within the formal > system. (In this sense it is analogous to a Godel Theorem for Nymity, > making an observation about a phenomenon that "exists" but is > "undetectable" within the formal system, with the parallelism of > "mathematical" and "metamathematical" statements mapping to "formal" > and "actual" communication systems.) Lies are relative things, not absolutes. There is no "actual" system and there never was. Detweiler assumes that the way s/he identifies people is the "actual" system, but that's only one perspective. Many of us have grown up knowing about more than one system of identities, and apparently Detweiler missed this one. > The Detweiler Thesis > > Detweiler had a preoccupation for considering the "community", which > is defined as a formal or actual context in which communication takes > place in both ways between a group of entities (i.e. entity A may be > a receiver of sender B and vice versa for all members of the group). > He explored the implications of both the formally and actually > identified communities, and consistently objected to the actual > identification scheme as at least uninteresting and at most too > constraining, mirroring the quintessentially cypherpunkesque > position. However Detweiler diverged from the philosophy by > repeatedly emphasizing a basic premise, which is currently unprovable > speculation much the same way that the Church-Turing thesis is: in > a formally identified community system where participants don't > "lie" about actual identity, the communication of the "community" is > of "higher quality". The first error is usually the basic assumption. This one is not a very accurate reflection of the reality that many of us in the world live in today. The fact is, our political system is full of people who use one and only one identity and have done so for their entire lives, and yet it is jam packed with lies and crude (As well as sophistocated) attempts at tricking people with communications. The cypherpunks, who have far more uses of pseudonyms have far fewer deceptions and far better communications in my experience. Many things that cannot be proven are actually false. This counterexample demostrated that Detweiler is not just unprovable, s/he is wrong. ... All of the confirmations Detweiler may be able to come up with can't overwhealm the one counterexample just cited, however, I can cite many more counterexamples. By the way, counter to Detweiler's proposition, plenty of scientists lie about results, and many University professors who claim to be scientists lie about the true state of their work so that they can propose research grants that are certain to be successes (it is a common practice to propose work you have already completed so as to assure that you will be successful and thus get the next grant). ... > The idea of a "true name" is a very problematic and perplexing > concept in the same way that the concept of "absolute space" is > troubling to the theory of Newtonian mechanics, which Einsteinian > relativity sought to remove, starting with the premise that "there is > no preferred reference frame". The cypherpunks cite the absurdity of > the "true name" concept in an analogous argument and attempt to > discredit Detweilerian theories on this basis. However the theory is > not based on "true names" but the existence of "entities", hence this > cypherpunk position translated to its most basic form, becomes, > essentially, "unique communication sources (such as 'humans') don't > exist" (or analogously in the Einsteinian metaphor, "mass and energy > do not exist"). I have discounted his/her thesis on the basis of its lack of accurately predicting or reflecting reality and on no other basis. It may be an interesting theory, but in practice it seems to have been refuted. ... > The essence of the idea of "true identification" is that there is a > one-to-one mapping between "entities" and "true names". The > representation of the "true name" is irrelevant. Detweiler certainly > did not make the absurd claim that a "true name" had any special > syntactic properties. He also did not claim that "true name > registries" had to be erected to provide the feature, although they > could support it. At the core of the concept is the idea that every > entity in a "truthful" system must make a choice as to their actual > name identification and not "lie" about its properties in messages > that refer to it. So legal name changes are not allowable? Two people can't have the same name? This doesn't map to the current reality. It sounds more like a government imposed identity number system - like the one in Nazi Germany that contributed to the extermination of 6 million Jews. I'm against it. ... > Detweiler countered by suggesting that communities with communications > based on trust and honesty and the contrary not only both exist, but > that discrepancies between the two probably existed as well and > furthermore were worthy of study. (Again, he conjectured that the > "dishonest" communications forums led to "disharmony" without further > defining the term.) All these distinctions lie in the area Detweiler > denoted under the heading "morality" which again the cypherpunks > generally deny exists in an abstract communications system. He said - she said. It's just a bunch of baloney. Lies are often the basis for harmony and being "too honest" generally gets you very little. The important thing about communication is that you get other people to think about the things you think about. It's just a way of affecting brain states in other entities and nothing more. Truth, lies, and video tape can all do this. > Hence the key formal ideas of the overall theme that communications > systems could lead to significantly different scenarios based on the > "honesty" or "truthfulness" of members of a community with respect to > identity had been addressed for the first time by Detweiler, I appreciate Detweiler's attempt, but it's a failure (oops better try only a partial success) because it doesn't reflect the reality. > but at > great cost to Detweiler's credibility within the cypherpunk circles, > which have rebuffed, ridiculed, and excommunicated him. If you can't take the heat, stay out of the chemistry lab. I say lots of things that people don't like and gripe about. If Detweiler can't shake it off and come back with something better, s/he's overly sensitive. What do you expect? That people will embrace your characterization of them just because you think it's interesting? If Detweiler is really right, then s/he should fight back with the strongest weapons that exist in this forum - the facts. As far as I can see, the facts are against Detweiler, but s/he may prove me wrong in open debate, and as far as I can tell, the cypherpunks will agree with Detweiler if s/he is right. > Detweiler > tended to take this as evidence that the core cypherpunk philosophy > was not about seeking privacy, which he went to pains to demonstrate > existed in his "honest" systems, but rather a sort of denial of the > existence of morality in cyberspace-- that the question of "whether a > message 'lies' about it's authors identity" is inherently > meaningless, a premise he strongly rejected. On this, Detweiler is clearly incorrect from my view. I don't want to waste further space on this. I'm already sorry I spoke up on it and I haven't even sent the mail yet. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From fc at all.net Fri Aug 25 04:45:44 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Fri, 25 Aug 95 04:45:44 PDT Subject: improving the distributed computation In-Reply-To: <"swan.cl.cam.:226410:950825111043"@cl.cam.ac.uk> Message-ID: <9508251143.AA15702@all.net> I thought I might give some free (an worth it) advice on the next round of attempts. This distributed computation is somewhat related to viral computation, and I have learned a few things over the years that may be helpful in doing a better job of it. 1) Abandon the central command way of doing things. Little if any communication is required for this computation, it should be self-distributing to and between volenteer sites. That makes it ideal for implementation as a safe virus. 2) Give these computations a defined and limited lifetime. The problem you have with old versions is because they don't die automatically or even check to see if they are up-to-date and update themselves. 3) Use randomness to break up the search space and redundantly perform the computation. This should eliminate the problems with malicious key-space requests, etc. 4) Use feedback in the form of selective survival/replication to optimize the search and allocate search space. If a processor goes quickly, give it more to do - if it goes slowly, give it less. This will produce an overall system that adapts with time to the cahges in network and system usage so as to optimize overall performance as a function of time. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From rah at shipwright.com Fri Aug 25 04:53:37 1995 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 25 Aug 95 04:53:37 PDT Subject: Two URLs of interest Message-ID: --- begin forwarded text From: Tom Limoncelli Subject: Two URLs of interest To: www-buyinfo at allegra.att.com Date: Thu, 24 Aug 95 22:26:14 EDT Cc: mp at allegra.att.com, drew at allegra.att.com, rn at big.att.com, skbk at research.att.com, tommy at big.att.com, rjf at big.att.com, varga at big.att.com, geoffc at allegra.att.com First, (and not really related to this mailing list) is an article by Arnold Kling explaining why Netscape stock was so popular, and why people who purchased stock in the first couple of hours are now $13/share in the hole. (stock opened at $71, declined to $53ish, and now hovers at $58ish) He also explains where he thinks the price will go. http://www.enews.com/contrib/bagholders.html Second, Pat Robertson's "The 700 Club" now has a WWW site and on it he advertises a new video tape http://the700club.org/cbn/telethon.html where he predicts the end of the world. What has that got to do with "www-buyinfo"? Well, one segment is described as: "This story examines the oncoming rush to digital cash [...] and how quickly businesses, financial institutions, and even the government are moving in this direction." For those of you without a copy of Revelations handy, this is a Mark Of The Beast according to him. You'll have to buy the video to find out why. Revelations is on-line (along with the whole bible) at: http://www.gospelcom.net/cgi-bin/bible?&passage=Revelation Sorry for the almost completely non-technical post. Have a good weekend, y'all! --tal -- Tom Limoncelli -- tal at plts.org (home) -- tal at research.att.com (work) http://mars.superlink.net/user/tal "I tried netsex, didn't like it." http://www.qrd.org/QRD/www/usa/nj "Maybe you just haven't met the http://www.qrd.org/QRD/www/usa/nj/BNNJ right keyboard?" --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From Piete.Brooks at cl.cam.ac.uk Fri Aug 25 05:04:35 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Fri, 25 Aug 95 05:04:35 PDT Subject: improving the distributed computation In-Reply-To: <9508251143.AA15702@all.net> Message-ID: <"swan.cl.cam.:252910:950825120349"@cl.cam.ac.uk> > 1) Abandon the central command way of doing things. Little if any > communication is required for this computation, it should be > self-distributing to and between volenteer sites. That makes it ideal > for implementation as a safe virus. I need some hints as to what the above means, but combined with (3) it becomes trivial ... > 2) Give these computations a defined and limited lifetime. The problem > you have with old versions is because they don't die automatically or > even check to see if they are up-to-date and update themselves. You want self updating code running on *your* system ??? What do you mean by "safe virus" ?? > 3) Use randomness to break up the search space and redundantly perform > the computation. This should eliminate the problems with malicious > key-space requests, etc. If you take this step, you can chuck SKSP altogether. All that is needed is some way to tell the virus to stop when teh answer has been found -- or would you not bother with that ? If random searching were permitted, that would indeed be the way to go. > 4) Use feedback in the form of selective survival/replication to > optimize the search and allocate search space. If a processor goes > quickly, give it more to do - if it goes slowly, give it less. I'm lost -- if thee search is random, you kusst let it run ! > This will produce an overall system that adapts with time to the cahges in > network and system usage so as to optimize overall performance as a > function of time. Eh ? With random searching you just run it on all machines you can ! No adaptation, jusst brute CPU cycles .... Have I missed something ?? From lethin at ai.mit.edu Fri Aug 25 06:30:05 1995 From: lethin at ai.mit.edu (Rich Lethin) Date: Fri, 25 Aug 95 06:30:05 PDT Subject: [pagre@weber.ucsd.edu: computers are the crime scenes of the future] Message-ID: <9508251329.AA27206@grape-nuts> Resent-Date: Thu, 24 Aug 1995 08:08:10 -0700 Date: Thu, 24 Aug 1995 07:59:52 -0700 From: Phil Agre To: rre at weber.ucsd.edu Subject: computers are the crime scenes of the future Resent-From: rre at weber.ucsd.edu Reply-To: rre-maintainers at weber.ucsd.edu X-Url: http://communication.ucsd.edu/pagre/rre.html X-Mailing-List: archive/latest/793 X-Loop: rre at weber.ucsd.edu Precedence: list Resent-Sender: rre-request at weber.ucsd.edu Date: Thu, 24 Aug 1995 01:39:07 -0700 (PDT) From: Michael Papadopoulos Subject: Proper Methods for Seizing Computers from Criminals [ This is the ASCII transcript of a News Release. I have not transcribed additional informative paragraphs which describe the IACIS and the more than 150 different law anforcement agencies which have sent their "best computer specialists to our training conferences ... since 1991. ] *************************************************************** P.P.B CHIEF'S OFFICE TEL: 503-823-0342 Aug. 18, 95 16.15 .............. City of Portland, Oregon, Bureau of Police Vera Katz, Mayor, Charles A. Moose, Chief of Police 1111 SW 2nd Ave.. Portland Oregon 97204 Lieutenant C.W. Jensen Public Information Officer phone: 503 -823-0010 Digital Pager : 790-1779 August 18, 1995 NEWS RELEASE CHIEF MOOSE TO OPEN 6TH ANNUAL IACIS TRAINING CONFERENCE Chief Charles Moose will deliver the opening remarks at the 6th Annual IACIS Training Conference at the Hilton Hotel in Portland on Monday, August 21, 1995 at 10,00 a.m. IACIS is the acronym for the International Association of Computer Investigative Specialists, headquartered here in Oregon. IACIS was founded by Sgt. Tom Seipert of the Portland Police Bureau, and specializes in training law enforcement officers in the proper methods of seizing computers from criminals, and then extracting items of evidence. Computers are the crime scenes of the future, and require special training to seize and examine. The conference will begin with a series of mock computer raids on August 21, 1995, and end on September 1, 1995, with information on the latest technological changes the investigators need to worry about. Approximately 150 students will be attending the conference, some from as far away as Australia, and the major agencies such as the FBI, DEA, Secret Service, IRS Internal Security, and the Georgia Bureau of Investigation will be represented. For additional information about this conference, and questions regarding computer crime investigations, contact Sgt. Tom Seipert at the Hilton hotel, 274-4087. He will be at this number Friday August 18th as well as Saturday and Sunday, August 19th and 20th. ********************************************************************* --- Concurrent VLSI Arch. Group 545 Technology Sq., Rm. 610 MIT AI Lab Cambridge, MA 02139 (617)-253-0972 From trei at process.com Fri Aug 25 07:24:04 1995 From: trei at process.com (Peter Trei) Date: Fri, 25 Aug 95 07:24:04 PDT Subject: SSL Challenge: Are we in trouble? Message-ID: <9508251423.AA15417@toad.com> Well, the server appears to be unable to serve cgi scripts - I get '500 - server error' whenever I try. I cannot report the ~500 segments I swept overnight, nor get new keyspace. I thing it's gotten to the point where the server is the bottleneck on this operation - we seem to have plenty of cpu for sweeps. This will damage our primary goal - to demonstrate how fast 40 bits can be swept. Piete, Adam, could you put a note on the /bute/ root page describing the server status? Thanks Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From mlm at skyrr.is Fri Aug 25 07:53:51 1995 From: mlm at skyrr.is (Magnus Logi Magnusson) Date: Fri, 25 Aug 95 07:53:51 PDT Subject: SSL Challenge: Are we in trouble? In-Reply-To: <9508251423.AA15417@toad.com> Message-ID: <199508251452.AA125582364@hp001c.skyrr.is> > Well, the server appears to be unable to serve cgi scripts - I get > '500 - server error' whenever I try. I cannot report the ~500 segments > I swept overnight, nor get new keyspace. > But what also is realy anoying, when I get through I only get 3 keyspaces, even though I request 16. I can understand the limit probably caused by the guy yesterday who requested 50000 keyspaces 1f-something to ce-something, but I think 3 is way to low. > I thing it's gotten to the point where the server is the bottleneck on > this operation - we seem to have plenty of cpu for sweeps. This will > damage our primary goal - to demonstrate how fast 40 bits can be > swept. > I and a coworker have 4 pentiums (not much compared to some of you) but they are idleing most of the time... > Piete, Adam, could you put a note on the /bute/ root page describing the > server status? Yeah.. whats up? Logi. -- Magnus Logi Magnusson System programmer, State and Municipal Data processing center, Iceland E-mail: mlm at skyrr.is & mlm at rhi.hi.is From frissell at panix.com Fri Aug 25 08:22:01 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 25 Aug 95 08:22:01 PDT Subject: SSL Challenge: some thoughts on the process. Message-ID: <199508251521.LAA17497@panix.com> At 06:24 PM 8/24/95 -6, Peter Trei wrote: >3. Start time was a little ragged - 1800 GMT was named, but the server >seemed to come up at 2PM east coast time, which is (I think) 1900 GMT. I >think that if we selected 8AM west coast time (1600 GMT?) more people >would come online more quickly. 1400 EDT=1800 GMT. This is because GMT=\BST. GMT always stays the same and does not become British Summer Time (or whatever it is Brussels is making the UK call its time zone these days). Another general problem though is that Monday is August Bank Holiday in the UK. That might further delay UK office-based result reporting. Start day-of-the-week should be something like Tuesday. DCF "When one has a peer-to-peer network, it means that 'all Nodes are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty, and the Pursuit of Happiness'." From Piete.Brooks at cl.cam.ac.uk Fri Aug 25 08:26:10 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Fri, 25 Aug 95 08:26:10 PDT Subject: SSL Challenge: Are we in trouble? In-Reply-To: <9508251423.AA15417@toad.com> Message-ID: <"swan.cl.cam.:051560:950825152412"@cl.cam.ac.uk> > Well, the server appears to be unable to serve cgi scripts - I get > '500 - server error' whenever I try. I cannot report the ~500 segments > I swept overnight, nor get new keyspace. Try again ... > I thing it's gotten to the point where the server is the bottleneck on > this operation Has been on & off for some time :-(( > - we seem to have plenty of cpu for sweeps. This will damage our primary > goal - to demonstrate how fast 40 bits can be swept. Well, my tertiary goal ... > Piete, Adam, could you put a note on the /bute/ root page describing the > server status? Done. In brief -- you guessed it -- upgrade to http://www.brute.cl.cam.ac.uk/ftp/pub/ brute/brclient 0.16 and ACK should go a lot quicker, and as people move over to using 0.16, so will allocates ... From jya at pipeline.com Fri Aug 25 08:26:53 1995 From: jya at pipeline.com (John Young) Date: Fri, 25 Aug 95 08:26:53 PDT Subject: KGB_laf Message-ID: <199508251526.LAA09545@pipe2.nyc.pipeline.com> 8-25-95. NYPaper: "C.I.A. Still in Dark on Spy's Damage." Eighteen months after the arrest of Aldrich H. Ames, Moscow's mole inside the Central Intelligence Agency, the agency has still not sounded the depths of the damage he did. The process of looking backward to reconstruct the past and understand the present -- the business of "walking back the cat," in espionage argot -- has proved immensely frustrating. Often he did not know the true names or roles of the people he betrayed. The Soviet (and later the Russian) intelligence services forced some of the men Mr. Ames betrayed to become pawns in a game of deception, using them to feed false information on some of those operations to the C.I.A. in an effort to mislead and mystify the agency. The C.I.A. became a laughing stock for the way in which it investigated itself once it knew its Soviet agents had been betrayed. 8-25-95. W$Japer: "Russia's Threat Beneath the Surface." Most elements of Russias's military arsenal are shrinking in numbers and effectiveness. Yet Russia is still completing construction of submarines begun in the Soviet era, on about the same timetable as the Soviets produced them. Recently, it laid the keel for an even more advanced submarine and will enter the next century with the largest nuclear submarine fleet in the world. That new Russian subs are so quiet is attributable in part to the skill of Russian scientists and engineers, in part to Western technology illicitly acquired, and in part to help from two convicted American spies, John Walker and Jerry Whitworth, who for many years sold U.S. secrets to the Soviet Union. Pair of Karlas: KGB_laf (14kb) From alvin at phys.uit.no Fri Aug 25 08:49:07 1995 From: alvin at phys.uit.no (Alvin Brattli) Date: Fri, 25 Aug 95 08:49:07 PDT Subject: brclient for SGI? Message-ID: <199508251548.RAA26206@geronimo.uit.no> Do any of you other bruters have a copy of the latest brclient that will actually work on an SGI Challenge with IRIX 5.3? If you do, please pretty please mail it to me, as my 'biggie', an 8 processor SGI Challenge is completely idle... aLViN -- | Alvin Brattli | | ----------------------------------------- | | GOD MY HEAD HURTS. Too much thinking | | and not enough brain cells. -- Clint Ruin | From mfroomki at umiami.ir.miami.edu Fri Aug 25 08:51:26 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 25 Aug 95 08:51:26 PDT Subject: Florida Drivers Permits Message-ID: Will, starting next year, containg a digitized photo, plus the current info. The Miami Herald reports that the technology could also be used to store "other" info, such as medical data, or "could be" used by banks. Anyone know any details about the technololgy? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki From pcassidy at world.std.com Fri Aug 25 08:56:32 1995 From: pcassidy at world.std.com (Peter F Cassidy) Date: Fri, 25 Aug 95 08:56:32 PDT Subject: All about Bernstein Message-ID: Folks, I'm the guy who authored an upcoming piece about Bernstein's law suit with the state department for WIRED. WIRED loves the piece but, in the style of popular mags, wants more personal stuff on Bernstein, who is super articulate about the science and law of crypto but super shy about his heroic self. (Guy wouldn't even disclose his age! Had to threaten to throw myself in front of a bus to get him to tell me he's from Long Island!) Editor thinks guy comes across as a ghost, not surpisingly. . . One fellow from the list, following up an appeal I made here for Friends of Bernstein to call me and tell me about the litigant's best qualities, I'd appreciate greatly hearing from again. He called when I'd pretty much passed deadline for manuscript delivery. I'm calling Dan again, but after one trip to Delphi, I dunno if the responses from the Oracle will be any more forthcoming. Thanks and regards to all, Peter Cassidy From Piete.Brooks at cl.cam.ac.uk Fri Aug 25 09:01:31 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Fri, 25 Aug 95 09:01:31 PDT Subject: SSL Challenge: Are we in trouble? In-Reply-To: <199508251452.AA125582364@hp001c.skyrr.is> Message-ID: <"swan.cl.cam.:068530:950825160033"@cl.cam.ac.uk> > But what also is realy anoying, when I get through I only get 3 keyspaces, > even though I request 16. Sorry about that -- someone misconfigured their system and walked through the address sspaxce asking for ranges (size 3) and then discarding them and asking for more. I wasn't really expecting such small holes, so kept the allocation code REAL SIMPLE -- it give the user *upto* the requested amount from the first chunk. I see this is a bit of a bummer for you :-(( I may tweak it to look in subsequent blocks .... >> Piete, Adam, could you put a note on the /bute/ root page describing the >> server status? > Yeah.. whats up? As I said earlier, phase (1) and (2) are upsetting phase (3) ... Basically the WWW interface was calling the SKSP interface and wedging. WWW then used up all its permitted processes, so the WWW server died. [[ PERL gurus out there: how can I avoid the "sh -c" process in $out = `cmd -a 'arg 1'`; ]] I have freed the ACK blockage, and made the allocate code not try quite so hard, and now our WWW server is back in the land of the living. The SKSP server is still seeing null sessions which time out after half a minute -- a bit of a bummeer :-( The hosts concerned are decent citizens most of the time (I think ...) "|23" means "23 seconds after the call started". Any ideas ? 5/08/25 13:59:07 12992 18.43.0.244 {0,0} |11 HELO 1 bal at mit.edu Brian A. LaMacchia,NE43-431,3-0290,868-8042 ++ TIMEOUT ||31 95/08/25 13:59:38 12992 198.68.45.155 {0,0} ++ TIMEOUT ||31 95/08/25 14:01:48 12992 192.232.101.8 {0,0} |1 HELO 1 rgvb at alewife.kodak.com Richard G. von Blucher with ROC UID, GID |2 COMM brc0.14 [dlkt]: brloop0.2 |8 INFO ++ TIMEOUT ||31 95/08/25 14:02:19 12992 128.93.8.103 {0,0} ++ TIMEOUT ||31 95/08/25 14:03:06 12992 198.68.45.155 {0,0} ++ TIMEOUT ||31 95/08/25 14:03:50 12992 128.52.36.30 {0,0} |1 HELO 1 lethin at ai.mit.edu Rich Lethin ++ TIMEOUT ||31 95/08/25 14:05:29 12992 134.95.80.15 {0,0} ++ TIMEOUT ||31 95/08/25 14:06:13 12992 192.232.101.8 {0,0} |1 HELO 1 rgvb at alewife.kodak.com Richard G. von Blucher with ROC UID, GID |6 COMM brc0.14 [dlkt]: brloop0.2 |6 INFO |17 WORK 2977 |29 KEYS 2977 1 ==> 2977 51a8 3 ++ TIMEOUT ||32 95/08/25 14:06:55 12992 198.68.45.155 {0,0} |0 HELO 1 jcastle at in-system.com Jim Castleberry ++ TIMEOUT ||31 95/08/25 14:07:32 12992 204.249.46.33 {0,0} ++ TIMEOUT ||31 95/08/25 14:12:48 12992 163.173.128.233 {0,0} ++ TIMEOUT ||31 95/08/25 14:14:05 12992 204.5.88.180 {0,0} |15 HELO 1 Duncan at hasp.com Duncan J Watson |15 COMM brc0.14 [dLkt]: brl0.04 |18 INFO |26 WORK 29de ++ TIMEOUT ||31 95/08/25 14:15:23 12992 129.69.116.124 {0,1} |0 HELO 1 floeff at mathematik.uni-stuttgart.de Siegfried Loeffler |0 COMM brc0.14 [dlLkt]: brl0.04 |0 INFO ++ TIMEOUT ||31 95/08/25 14:16:30 12992 204.215.255.3 {0,0} ++ TIMEOUT ||31 95/08/25 14:17:33 12992 128.93.8.7 {0,0} |1 HELO 1 damien.doligez at inria.fr Damien Doligez |1 COMM brc0.14 [dlLkt]: brl0.04 ++ TIMEOUT ||31 95/08/25 14:21:12 12992 18.43.0.111 {0,0} ++ TIMEOUT ||31 95/08/25 14:31:35 12992 128.52.36.32 {0,1} |11 HELO 1 lethin at almond-fr.ai.mit.edu Rich Lethin ++ TIMEOUT ||31 95/08/25 14:33:51 12992 193.197.24.49 {0,0} |9 HELO 1 cg at bofh.lake.de Cees de Groot ++ TIMEOUT ||31 95/08/25 14:34:27 12992 202.30.52.1 {0,0} |2 HELO 1 jschoi at seodu.co.kr Choi Jaeseon |18 COMM brc0.08: brloop0.2 ++ TIMEOUT ||31 95/08/25 14:35:05 12992 18.151.0.165 {0,0} |13 HELO 1 zeno at madman.MIT.EDU Richard Duffy ++ TIMEOUT ||31 95/08/25 14:36:28 12992 155.100.229.31 {0,0} ++ TIMEOUT ||32 95/08/25 14:38:02 12992 128.93.8.81 {0,0} |0 HELO 1 damien.doligez at inria.fr Damien Doligez ++ TIMEOUT ||31 95/08/25 14:38:33 12992 155.100.229.31 {0,0} |0 HELO 1 zinc at zifi.genetics.utah.edu zinc,over there,666-HATE,666-LOVE, ++ TIMEOUT ||32 95/08/25 14:39:12 12992 129.13.109.39 {1,0} |0 HELO 1 an121660 at anon.penet.fi Olaf Erb,,, |1 COMM brc0.14 [dlLkt]: brl0.03 |3 INFO |15 WORK 2977 ++ TIMEOUT ||31 95/08/25 14:40:40 12992 198.82.200.50 {0,0} |13 HELO 1 millner at millner.bevc.blacksburg.va.us Robert Millner,,,(540)961-4321, ++ TIMEOUT ||31 95/08/25 14:41:24 12992 18.43.0.163 {0,0} |0 HELO 1 bal at mit.edu Brian A. LaMacchia,NE43-431,3-0290,868-8042 |14 COMM brc0.12: brl0.04 |23 INFO ++ TIMEOUT ||31 95/08/25 14:43:02 12992 204.215.85.69 {0,0} |2 HELO 1 chrisg at glass.lplizard.com Leaping Lizard Software |3 COMM brc0.14 [lkntvV] |27 INFO ++ TIMEOUT ||31 95/08/25 14:45:40 12992 18.43.0.184 {0,0} ++ TIMEOUT ||31 95/08/25 14:54:32 12992 128.93.8.124 {0,0} |0 HELO 1 damien.doligez at inria.fr Damien Doligez |2 COMM brc0.14 [dlLkt]: brl0.04 ++ TIMEOUT ||31 95/08/25 15:00:28 12992 128.174.241.76 {0,0} ++ TIMEOUT ||31 95/08/25 15:03:19 12992 204.5.89.50 {0,0} |12 HELO 1 duncan at hasp.com Duncan |12 COMM brc0.14 [dlLkt]: brl0.04 |13 INFO ++ TIMEOUT ||31 95/08/25 15:03:51 12992 128.93.8.133 {0,0} |24 HELO 1 damien.doligez at inria.fr Damien Doligez ++ TIMEOUT ||32 95/08/25 15:05:37 12992 18.43.0.166 {0,0} ++ TIMEOUT ||31 95/08/25 15:06:57 12992 204.215.255.3 {0,0} ++ TIMEOUT ||31 95/08/25 15:07:33 12992 128.2.198.78 {0,0} |1 HELO 1 hgobioff at GS207.SP.CS.CMU.EDU Howard Gobioff |2 COMM brc0.13 [dlLkt]: brl0.04 |11 INFO |26 WORK 2977 |29 KEYS 2977 1 ==> 2977 566f 3 ++ TIMEOUT ||32 95/08/25 15:09:55 12992 204.249.46.33 {0,0} |12 HELO 1 mike at uac.net Michael |15 COMM brc0.14 [dlLkt]: brl0.04 |22 INFO ++ TIMEOUT ||31 95/08/25 15:14:05 12992 204.215.255.3 {0,0} ++ TIMEOUT ||31 95/08/25 15:16:59 12992 158.152.9.126 {0,0} ++ TIMEOUT ||31 95/08/25 15:17:30 12992 204.5.88.2 {0,0} |20 HELO 1 duncan at hasp.com Duncan J Watson ++ TIMEOUT ||31 95/08/25 15:18:08 12992 140.78.101.30 {0,0} |3 HELO 1 burge at cast.uni-linz.ac.at Mark Burge |8 COMM brc0.08: brloop0.2 ++ TIMEOUT ||31 95/08/25 15:19:02 12992 128.93.8.7 {0,0} |0 HELO 1 damien.doligez at inria.fr Damien Doligez |14 COMM brc0.14 [dlLkt]: brl0.04 ++ TIMEOUT ||31 From hfarkas at ims.advantis.com Fri Aug 25 09:04:24 1995 From: hfarkas at ims.advantis.com (Henry W. Farkas) Date: Fri, 25 Aug 95 09:04:24 PDT Subject: Auto-pgp for pine/elm/tin Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Does anyone know of an addon to the Pine mailer that supports PGP? > the only PGP software i could find required me to first compose a > letter in an editor then run it through a pgp signature program > then finally read it into my favorite mailer. > > I'm looking for something that is hopefully transparent, or if not > relatively quick to do. > ________________________________________________________________________ > Sameer Manek Seawolf at challenger.atc.fhda.edu > ________________________________________________________________________ - ------------------------------------------------------------------------ Yes, it exists, and I'm using it now. I've tried competing products and found this to be the cleanest, smoothest and easiest to install. I have no personal, commercial or financial interest in this product. It does "auto-pgp" for pine, elm and tin. *********************************************************************** * BAP v.1.01 * * Written August 1995 by Bryce Wilcox * * e-mail: * * PGP key id: <617C6DB9> * * snail mail: <2228 Canyon Blvd, Apt. 1E, Boulder, CO, 80302> * * URL: * * BETA TEST VERSION! DO NOT DISTRIBUTE! * * (Note that documentation, among other things, is still unfinished.) * *********************************************************************** I also found the author responsive to my comments and suggestions. Just please do *-NOT-* put your pass phrase in a cleartext file! - ------------------------------------------------------------------------ =========================================================================== Henry W. Farkas | Me? Speak for IBM? Fat chance. hfarkas at ims.advantis.com |------------------------------------------------ hfarkas at vnet.ibm.com | http://newstand.ims.advantis.com/henry henry at nhcc.com | http://www.nhcc.com/~henry - --------------------------------------------------------------------------- PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52 B3 80 34 1C CE 38 EC 53 Public key at: pgp-public-keys at pgp.mit.edu, and other popular key servers. - --------------------------------------------------------------------------- Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not fast, but it's not bad, and we're cheaper than the guy down the street!" =========================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMD30WaDthkLkvrK9AQF6sQP/fVen7ZI4DbgC14y+NPdZYOjaRQ9/jQNT d4StD638OoBRkO7b8efiTd/rNULwuzSPKDiplKwRdE8Bboh4FdSWYvz6wfqgNJcd D3imouQcEt+erjEC2H5haQyZwBHeNNR9mTYhkzoBt4+jMqsRCECduaExyHUOTWFj euOkRqTJ0l4= =2q74 -----END PGP SIGNATURE----- From cg at bofh.lake.de Fri Aug 25 09:52:18 1995 From: cg at bofh.lake.de (Cees de Groot) Date: Fri, 25 Aug 95 09:52:18 PDT Subject: improving the distributed computation In-Reply-To: <9508251143.AA15702@all.net> Message-ID: A non-text attachment was scrubbed... Name: not available Type: application/x-pgp-message Size: 26 bytes Desc: not available URL: From liberty at gate.net Fri Aug 25 10:15:45 1995 From: liberty at gate.net (Jim Ray) Date: Fri, 25 Aug 95 10:15:45 PDT Subject: Florida Drivers Permits Message-ID: <199508251710.NAA26505@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- [Welcome back, Professor] You posted: >Will, starting next year, containg a digitized photo, plus the current >info. >Anyone know any details about the technololgy? Not really. I saw the same story. The name, address, age, & height mentioned are already obvious on licenses, but this may preclude incorrect data entry by FL cops, and counterfeiting (a problem here for *years*). I saw nothing on the digitized photo, but we could be looking at different stories. Phase-in in July, '96. The story I saw suggests that other data, such as tickets, criminal violations (presumably convictions) and "other biographical information" [welfare, credit info] could eventually be included, depending on FL's state budgetary considerations. No author, just "Associated Press," listed on the story, and the card uses a magnetic strip "like those on credit cards" rather than a chip, which may be a mistake [considering the renewal period & my experience with bank-cards]. Story doesn't say it, but it sounds like FL *may* be the first state to do this. Are any other states doing this already? JMR - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMD4DiW1lp8bpvW01AQGF+QP/RG9aTxVeujNDL2ebdyNL558PrtXclUhf 9iLETvzNu/OtplKZXng67SkBkECpbh5LyOpoeRkhhWUANJhcIUhJKhcaUIOmLR2n KLjQ6WnGx5OHXPr53htVrvyg4L6Y0tX5233AEk8iDxxBh79alHmxuklT7s13CPgI k9HklCZ77kg= =teIz - -----END PGP SIGNATURE----- Regards, Jim Ray "Those who deny freedom to others deserve it not for themselves, and, under a just God, cannot long retain it." -- Abraham Lincoln, in a letter to H.L. Pierce, 6-Apr.-1859 - ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray liberty at gate.net - ------------------------------------------------------------------------ Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! email: zldf at clark.net or visit http://www.netresponse.com/zldf ________________________________________________________________________ - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMD4D+SoZzwIn1bdtAQGy+gGAq40gk8nqgdvnSrp6QBQ3jcW5f8kI0wux IoWUKN8tHUaOHuP+s4ImuW6j++Mhht1b =zXwD -----END PGP SIGNATURE----- From wilcoxb at nag.cs.colorado.edu Fri Aug 25 10:20:09 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Fri, 25 Aug 95 10:20:09 PDT Subject: Auto-pgp for pine/elm/tin In-Reply-To: Message-ID: <199508251719.LAA06763@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- My thanks to Henry for a glowing recommendation of my product. Just a few clarifications: Henry W. Farkas wrote: > Yes, it exists, and I'm using it now. I've tried competing products and > found this to be the cleanest, smoothest and easiest to install. I have > no personal, commercial or financial interest in this product. It does > "auto-pgp" for pine, elm and tin. "Bryce's Auto-PGP", or "BAP", is an sh script, so it can be integrated with most Unix programs. Pine, Elm, trn, mh are the only programs that I have personally run it with. (Unless you count "finger" and "cat"...) > *********************************************************************** > * BAP v.1.01 * The current version is BAP v1.0beta in second beta-test. I'm pretty much just waiting on reports from the second batch of beta-testers and then I'll call it 1.0 and send it out to those who requested the first non-beta release. > * URL: * I have no working WWW page at the moment. When I release bap v1.0 I will have a page at http://ucsu.colorado.edu/~wilcoxb/bap.html and possibly at other sites. > I also found the author responsive to my comments and suggestions. > Just please do *-NOT-* put your pass phrase in a cleartext file! BAP gives the user the option of putting her passphrase in a temporary cleartext file. This is to help people who can't input the passphrase manually because their mail program is stingy with stdin. Putting your pasphrase in a temporary cleartext file isn't a good idea, but it is usually a better idea than putting it in an environment variable like PGPPASS. (Ref: Derek Atkins "appnote.txt" which comes with PGP 2.6 distributions.) I'm looking forward to the first general release of BAP. Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMD4GKPWZSllhfG25AQG0eAQAqL0+24+RHdeV6Vb4pxz8ieoD2MuAOXNb hb+cFh3jmokqpIFdnJbPGxbZKIUesbJkh8JkQKRW0iKbTA4UsnAVtD2qksG1qSdH ebC5G77StWlgLZ8E62KOYIruCcj/uXE0oKchEyqvcqIb82TKdwp/2C7Hn2NcCbbN TYKDM6XtsPY= =eZbY -----END PGP SIGNATURE----- From frissell at panix.com Fri Aug 25 10:20:32 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 25 Aug 95 10:20:32 PDT Subject: Search This Space Please Message-ID: <199508251720.NAA08690@panix.com> When one leaves ones machine running all night with the screen turned off, one should be careful to turn the sceen on *before* hitting the power switch. Since hitting an on button switch will turn it off before you collect the search results. I have tried to REJECT this range but haven't been able to figure out the syntax the server expects. I am without fast machines for the weekend. Here it is: ************************************** brutessl ssl.pf 2977 0198 20 assuming the config info is in ssl.pf so go do it ! ************************************** Thanks, DCF From lwp at mail.msen.com Fri Aug 25 10:31:13 1995 From: lwp at mail.msen.com (Lou Poppler) Date: Fri, 25 Aug 95 10:31:13 PDT Subject: for perl experts: brclient problem Message-ID: I sent this originally only to Piete, but as I suspect he is already somewhat busy, I am now also forwarding a copy to the list. I just upgraded to brclient version 0.16. I tried to use it with this command: brclient -Ltssl -a'2977 6284 390a 3 no' I got this result: Use of uninitialized variable at ./brclient line 457, line 1. Failed: 0 I am totally perl.clueless, so I merely refer this to you. :::::::::::::::::::::::::::::::::::::: :: Lou Poppler :: No animals were harmed in the :: http://www.msen.com/~lwp/ :: production of this message. :::::::::::::::::::::::::::::::::::::: From patrick at Verity.COM Fri Aug 25 10:31:46 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Fri, 25 Aug 95 10:31:46 PDT Subject: Cypherpunk Brute Squad [Re: SSL Challenge: Server problems] Message-ID: <9508251723.AA18139@cantina.verity.com> > current requirements > ==================== > > PLEASE ensure that you are using a brclient of at least 0.14 > ("grep comment.inffo brclient" to discover what you are using) > You can updare brclient while brloop is running. > Some people are still running old versions, and this is hammering the server. > > It also helps to run at least brloop 0.05 ("grep BRLOOPCOMMENT brloop"). > Unfortunately the web page under "Socket based key doler" points at brclient 0.13 and brloop 0.04. Could you fix this please:) Thanks, Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From cme at TIS.COM Fri Aug 25 10:43:13 1995 From: cme at TIS.COM (Carl Ellison) Date: Fri, 25 Aug 95 10:43:13 PDT Subject: A 12 Crime w/in & Crime w/out--Ehlers Remark From Carl Ellison Message-ID: <9508251739.AA17852@tis.com> http://aspen.pff.org/forums/read-message.cgi/forum4?number=n0058010101&by=Date&start=0 > Re: A 12 Crime w/in & Crime w/out--Ehlers Remark > > Carl Ellison (cme at tis.com) > Fri Aug 25 17:35:42 1995 (GMT) > > ------------------------------------------------------------------------------- > As I believe Congressman Ehlers pointed out, there is crime in cyberspace and > it is likely to remain a threat forever. > > I refer here to incidents like the Russian hacker's theft of $400,000. > > I do not refer to the use of cyberspace to violate some local ordinance in the > physical world (the prosecution of the California AA BBS based on the local > standards in some Eastern state (Tenn?)). > > My company is in the business of protecting people from attacks within > cyberspace and I believe, personally, that as long as cryptographic policy is > made rational, we citizens and businesses can mount an effective defense > against these threats. This is not an issue of using deadly force in defense. > Because we don't threaten the attacker in return, there is no need for a > specially empowered force (a police force) controlled by an elected government > to achieve this protection. This is an issue of building good walls and doors > -- a strictly defensive action which is appropriate for individuals and > companies to do without government involvement. > > ------------------------------------------------------------------------------- -- Carl M. Ellison cme at tis.com http://www.clark.net/pub/cme/home.html Trusted Information Systems, Inc. http://www.tis.com/ 3060 Washington Road PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 Glenwood MD 21738 Tel:(301)854-6889 FAX:(301)854-5363 From sam at inf.enst.fr Fri Aug 25 10:52:08 1995 From: sam at inf.enst.fr (Samuel Tardieu) Date: Fri, 25 Aug 95 10:52:08 PDT Subject: Challenge / Anything working ? Message-ID: <"uAvWc.0.he4.GoWFm"@gargantua> -----BEGIN PGP SIGNED MESSAGE----- telnet sksp.brute.cl.cam.ac.uk 19957 Trying 128.232.0.90... (then nothing) Isn't it the right server/port ? Sam - -- "La cervelle des petits enfants, ca doit avoir comme un petit gout de noisette" Charles Baudelaire -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAgUBMD4Mi4FdzKExeYBpAQHaMgP+IgjU/SjM6+9rz0sM191xLLrEuCcdeZUL dVkP2VDTCCQqVCH5PyWWvC1O4bunQVgXaW35g6xmDKnnAiALW3UVRsq0QpiBhcrf 8lKZm6ASZWU8TSEoLrmf/kLvqygW9t72D+ktcXokiLe3OvT6Bs41DhHo8c/3go1u 2G/hylhLV9w= =Yz3+ -----END PGP SIGNATURE----- From cme at TIS.COM Fri Aug 25 11:13:45 1995 From: cme at TIS.COM (Carl Ellison) Date: Fri, 25 Aug 95 11:13:45 PDT Subject: NIST Key Escrow Issues Meeting Message-ID: <9508251808.AA21373@tis.com> I don't know if it's been posted, but I have in my hands a statement that these meetings will be open to the public. "The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov " - Carl P.S. Anyone going to CRYPTO95? I'll be there starting tomorrow (Sat). +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From melman at osf.org Fri Aug 25 11:25:59 1995 From: melman at osf.org (Howard Melman) Date: Fri, 25 Aug 95 11:25:59 PDT Subject: Forwarded: FSTC Electronic Check Project News Release Message-ID: <9508251825.AA08000@absolut.osf.org.osf.org> MAJOR BANKING-COMPUTER CONSORTIUM TO DEVELOP ELECTRONIC CHECK FSTC Promises Early Demonstration Using the Internet Media contacts: Mayer Resnick (201) 836-2968, FSTC, Ed Russell (617) 434-6883, Bank of Boston, FSTC URL: http://www.llnl.gov/fstc New York (Aug. XX, 1995) -- The Financial Services Technology Consortium (FSTC) today announced the formation of a multi-industry team to design and implement an lectronic check for use over the Internet by consumers and businesses. FSTC is a consortium whose goal is to utilize emerging technologies to enhance the competitiveness of the financial services industry. The FSTC Electronic Check, which will work within the existing banking infrastructure, brings the benefits of paper checks to electronic commerce, while permitting the increased efficiency and timeliness of doing business on the "net." FSTC expects to demonstrate the Electronic Check within the next two months. "This project is particularly significant because it represents the first collaborative effort by major banks and their industry partners to develop from inception a new financial standard," said Dan Schutzer, FSTC president and Citibank vice president and director of advanced technology. "FSTC's Electronic Check is designed to be open, secure and convenient. It will bring to electronic commerce on the Internet a level of security and confidence currently found only in traditional banking products," Schutzer added. Bank members of the FSTC Electronic Check program are: Bank of America, Bank of Boston, Bank of Montreal, Bank One, Chemical Bank, Citibank, and Wells Fargo Bank. Industry members are: BBN Inc. (Bolt Beranek & Newman), Equifax, IBM Corporation, Information Resources Engineering Inc., National Semiconductor, Sun Microsystems and Telequip. Research and consulting organizations are: Bellcore, Oak Ridge and Sandia National Laboratories, and the University of Southern California-Information Sciences Institute. Advisory members are: Electronic Check Clearing House Organization (ECCHO) and National Automated Clearing House Association (NACHA). Appointed as the FSTC Electronic Check project director is John Doggett, director of applied technology, and as project manager is Frank Jaffe, senior systems consultant, both from Bank of Boston. "As shown by the over 60 billion checks written annually, paper checks are the payment mechanism of choice. We expect the FSTC Electronic Check and its smart-card or PC-card checkbook to become the preferred method for making and receiving payments due to its cost-effectiveness and embedded safety features," Doggett said. "The vision of a bank in your pocket, a bank at your desk, a bank where your are, can now be achieved with the FSTC electronic check," Doggett added. Formed in September 1993, FSTC is a consortium of some 65 organizations comprising banks, financial services firms, industry partners, national laboratories, universities, and government agencies. FSTC sponsors collaborative research and development on technical projects affecting the entire financial services industry and its users with particular emphasis on projects involving electronic commerce. FSTC development projects include interbank check image exchange, electronic commerce, and fraud detection and management. Editor's note: Attached is a brief description of how the FSTC Electronic Check works. A Brief Description of How FSTC Electronic Check Works The FSTC Electronic Check will provide an enhanced all-electronic replacement to the current paper check, and will be useable over any network. Paper checks and checkbooks will be replaced by electronic checkbooks, handwritten signatures will be replaced by digital signatures and the delivery by the postal service by the Internet or other electronic highway. These changes will greatly increase the convenience and security of check writing since the entire process will be automated and integrated into existing applications. By using "smart cards" and PC cards as electronic checkbooks the FSTC Electronic Check will be almost impossible to forge. Unlike paper checks, the person accepting an FSTC Electronic Check for payment will be able to verify that it has not been altered. As with paper checks, electronic checks will be an open payment instrument, providing for third-party services and a variety of payment options, such as travelers', cashiers' and certified checks. FSTC Electronic Checks also integrate into existing interbank clearing networks such as the Federal Reserve System and various automated clearing houses. FSTC's unique approach to the Electronic Check results in a secure, self-authenticating payment instrument that bridges the barrier between the insecure public network and the trusted financial clearing systems. # # # For further information on how FSTC and how FSTC Electronic Check works, please contact: Mayer Resnick (201) 836-2968, FSTC, or Ed Russell (617) 434-6883, Bank of Boston. # # # From Piete.Brooks at cl.cam.ac.uk Fri Aug 25 11:37:57 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Fri, 25 Aug 95 11:37:57 PDT Subject: Cypherpunk Brute Squad [Re: SSL Challenge: Server problems] In-Reply-To: <9508251723.AA18139@cantina.verity.com> Message-ID: <"swan.cl.cam.:133180:950825183721"@cl.cam.ac.uk> >> PLEASE ensure that you are using a brclient of at least 0.14 >> ("grep comment.inffo brclient" to discover what you are using) >> You can updare brclient while brloop is running. >> Some people are still running old versions, and this is hammering the server. >> >> It also helps to run at least brloop 0.05 ("grep BRLOOPCOMMENT brloop"). > Unfortunately the web page under "Socket based key doler" points > at brclient 0.13 and brloop 0.04. Could you fix this please:) I had a similar report before, and it turned out to be an over zealous WWW "cache" :-(( HOWEVER: there is now a new brclient 0.17 which should go faster that pre 0.16 over "slow" links, but shoudl also work over "fast" links (which 0.16 sometimes did not). SO: all 0.16 users should upgrade, just in case the link goes fast! From merriman at arn.net Fri Aug 25 11:49:46 1995 From: merriman at arn.net (David K. Merriman) Date: Fri, 25 Aug 95 11:49:46 PDT Subject: Florida Drivers Permits Message-ID: <199508251855.NAA14828@arnet.arn.net> At 01:10 PM 8/25/95 -0400, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >- -----BEGIN PGP SIGNED MESSAGE----- > >[Welcome back, Professor] You posted: > > >>Will, starting next year, containg a digitized photo, plus the current >>info. > > > >>Anyone know any details about the technololgy? > > > >Not really. > I saw the same story. The name, address, age, & height mentioned >are already obvious on licenses, but this may preclude incorrect data entry >by FL cops, and counterfeiting (a problem here for *years*). I saw nothing >on the digitized photo, but we could be looking at different stories. >Phase-in in July, '96. The story I saw suggests that other data, such as >tickets, criminal violations (presumably convictions) and "other >biographical information" [welfare, credit info] could eventually be >included, depending on FL's state budgetary considerations. No author, >just "Associated Press," listed on the story, and the card uses a magnetic >strip "like those on credit cards" rather than a chip, which may be a >mistake [considering the renewal period & my experience with bank-cards]. >Story doesn't say it, but it sounds like FL *may* be the first state to do >this. Are any other states doing this already? Texas is now issuing similar cards - with the addition of a barcode on the back. Front is going to have UV-reactive writing, and be color-coded for class of license (commercial, chauffer, etc). Happily, I renewed just a couple months ago, so have plenty of time to figure out what I can do to the new DL when I get one :-) Dave Merriman This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From merriman at arn.net Fri Aug 25 11:53:20 1995 From: merriman at arn.net (David K. Merriman) Date: Fri, 25 Aug 95 11:53:20 PDT Subject: brutessl web keyservice Message-ID: <199508251859.NAA14905@arnet.arn.net> Feh. I've been trying to get allocated some more keyspace from the brutessl web page, and keep getting timeouts. Last time, I requested 8 segments, got issued *3*. Dave Merriman This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From merriman at arn.net Fri Aug 25 12:18:23 1995 From: merriman at arn.net (David K. Merriman) Date: Fri, 25 Aug 95 12:18:23 PDT Subject: ssl challenge Message-ID: <199508251929.OAA15415@arnet.arn.net> -----BEGIN PGP SIGNED MESSAGE----- It would be Really Nice if the next version of the brutessl software had a couple of features (particularly for us folks with mini-LANs) - > option to output results to a file (or files, so we can maintain local logging of results: ie, CHAL2a.dat, CHAL2b.dat, etc). > a Windows 3.1 variant (or even win32s) I've got 3 machines (386sx-33, 386DX-20, 486DX2-80), with an option on my roommates machine (386DX-40), all connected via Windows for Workgroups. All 4 are set up with win32s, so could do a *lot* better at keysearches if the software was available. There's plenty of support for Unix variants, and even NT/95, but us humble Win/DOS users are kinda left hanging a bit. Maybe next challenge, we can pre-allocate keyspace based on the results of this one: look at how fast folks are reporting results, and allocate chunks of space accordingly (maybe based on an 8-hour 'cycle'). Sure take some of the load off the poor server :-) Dave Merriman -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMD4E48VrTvyYOzAZAQGSMwP8DWxgb5NVDgvIFuw1BGf0E5TP0swHdyZ1 I4gfIGMtjd1AbtJHbxwILSPwb8+BcqZxZtGQXnYRnyoAkK7FltsiGulWApMXmNUU gtSUMr9xngW+Mwq5ju865Ff5wp7s8Bv3BBTqKGLmXWON1ILbEbjUNwqs4i8+wQU0 PCOgvJndj5M= =dyvQ -----END PGP SIGNATURE----- This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From cwe at Csli.Stanford.EDU Fri Aug 25 12:19:29 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Fri, 25 Aug 95 12:19:29 PDT Subject: Cypherpunk Brute Squad [Re: SSL Challenge: Server problems] In-Reply-To: <9508251723.AA18139@cantina.verity.com> Message-ID: <199508251916.MAA26736@Csli.Stanford.EDU> | > those who have logs | > =================== [about manually updating ACKs] Unfortunately, I don't dare do that, since my machines has crashed a few times. (nightly reboots for example.) I guess you dare do it if there is a no-line in the log. Couldn't you insert some code that measures the time it has taken that particular IP-number to ACK other block, and timeout the reservation after double that time or something similar? In this case you don't run the risk of ACKing a block with the key in it. Some more work for the server! :-) /Christian From lwp at mail.msen.com Fri Aug 25 12:26:35 1995 From: lwp at mail.msen.com (Lou Poppler) Date: Fri, 25 Aug 95 12:26:35 PDT Subject: SOLVED: Re: for perl experts: brclient problem In-Reply-To: Message-ID: This no longer fails in brclient 0.17. (Of course I still get only timouts, but at least it tries) On Fri, 25 Aug 1995, Lou Poppler wrote: > I just upgraded to brclient version 0.16. > I tried to use it with this command: > brclient -Ltssl -a'2977 6284 390a 3 no' > I got this result: > Use of uninitialized variable at ./brclient line 457, line 1. > Failed: 0 :::::::::::::::::::::::::::::::::::::: :: Lou Poppler :: No animals were harmed in the :: http://www.msen.com/~lwp/ :: production of this message. :::::::::::::::::::::::::::::::::::::: From dawagner at tucson.Princeton.EDU Fri Aug 25 12:26:54 1995 From: dawagner at tucson.Princeton.EDU (David A. Wagner) Date: Fri, 25 Aug 95 12:26:54 PDT Subject: Cryptanalysis of S-1 Message-ID: <41l6u3$852@cnn.Princeton.EDU> I just got back from vacation in time to see the brouhaha over S-1. My, my. So I'll describe an attack on S-1 which takes 2^32 known plaintexts and 2^64 operations, assuming that F, G, clear_family, and cipher_family are known (but arbitrary). Tradeoffs are possible: a similar attack breaks S-1 with 2^48 known plaintexts and 2^48 operations. This adds weight to the hypothesis that S-1 is a hoax (assuming that the NSA was trying to design a strong cipher!)... I should point out that this attack works for an arbitrary number of rounds. It shows that increasing the number of rounds will never make S-1 secure. To fix S-1, the key schedule must be repaired. Anyhow, here's the attack. Several people have noted that the S-1 round keys repeat every 5 rounds. I'll take advantage of this with an attack reminiscent of related-key techniques (but I don't need any related-keys, Mind you!). If P is a known plaintext, let P_i denote the intermediate block after i rounds. I'm going to look for a pair of matching plaintexts P,Q: a pair for which P_5 = Q_0. Then we'll have P_{5+j} = Q_j for all j. Pictorially: P_0 P_1 P_2 P_3 P_4 P_5 Q_0 P_6 Q_1 ... ... P_31 Q_26 P_32 Q_27 Q_28 Q_29 Q_30 Q_31 Q_32 The birthday paradox says that with 2^32 known plaintexts, there should be at a matching pair P,Q. If I can recognize it, I can exploit it as follows. Note that (P_0,Q_0) and (P_32,Q_32) are two known plaintext-ciphertext pairs for 5-round S-1. These two known plaintexts for 5-round S-1 are enough to find the 5 round subkeys by standard methods (since we know the inputs and outputs to almost all the F boxes in these two examples). Thus, each pair P,Q will suggest one key value, and the right (matching) pair will suggest the correct key value (which can be easily recognized with one trial decryption). I don't know how to recognize matching pairs directly, but I can try all 2^32 * 2^32 possible pairs, and I'm guaranteed to find the matching plaintext pair if there is one after 2^64 trial decryptions. That's the basic attack. Here's a sketch of how to trade off known plaintexts for time. I'd really like to be able to detect matching pairs easily, because then I'd be able to use a hash table (or sorted list) to find a matching pair more efficiently. So I'll note that I can detect matching pairs pretty accurately if P,Q are in a particular form. I'll construct an oracle which can quickly tell if two plaintext-ciphertext pairs (X,Y) (X',Y') for 5-round S-1 were enciphered with the same key, if they're in a special form. Let A,A' be the 32 bits from X,X' entering the F boxes in round 2; let B,B' be the 16 bits output from the F boxes in round 2; let C,D,C',D' be the 16 bits affected by the F boxes in round 2 from X,Y,X',Y' -- so that D = C ^ B = C ^ f(A ^ K_2) D' = C' ^ B' = C' ^ f(A' ^ K'_2). If K_2 = K'_2 and A = A', then D ^ C should equal D' ^ C'. So this is how I'll construct the oracle: it insists that (X,Y) (X',Y') be of a form so that A = A', and it reports that (X,Y) (X',Y') were enciphered with the same key when D ^ C = D' ^ C'. The oracle will always answer correctly if they were enciphered with the same key, and will answer incorrectly 2^{-16} of the time when the were enciphered with different keys. So now we are considering (X,Y) = (P_0,P_5) = (P_0,Q_0) and (X',Y') = (Q_27,Q_32) = (P_32,Q_32). The oracle's precondition means that 32 bits of P_0 equal a corresponding 32 bits of P_32. The tradeoff attack follows from this. Get 2^48 known plaintexts. Consider only those known plaintext-ciphertext pairs (P_0,P_32) which meet the 32 bit oracle precondition as possibilities for P. There will be 2^16 possibilities for P. Let Q range over all 2^48 possibilities. Then we expect there to be some right matching pair P,Q: the oracle is guaranteed to detect it, and also another 2^48 wrong pairs. Each possible pair P,Q will suggest a key value, so the wrong pairs can be filtered out with a total of 2^48 trial encryptions, leaving only the right pair and the right key value. This would seem to require 2^16 * 2^48 oracle computations since there are 2^16 values for P and 2^48 possibilities for Q. But wait: the oracle can be implemented more efficiently as a table lookup. Store all 2^16 possibilities for P in a lookup table, keyed on the 16 bit value D^C used by the oracle. For each Q, calculate the 16 bit value D' ^ C' and search in the table for a matching D ^ C value (which gives you a possible matching pair P,Q). This technique requires a total of 2^48 table lookups, 2^48 trial decryptions, 2^16 space, and 2^48 known plaintexts. Further tradeoffs between # of known plaintexts and time appear to be possible... I've ignored the issue of the G box throughout. Actually, it does change the number a little bit -- but just by random luck, the two G box outputs should match 1 in 2^2 times, so we only need to increase the complexity of this attack by about 2^2 to account for the G box. The G box didn't add much strength. ------------------------------------------------------------------------------- David Wagner dawagner at princeton.edu From hallam at w3.org Fri Aug 25 13:20:47 1995 From: hallam at w3.org (hallam at w3.org) Date: Fri, 25 Aug 95 13:20:47 PDT Subject: Cryptanalysis of S-1 In-Reply-To: <41l6u3$852@cnn.Princeton.EDU> Message-ID: <9508252019.AA25288@zorch.w3.org> OK lets turn this on its head, I think we now have a good idea of how to build a cipher in clean room conditions such that nobody is aware of the full details of the algorithm. Team 1: Develop an encryption network, implement as hardware Team 2: Test various combinations of keyspace.features without being exposed to inner workings of the cipher. Develop your Clipper chip this way and nobody can reveal the source. Fun huh? I think we are about to see a cascade of Skipjack hoaxes regardless of the provenance of the original. Now people have the idea the clueless newbies will try. I'm suprised nobody has tried before, I thought of constructing a Skipjack hoax based on DES but with larger S boxes. S1 could be made to run very fast, a straight through pipeline would be very nice in hardware. Anyone care to suggest how a secure cipher might be based on it (ie appart form the clearly bogus key schedule)? I think a score sheet is in order, marks out of 5 for what? Distribution, technical ingenuity, credibility, annoying Dorothy, hardware suitability, software suitability... ? Perhaps the NSA might volunteer to serve the page with the cumulative judgments. Phill From jis at mit.edu Fri Aug 25 13:27:39 1995 From: jis at mit.edu (Jeffrey I. Schiller) Date: Fri, 25 Aug 95 13:27:39 PDT Subject: PGPfone (BETA TEST) is released Message-ID: <9508252027.AA23240@big-screw> -----BEGIN PGP SIGNED MESSAGE----- MIT is pleased to announce that it is now distributing the BETA TEST release of PGPfone. "PGPfone (Pretty Good Privacy Phone) is a software package that turns your desktop or notebook computer into a secure telephone. It uses speech compression and strong cryptography protocols to give you the ability to have a real-time secure telephone conversation." The Beta Test is only currently available for people with Macintosh computers. A Windows 95 version is also in the works. We are distributing PGPfone in the U.S. and Canada via anonymous FTP and via the World Wide Web. Anonymous FTP users should get the file "/pub/PGPfone/README" from net-dist.mit.edu. It provides instructions on how to download PGPfone. Web Users should go to the PGPfone Home Page at: http://web.mit.edu/network/pgpfone -Jeff -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMD4xcMUtR20Nv5BtAQGUqwQAmaOxhnbTyqdC5RicIEmiad8UbzdeJEXZ vfdzCZl4qm94JlohYAby/hDIFqo6cPW504o7CSoWPiEGDi7AYMEX0tq3wdAIdklR 2d/AqW45YWtPrfSdLjF8+xwI41kp/lYSqF9V9ZXycguENjdhd8bnI89tT3Ah20JF kL4q193/2O8= =9pv/ -----END PGP SIGNATURE----- From jim at rand.org Fri Aug 25 13:36:10 1995 From: jim at rand.org (Jim Gillogly) Date: Fri, 25 Aug 95 13:36:10 PDT Subject: Approved Escrow Agents (forget GAK Motel) Message-ID: <199508252035.NAA05527@mycroft.rand.org> Here are some discussion papers for the upcoming NIST-sponsored conference on 6-7 Sep 95 in DC. Note the footnote in the 2nd paper: (*1) "Approved," for the purposes of this discussion, means that the government (or its agent) has formally granted permission for an organization to hold keys for exportable encryption products. I'd been working on some GAK slogans based on Roach Motel... into the dumpster with "Keys go in, but they never come out!" -- too bad. Jim "GAK Motel" Gillogly Sterday, 3 Halimath S.R. 1995, 20:32 ___________________________________________________________________________ Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #1 Issues -- Export of Software Key Escrowed Encryption On August 17, 1995, the Administration announced its proposal to permit the ready export of software encryption provided that the products use algorithms with key space that does not exceed 64 bits and the key(s) required to decrypt messages/files are escrowed with approved escrow agents. Under the proposal, products will be reviewed to verify that they satisfy the criteria and, if so, they will be transferred to the Commodity Control List administered by the Department of Commerce where the products can be exported under a general license (in much the same way that 40-bit RC2/RC4 encryption is licensed today). We are working toward creating broadly stated criteria that are in the nature of performance specifications. To meet these criteria, encryption products will need to implement key escrow mechanisms that cannot be readily altered or bypassed so as to defeat the purposes of key escrowing. The criteria, when finalized and published, will state the objectives, but not the exact technical method(s), by which those objectives are satisfied. This is to provide software publishers the flexibility to design methods for meeting our stated objectives in a manner that is compatible with the design of their products. There are, therefore, a number of questions we must work together to answer in order to draft effective criteria. These questions are: * Avoiding multiple encryption -- How can the product be designed so as to prevent doubling (or tripling, etc.) the key space of the algorithm? * Disabling the key escrow mechanism -- How can products be made resistant to alteration that would disable or circumvent the key escrow mechanism? How can the "static patch" problem be avoided? How can this be tested? * Access to escrow information -- What mechanisms must be designed into encryption products to allow authorized access to escrowed keys? This likely includes the identity of the key escrow agent(s) and a serial number for the key escrow agent to use to identify the key(s)/component(s) necessary to decrypt the message. What other information will be necessary to be provided to the escrow agent to identify the necessary key(s)/component(s)? Are there other comparable viable approaches? * Non-escrowed use -- How can products be made so that they do not function with non-escrowed products (or tampered escrowed products)? How can this be tested? * Limiting surveillance -- How can products be designed so that information both sent and received by the user can be decrypted without release of keys of other users? * Practical Key Access -- How can mechanisms be designed so that repeated involvement of escrow agents is not required for decryption for multiple files/messages during the specified access period? * Assurance that keys are escrowed -- How can it be assured that key escrow products are indeed satisfactorily escrowed? For example, products could be required to be escrowed at time of manufacture or be made inoperable until properly escrowed. * Ability to re-escrow keys -- How can products be designed so that new keys can be escrowed at the user's discretion with a U.S. Government approved escrow agent? * Certified escrow agents -- Can products be designed so that only escrow agents certified by the U.S. government (domestic, or under suitable arrangements, foreign) are utilized? What should be the criteria for an acceptable U.S. escrow agent? -------------- With your input, we are hopeful that this effort will lead to definitive criteria, which will facilitate the development of exportable products and help minimize the time required to obtain export licenses. The Administration seeks to finalize such criteria and make formal conforming modifications to the export regulations before the end of 1995. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e- mail: carlton at micf.nist.gov. 8/25/94 ----------------------------- Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #2 Discussion Issues: Desirable Characteristics for Key Escrow Agents In the government's recent announcement of its intent to allow the export of 64-bit software key escrow encryption products, one stipulation was that the keys would be escrowed with an approved key escrow agent.(*1) Exactly what qualifications/considerations are appropriate for approval as a key escrow agent have not been defined. Some of the issues which need to be discussed and resolved include the following: * What kinds of organizations should be excluded from consideration as approved key escrow agents? * What sort of legal agreement between the government and the key escrow agent is necessary to stipulate the responsibilities of the agent? Should this include the terms and conditions under which release of a key is required? * How will liability for unauthorized release of key be handled? * Should, for example, intentionally misreleasing or destroying a key be criminalized? Should this include other actions? * How can the government's needs for confidentiality of key release be handled? * Should approval of key escrow agents be tied to a public key infrastructure (for digital signatures and other purposes)? * What procedures need to be developed for the storage and safeguarding of keys? * What are the acceptable performance criteria (e.g., around- the-clock availability, accessibility, reliability, etc.) for approved key escrow agents? * Under what circumstances will key escrow agents in foreign countries be approved? * What process will be used to approve escrow agents? Costs/who pays? - - - --------- (*1) "Approved," for the purposes of this discussion, means that the government (or its agent) has formally granted permission for an organization to hold keys for exportable encryption products. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov. 8/25/95 ___________________________________________________________________________ From banisar at epic.org Fri Aug 25 13:37:27 1995 From: banisar at epic.org (Dave Banisar) Date: Fri, 25 Aug 95 13:37:27 PDT Subject: NIST Key Escrow Papers Message-ID: fyi... ---- August 25, 1995 MEMORANDUM FOR Registrants for the Sept. 6-7, 1995 Key Escrow Issues Meeting From: NIST - Ed Roback Subject: Discussion Papers Attached for your information are two discussion papers for the upcoming September 6-7, 1995 Key Escrow Issues Meeting to be held at NIST. If you have any questions on this material, you may reach me on 301-975-3696. I look forward to seeing you in September. Attachments ------------------------ Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #1 Issues -- Export of Software Key Escrowed Encryption On August 17, 1995, the Administration announced its proposal to permit the ready export of software encryption provided that the products use algorithms with key space that does not exceed 64 bits and the key(s) required to decrypt messages/files are escrowed with approved escrow agents. Under the proposal, products will be reviewed to verify that they satisfy the criteria and, if so, they will be transferred to the Commodity Control List administered by the Department of Commerce where the products can be exported under a general license (in much the same way that 40-bit RC2/RC4 encryption is licensed today). We are working toward creating broadly stated criteria that are in the nature of performance specifications. To meet these criteria, encryption products will need to implement key escrow mechanisms that cannot be readily altered or bypassed so as to defeat the purposes of key escrowing. The criteria, when finalized and published, will state the objectives, but not the exact technical method(s), by which those objectives are satisfied. This is to provide software publishers the flexibility to design methods for meeting our stated objectives in a manner that is compatible with the design of their products. There are, therefore, a number of questions we must work together to answer in order to draft effective criteria. These questions are: * Avoiding multiple encryption -- How can the product be designed so as to prevent doubling (or tripling, etc.) the key space of the algorithm? * Disabling the key escrow mechanism -- How can products be made resistant to alteration that would disable or circumvent the key escrow mechanism? How can the "static patch" problem be avoided? How can this be tested? * Access to escrow information -- What mechanisms must be designed into encryption products to allow authorized access to escrowed keys? This likely includes the identity of the key escrow agent(s) and a serial number for the key escrow agent to use to identify the key(s)/component(s) necessary to decrypt the message. What other information will be necessary to be provided to the escrow agent to identify the necessary key(s)/component(s)? Are there other comparable viable approaches? * Non-escrowed use -- How can products be made so that they do not function with non-escrowed products (or tampered escrowed products)? How can this be tested? * Limiting surveillance -- How can products be designed so that information both sent and received by the user can be decrypted without release of keys of other users? * Practical Key Access -- How can mechanisms be designed so that repeated involvement of escrow agents is not required for decryption for multiple files/messages during the specified access period? * Assurance that keys are escrowed -- How can it be assured that key escrow products are indeed satisfactorily escrowed? For example, products could be required to be escrowed at time of manufacture or be made inoperable until properly escrowed. * Ability to re-escrow keys -- How can products be designed so that new keys can be escrowed at the user's discretion with a U.S. Government approved escrow agent? * Certified escrow agents -- Can products be designed so that only escrow agents certified by the U.S. government (domestic, or under suitable arrangements, foreign) are utilized? What should be the criteria for an acceptable U.S. escrow agent? -------------- With your input, we are hopeful that this effort will lead to definitive criteria, which will facilitate the development of exportable products and help minimize the time required to obtain export licenses. The Administration seeks to finalize such criteria and make formal conforming modifications to the export regulations before the end of 1995. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e- mail: carlton at micf.nist.gov. 8/25/94 ----------------------------- Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #2 Discussion Issues: Desirable Characteristics for Key Escrow Agents In the government's recent announcement of its intent to allow the export of 64-bit software key escrow encryption products, one stipulation was that the keys would be escrowed with an approved key escrow agent.(*1) Exactly what qualifications/considerations are appropriate for approval as a key escrow agent have not been defined. Some of the issues which need to be discussed and resolved include the following: * What kinds of organizations should be excluded from consideration as approved key escrow agents? * What sort of legal agreement between the government and the key escrow agent is necessary to stipulate the responsibilities of the agent? Should this include the terms and conditions under which release of a key is required? * How will liability for unauthorized release of key be handled? * Should, for example, intentionally misreleasing or destroying a key be criminalized? Should this include other actions? * How can the government's needs for confidentiality of key release be handled? * Should approval of key escrow agents be tied to a public key infrastructure (for digital signatures and other purposes)? * What procedures need to be developed for the storage and safeguarding of keys? * What are the acceptable performance criteria (e.g., around- the-clock availability, accessibility, reliability, etc.) for approved key escrow agents? * Under what circumstances will key escrow agents in foreign countries be approved? * What process will be used to approve escrow agents? Costs/who pays? --------- (*1) "Approved," for the purposes of this discussion, means that the government (or its agent) has formally granted permission for an organization to hold keys for exportable encryption products. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov. 8/25/95 _________________________________________________________________________ Subject: NIST Key Escrow Papers _________________________________________________________________________ David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://epic.org Washington, DC 20003 * ftp/gopher/wais cpsr.org From txomsy at ebi.ac.uk Fri Aug 25 13:42:22 1995 From: txomsy at ebi.ac.uk (J. R. Valverde (EMBL Outstation: the EBI)) Date: Fri, 25 Aug 95 13:42:22 PDT Subject: Cypherpunk Brute Squad [Re: SSL Challenge: Server problems] In-Reply-To: <"swan.cl.cam.:226410:950825111043"@cl.cam.ac.uk> Message-ID: <199508252041.VAA01686@neptune.ebi.ac.uk> I've had a power down and had to shutdown most machines. On coming back decided to update the versions of brloop and brclient... Now I'm trying to run on AXP/OSF/1 and MIPS/Ultrix machines the latest versions and don't seem to be able to get a damn piece of keyspace... Besides many timeouts I also get Server timing problem: Goodbye unknown -- you have been timed out which I assume is a message from the server telling me it's too loaded, and No input when expecting an ACK line which sound even worst... I've been having trouble getting keys all the afternoon now, what a pity. BTW, the versions I'm running now are brloop 0.05 and brclient 0.16 and since I'm in Cambridgeshire-UK too, with a 2Mbps link, I doubt that the timeout is due to congestion on the net. Any suggestions? Or is it only the overload in the server that's giving me nightmares? jr From Piete.Brooks at cl.cam.ac.uk Fri Aug 25 14:02:25 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Fri, 25 Aug 95 14:02:25 PDT Subject: ssl challenge In-Reply-To: <199508251929.OAA15415@arnet.arn.net> Message-ID: <"swan.cl.cam.:178620:950825210158"@cl.cam.ac.uk> > > option to output results to a file (or files, so we can maintain > local logging of results: ie, CHAL2a.dat, CHAL2b.dat, etc). Done -- in brl0.06 The whole code runs without writing any files, so it defaults to /dev/null, but you can point it whatre you like (e.g. logkeys=log-`uname -n`) > > a Windows 3.1 variant (or even win32s) Not my area .... > Maybe next challenge, we can pre-allocate keyspace based on the results of > this one: look at how fast folks are reporting results, and allocate chunks > of space accordingly (maybe based on an 8-hour 'cycle'). Sure take some of > the load off the poor server :-) It would seem reasonable to allocate say "2/3rds of what you scanned last time" in advance ... From iagoldbe at calum.csclub.uwaterloo.ca Fri Aug 25 14:39:28 1995 From: iagoldbe at calum.csclub.uwaterloo.ca (Ian Goldberg) Date: Fri, 25 Aug 95 14:39:28 PDT Subject: SSL Challenge: Are we in trouble? In-Reply-To: <"swan.cl.cam.:068530:950825160033"@cl.cam.ac.uk> Message-ID: <199508252137.RAA18903@calum.csclub.uwaterloo.ca> > [[ PERL gurus out there: how can I avoid the "sh -c" process in > $out = `cmd -a 'arg 1'`; > ]] > open(CMD, "-|") || exec 'cmd', '-a', 'arg 1'; $out = ; ## Gets one line close(CMD); Use $out = join('',); instead of the second line above to get the whole output at once. ---------.. ._ _.------------ Ian Goldberg University of Waterloo Computer Science Club iagoldberg at csclub.uwaterloo.ca unsigned bar(unsigned a){return a?bar(a<<1)<<1|a>a<<1>>1:1>>1;} From Piete.Brooks at cl.cam.ac.uk Fri Aug 25 14:52:29 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Fri, 25 Aug 95 14:52:29 PDT Subject: Cypherpunk Brute Squad [Re: SSL Challenge: Server problems] In-Reply-To: <199508252041.VAA01686@neptune.ebi.ac.uk> Message-ID: <"swan.cl.cam.:196070:950825215208"@cl.cam.ac.uk> > Server timing problem: Goodbye unknown -- you have been timed out > which I assume is a message from the server telling me it's too loaded, No -- it means that you were taking too long to respond, so it timed you out. > No input when expecting an ACK line > which sound even worst... I've been having trouble getting keys all the > afternoon now, what a pity. brclient -k failed to get any keys, so brutessl didn't generate any output, so brclient -A didn't get any input :-( Latest brloop should avoid this by not calling brutessl if brclient -k failed and also not calling brclient -A if brutessl didn't run / failed. > BTW, the versions I'm running now are brloop 0.05 and brclient 0.16 and > since I'm in Cambridgeshire-UK too, with a 2Mbps link, I doubt that the > timeout is due to congestion on the net. Well, the problem with brclient 0.16 was that a "go faster" stripe made it go *too* fast if local, perl losses data, so it times out :-(( > Any suggestions? Or is it only the overload in the server that's giving > me nightmares? Kind of -- slow clients hogging the single threaded (idle) server :-(( From anon-remailer at utopia.hacktic.nl Fri Aug 25 14:55:24 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Fri, 25 Aug 95 14:55:24 PDT Subject: Wide Release (Re: PGPfone (BETA TEST) is released) Message-ID: <199508252155.XAA06116@utopia.hacktic.nl> ftp host: net-dist.mit.edu, AKA bitsy.mit.edu 220 bitsy FTP server (Version wu-2.4(1) Thu Apr 14 20:21:35 EDT 1994) ready. USER ftp 331 Guest login ok, send your complete e-mail address as password. PASS ***** 230-Welcome, archive user! This is an experimental FTP server. If have any 230-unusual problems, please report them via e-mail to ftp-bugs at bitsy 230-If you do have problems, please try using a dash (-) as the first character 230-of your password -- this will turn off the continuation messages that may 230-be confusing your ftp client. 230- 230-Please read the file README 230- it was last modified on Sat May 28 19:19:36 1988 - 2643 days ago 230 Guest login ok, access restrictions apply. PWD 257 "/" is current directory. MACB E 500 'MACB E': command not understood. TYPE A 200 Type set to A. CWD /pub/PGPfone 250-Please read the file README 250- it was last modified on Fri Aug 25 15:52:05 1995 - 0 days ago 250 CWD command successful. PORT 199,117,100,36,7,146 200 PORT command successful. LIST 150 Opening ASCII mode data connection for /bin/ls. total 29 -r--r--r-- 1 0 1001 4287 Aug 25 15:52 README drwxr-x--- 4 1 27 512 Aug 25 17:00 dist -r--r--r-- 1 0 1001 2172 Aug 24 22:02 mitlicen.txt -r--r--r-- 1 0 1001 19546 Aug 24 23:43 rsalicen.txt 226 Transfer complete. CWD /pub/PGPfone/dist 250 CWD command successful. PORT 199,117,100,36,4,177 200 PORT command successful. LIST 150 Opening ASCII mode data connection for /bin/ls. total 2 drwxr-xr-x 2 435 27 512 Aug 25 15:24 U.S.-only-XXXX drwxrwxr-x 2 0 27 512 Aug 25 15:13 secret99 226 Transfer complete. CWD /pub/PGPfone/dist/secret99 250 CWD command successful. PORT 199,117,100,36,7,178 200 PORT command successful. LIST 150 Opening ASCII mode data connection for /bin/ls. total 2271 -r--r--r-- 1 0 27 764444 Aug 25 15:12 PGPfone10.sea.Hqx -r--r--r-- 1 0 27 751220 Aug 25 12:50 PGPfone10.sea.Hqx.OLD -r--r--r-- 1 0 27 750964 Aug 24 23:30 PGPfone10.sea.Hqx.OLDER -r--r--r-- 1 0 27 2172 Aug 24 22:02 mitlicen.txt -r--r--r-- 1 0 27 19546 Aug 24 23:43 rsalicen.txt 226 Transfer complete. CWD /pub/PGPfone/dist/U.S.-only-XXXX 250 CWD command successful. PORT 199,117,100,36,6,161 200 PORT command successful. LIST 150 Opening ASCII mode data connection for /bin/ls. total 760 -r--r--r-- 1 0 27 764444 Aug 25 15:12 PGPfone10.sea.Hqx 226 Transfer complete. From sjb at austin.ibm.com Fri Aug 25 15:22:53 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Fri, 25 Aug 95 15:22:53 PDT Subject: random coincidences In-Reply-To: <199508250707.AAA14271@quesnay.Berkeley.EDU> Message-ID: <9508252222.AA14188@ozymandias.austin.ibm.com> Sam Quigley writes >What are some of the more common "coincidences" and non-random >correlations that ordinary random number generators (ones found in >common computer languages that don't take extensive measures to be >random) have? The most common one is "linear correlation" between successive random values. The typical PRNG supplied with compilers is what's called a "linear congruential random number generator", which has something like: S0 = (user supplied seed) Sn+1 = ( a * Sn + b ) mod c Rn = f(n) The choice of constants a, b, and c are critical to the process. A decent practical discussion is in "Numerical Recipes in C". If you take N successive random numbers and interpret them as a point in an N-dimensional space, then the points generated by the linear congruential PRNG don't tend to fill up the space as they would in the "true" random case. They tend to lie on N-1 dimensional planes instead, and when a, b, and c are chosen poorly, sometimes *very* few such planes. >It seems that there's a lot of fuss about getting very random numbers, >but unless the numbers produced by ordinary measures have very obvious >coincidences, maybe it's a big fuss about nothing...? If NetScape uses such a PRNG to select 40bit keys for SSL, then the work to be done in brute-force search going on right now might be *significantly* reduced by knowing the planes on which the numbers lie. If the constants are particularly poor, there might be as little as ten or twelve bits of real key. You could search that on a *Newton* in less than an hour or so --- nevermind the MasPars and such being used in the current project. From dhenson at itsnet.com Fri Aug 25 16:07:36 1995 From: dhenson at itsnet.com (Don Henson) Date: Fri, 25 Aug 95 16:07:36 PDT Subject: Over 500 'Munitions T-shirts' Shipped! Message-ID: <199508252321.RAA02314@scratchy.itsnet.com> We have thus far shipped over 500 of the RSA/Perl Munition T-shirts. Orders are still pouring in. Don't be left out. Order your's today. (Read some comments of our customers at the end of this post.) Now you can wear a TSHIRT that has been classified as a MUNITION by the US Goverment. That's right! The US International Traffic in Arms Regulations (ITAR) makes exporting cyrptographic materials illegal. ITAR further defines export as providing cryptographic information to a non-US/Canadian citizen even if you are inside the US at the time. Providing information is further defined as telling or showing information to a non-US/Canadian citizen. The Munitions Tshirt has a Perl implementation of the RSA algorithm (the one used by PGP) printed on the front along with a bar-code of the same algorithm. What all the above means is that if you wear the Munitions Tshirt where a non-US/Canadian citizen can see it, even if it is inside the US, you have just exported cryptographic material (which is already freely available outside the US) and have become a criminal in the eyes of the US Government. Now you too can become an international arms dealer for the price of a tshirt (US$15.95 - US$29.95, depending on size) and the guts to wear it. If you are a non-US/Canadian citizen, you can still own a Munitons Tshirt by ordering the tshirt from a source that is outside the US. The email response to a request for info (see next paragraph) includes full instructions for ordering the tshirt no matter where you live. For more information on how to own this classic example of civil disobedience, just send email to wepinsto at colossus.net with the subject of 'SHIRT'. (You don't have to be a US/Canadian citizen to request the info.) Or, if you have WWW access, just point your Web browser to: http://colossus.net/wepinsto/wshome.html By the way, 25% of the profits from the sale of the tshirt (in the US/Canada) goes to the PHIL ZIMMERMANN LEGAL DEFENSE FUND to help defend the author of PGP from harassment and possible prosecution by the Fedgoons. And if you get arrested for wearing the Munitions Tshirt, we'll refund your purchase price. :-) ====++++====++++ Here are some testimonials from a few of our many satisfied customers: "Got mine this afternoon. Wooohhaah!! Already had some folks at Blockbusters point, mumble to themselves, and then ask me what the munitions warning meant. This is going to be fun!! I'm a cyphernerd for sure..." "Thanks for the great T-shirt. I'm making copies of your paper order form for others." "I think I'll have to wear the shirt over to Logan Airport and hang around the International Arrivals terminal a few times. " "I received the T-shirt on 8/3. Thank you, it has been a pleasure dealing with you!" "The first thing that I did after it arrived was to don it and then go visit the office of one of our visiting researchers from Russia. :)~" ====++++====++++ Get your Munitions Tshirt now. Who knows how long they'll stay in production! Don Henson, Managing Director (PGP Key ID = 0X03002DC9) West El Paso Information Network (WEPIN) Check out The WEPIN Store at URL: http://colossus.net/wepinsto/wshome.html From trei at process.com Fri Aug 25 17:11:15 1995 From: trei at process.com (Peter Trei) Date: Fri, 25 Aug 95 17:11:15 PDT Subject: Progress so far Message-ID: <9508260011.AA28611@toad.com> Well, we're now about 30 hours into the crack, and here are some very rough stats. We've swept a bit over 1/4 of the keyspace. Only 60% of requests have been ACKed so far - PLEASE check to make sure your acks have been recorded. The largest segments completed are a 128 (mine), and 4 100's (3 are mine :-) Over 9000 segments have been swept in 3-segment chunks, by far the most popular size. I count people from uk, at, se, ee, fr, ie, kr, nl, de, no, au, za, nz, fi, ca, be, is, and us, by a casual inspection - I'm sure there are more. It's pretty clear that the server is the bottleneck, though also looks like some people are biting off more than they can chew. I would have probably swept another couple hundred today if I could have obtained the key space. Since a lot of sweepers are not on the cpunk list, notices of updates and progress would be well put in the /brute/ page. I'm going away for a week and a half's vacation. I'll try to watch for results in sci.crypt, but I probably won't see the cpunk list until I'm back. Good luck! Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei at process.com From monty.harder at famend.com Fri Aug 25 17:42:54 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Fri, 25 Aug 95 17:42:54 PDT Subject: SSL CHALLENGE: I told you so.... Message-ID: <8AFD417.000300036F.uuout@famend.com> PT> I've been looking at the allocated list of keys, and I notice a possible PT> problem: One user has allocated 50,000 segements: PT> PT> 0c2b-cf7a NOACK 0c2b 50000 Joe Thomas -o- PT> I can't contact the server to request keyspace anymore - I get a PT> '500 Server error' PT> PT> It looks like 12 hours on a P5/90 are going to waste (could have done PT> 90 segments) -o- RL> The bottleneck at the server is pretty awful. My clients are spending RL> most of their time in timeout, waiting for keyspace. As I watch you fumbling for keyspace IN REAL TIME.... This is a great time for me to say "I told you so" WRT the doling of keyspace. It is far better to sign up your volunteers, CHECK THE ALLOCATION, and hand out starting keys, before there is even a challenge to brute. The quad-coverage scheme I outlined before allows sufficient protection against dropouts (whether accidental or malicious), so that a single person who asked for some keyspace, but was unable to actually sweep it, would not hurt the effort. Those who fail to ACK (once it is certain that the client does in fact issue it - should have some parallel means of acking) should have their allocation, based on my evolving formula available_mips = mips * idle_rate * .5**(unacks/sweeps) for the next challenge reduced, reflecting previous unreliability. Set up a sign-up period, add up the total available mips, figure the share that each person should get, and assign keyspace accordingly via direct Imail to each participant. The next level of abstraction is to not only give a start..end and direction, as I previously outlined, but supply a scaling factor in the challenge release. That way, any late entries can automagically be inserted into the keyspace, by squeezing everyone according to the final total of available_mips. Once the proverbial clock is running, there should be no need to discuss who will do what. That is what the huddle is for. Or, to string along the analogy, I guess Steve Young should just go up to the line, take the ball from center, and then give hand signals to Jerry Rice while a 300-pound defensive lineman is zeroing in on him, because the linemen are standing around wondering whom to block. Geez. It would be better not to even have a damned keyserver at all, but to just have everybody pick a random start location, than to do it this way. * A child said "Mommy, why is the man with the crown naked?" * A child said "Mommy, why is the man with the crown naked?" --- * Monster at FAmend.Com * From loofbour at cis.ohio-state.edu Fri Aug 25 17:54:34 1995 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Fri, 25 Aug 95 17:54:34 PDT Subject: SSL CHALLENGE: I told you so.... In-Reply-To: <8AFD417.000300036F.uuout@famend.com> Message-ID: <199508260054.UAA26805@hammond.cis.ohio-state.edu> MONTY HARDER writes: > Geez. It would be better not to even have a damned keyserver at all, > but to just have everybody pick a random start location, than to do it > this way. I think this would make an interesting comparison versus the present system. Maybe the next challenge...? nathan From cklaus at iss.net Fri Aug 25 18:31:24 1995 From: cklaus at iss.net (Christopher Klaus) Date: Fri, 25 Aug 95 18:31:24 PDT Subject: Security Mailing Lists Message-ID: <199508250052.RAA02427@iss.net> This was put together to hopefully promote greater awareness of the security lists that already exist. Most security mailing lists have been only announced once and it was only word of mouth that it would acquire new members. This list should hopefully make the membership grow for each mailing list. If you know of any mailing lists that have been skipped, please e-mail cklaus at iss.net with the info. The newest updates for this will be on http://iss.net/. This web site also contains info for the following security issues: Vendor security contacts Security Patches What to do if you are compromised Set up Anon ftp securely Sniffers attacks and solutions Security Mailing Lists The following FAQ is a comprehensive list of security mailing lists. These security mailing lists are important tools to network administrators, network security officers, security consultants, and anyone who needs to keep abreast of the most current security information available. General Security Lists * 8lgm (Eight Little Green Men) * Academic-Firewalls * Best of Security * Bugtraq * Computer Privacy Digest (CPD) * Computer Underground Digest (CuD) * Cypherpunks * Cypherpunks-Announce * Firewalls * Intruder Detection Systems * Phrack * PRIVACY Forum * Risks * Sneakers * Virus * Virus Alert Security Products * Tiger * TIS Firewallk Toolkit Vendors and Organizations * CERT * CIAC * HP * Sun ------------------------------------------------------------------------------- 8lgm (Eight Little Green Men) To join, send e-mail to majordomo at 8lgm.org and, in the text of your message (not the subject line), write: subscribe 8lgm-list Group of hackers that periodically post exploit scripts for various Unix bugs. ------------------------------------------------------------------------------- Academic Firewalls To join, send e-mail to majordomo at net.tamu.edu and, in the text of your message (not the subject line), write: SUBSCRIBE Academic-Firewalls This is an unmoderated list maintained by Texas A&M University. Its purpose is to promote the discussion and use of firewalls and other security tools in an academic environment. It is complementary to the Firewalls list maintained by Brent Chapman (send subscription requests to Majordomo at GreatCircle.COM) which deals primarily with firewall issues in a commercial environment. Academic environments have different political structures, ethical issues, expectations of privacy and expectations of access. Many documented incidents of cracker intrusions have either originated at or passed through academic institutions. The security at most universities is notoriously lax or even in some cases completely absent. Most institutions don't use firewalls because they either don't care about their institution's security, they feel firewalls are not appropriate or practical, or they don't know the extent to which they are under attack from the Internet. At Texas A&M University we have been using a combination of a flexible packet filter, intrusion detection tools, and Unix security audit utilities for almost two years. We have found that simple firewalls combined with other tools are feasible in an academic environment. Hopefully the discussion on this list will begin to raise the awareness of other institutions also. ------------------------------------------------------------------------------- Best of Security To join, send e-mail to best-of-security-request at suburbia.net with the following in the body of the message: subscribe best-of-security REASONS FOR INCEPTION In order to compile the average security administrator it was found that the compiler had to parse a foreboding number of exceptionally noisy and semantically-content-free data sets. This led to exceptionally high load averages and a dramatic increase in core entropy. Further, the number, names and locations of this data appears to change on an almost daily basis; requiring tedious version control on the part of the mental maintainer. Best-of-Security is at present an un-moderated list. That may sound strange given our stated purpose of massive entropy reduction; but because best often equates with "vital" and the moderator doesn't have an MDA habit it is important that material sent to this list be delivered to its subscribers' in as minimal period of time as is (in)humanly possible. If you find *any* information from *any* source (including other mailinglists, newsgroups, conference notes, papers, etc) that fits into one of the acceptable categories described at the end of this document then you should *immediately* send it to "best-of-security at suburbia.net". Do not try and predict whether or not someone else will send the item in question to the list in the immediate future. Unless your on a time-delayed mail vector such as polled uucp or the item has already appeared on best-of-security, mail the info to the list! Even if it is a widely deployed peice of information such as a CERT advisory the proceeding argument still applies. If the information hasn't appeared on this list yet, then SEND IT. It is far better to run the risk of minor duplication in exchange for having the information out where it is needed than act conservatively about occasional doubling up on content. ------------------------------------------------------------------------------- Bugtraq To join, send e-mail to LISTSERV at NETSPACE.ORG and, in the text of your message (not the subject line), write: SUBSCRIBE BUGTRAQ This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vunerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: * Information on Unix related security holes/backdoors (past and present) * Exploit programs, scripts or detailed processes about the above * Patches, workarounds, fixes * Announcements, advisories or warnings * Ideas, future plans or current works dealing with Unix security * Information material regarding vendor contacts and procedures * Individual experiences in dealing with above vendors or security organizations * Incident advisories or informational reporting ------------------------------------------------------------------------------- Computer Privacy Digest To join, send e-mail to comp-privacy-request at uwm.edu and, in the text of your message (not the subject line), write: subscribe cpd The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run by Leonard P. Levine. It is gatewayed to the USENET newsgroup comp.society.privacy. It is a relatively open (i.e., less tightly moderated) forum, and was established to provide a forum for discussion on the effect of technology on privacy. All too often technology is way ahead of the law and society as it presents us with new devices and applications. Technology can enhance and detract from privacy. ------------------------------------------------------------------------------- Computer Underground Digest To join, send e-mail to LISTSERV at VMD.CSO.UIUC.EDU and, in the text of your message (not the subject line), write: SUB CUDIGEST CuD is available as a Usenet newsgroup: comp.society.cu-digest Covers many issues of the computer underground. ------------------------------------------------------------------------------- Cypherpunks To join, send e-mail to majordomo at toad.com and, in the text of your message (not the subject line), write: SUBSCRIBE cypherpunks The cypherpunks list is a forum for discussing personal defenses for privacy in the digital domain. It is a high volume mailing list. ------------------------------------------------------------------------------- Cypherpunks Announce To join, send e-mail to majordomo at toad.com and, in the text of your message (not the subject line), write: SUBSCRIBE cypherpunks-announce There is an announcements list which is moderated and has low volume. Announcements for physical cypherpunks meetings, new software and important developments will be posted there. ------------------------------------------------------------------------------- Firewalls To join, send e-mail to majordomo at greatcircle.com and, in the text of your message (not the subject line), write: SUBSCRIBE firewalls Useful information regarding firewalls and how to implement them for security. This list is for discussions of Internet "firewall" security systems and related issues. It is an outgrowth of the Firewalls BOF session at the Third UNIX Security Symposium in Baltimore on September 15, 1992. ------------------------------------------------------------------------------- Intrusion Detection Systems To join, send e-mail to majordomo at uow.edu.au with the following in the body of the message: subscribe ids The list is a forum for discussions on topics related to development of intrusion detection systems. Possible topics include: * techniques used to detect intruders in computer systems and computer networks * audit collection/filtering * subject profiling * knowledge based expert systems * fuzzy logic systems * neural networks * methods used by intruders (known intrusion scenarios) * cert advisories * scripts and tools used by hackers * computer system policies * universal intrusion detection system ------------------------------------------------------------------------------- Phrack To join, send e-mail to phrack at well.com and, in the text of your message (not the subject line), write: SUBSCRIBE Phrack Phrack is a Hacker Magazine which deals with phreaking and hacking. ------------------------------------------------------------------------------- PRIVACY Forum To join, send e-mail to privacy-request at vortex.com and, in the text of your message (not the subject line), write: information privacy The PRIVACY Forum is run by Lauren Weinstein. He manages it as a rather selectively moderated digest, somewhat akin to RISKS; it spans the full range of both technological and non-technological privacy-related issues (with an emphasis on the former). ------------------------------------------------------------------------------- Risks To join, send e-mail to risks-request at csl.sri.com and, in the text of your message (not the subject line), write: SUBSCRIBE Risks is a digest that describes many of the technological risks that happen in today's environment. ------------------------------------------------------------------------------- Sneakers To join, send e-mail to majordomo at CS.YALE.EDU and, in the text of your message (not the subject line), write: SUBSCRIBE Sneakers The Sneakers mailing list is for discussion of LEGAL evaluations and experiments in testing various Internet "firewalls" and other TCP/IP network security products. * Vendors are welcome to post challenges to the Internet network security community * Internet users are welcome to post anecdotal experiences regarding (legally) testing the defenses of firewall and security products. * "Above board" organized and/or loosely organized wide area tiger teams (WATTs) can share information, report on their progress or eventual success here. There is a WWW page with instructions on un/subscribing as well as posting, and where notices and pointers to resources (especially if I set up an archive of this list) may be put up from time to time: http://www.cs.yale.edu/HTML/YALE/CS/HyPlans/long-morrow/sneakers.html ------------------------------------------------------------------------------- Virus To join, send e-mail to LISTSERV at lehigh.edu and, in the text of your message (not the subject line), write: SUBSCRIBE virus-l your-name It is an electronic mail discussion forum for sharing information and ideas about computer viruses, which is also distributed via the Usenet Netnews as comp.virus. Discussions should include (but not necessarily be limited to): current events (virus sightings), virus prevention (practical and theoretical), and virus related questions/answers. The list is moderated and digested. That means that any message coming in gets sent to me, the editor. I read through the messages and make sure that they adhere to the guidelines of the list (see below) and add them to the next digest. Weekly logs of digests are kept by the LISTSERV (see below for details on how to get them). For those interested in statistics, VIRUS-L is now up to about 2400 direct subscribers. Of those, approximately 10% are local redistribution accounts with an unknown number of readers. In addition, approximately 30,000-40,000 readers read comp.virus on the USENET. ------------------------------------------------------------------------------- Virus Alert To join, send e-mail to LISTSERV at lehigh.edu and, in the text of your message (not the subject line), write: SUBSCRIBE valert-l your-name What is VALERT-L? It is an electronic mail discussion forum for sharing urgent virus warnings among other computer users. Postings to VALERT-L are strictly limited to warnings about viruses (e.g., "We here at University/Company X just got hit by virus Y - what should we do?"). Followups to messages on VALERT-L should be done either by private e-mail or to VIRUS-L, a moderated, digested, virus discussion forum also available on this LISTSERV, LISTSERV at LEHIGH.EDU. Note that any message sent to VALERT-L will be cross-posted in the next VIRUS-L digest. To preserve the timely nature of such warnings and announcements, the list is moderated on demand (see posting instructions below for more information). What VALERT-L is *not*? A place to to anything other than announce virus infections or warn people about particular computer viruses (symptoms, type of machine which is vulnerable, etc.). ------------------------------------------------------------------------------- Security Products ------------------------------------------------------------------------------- Tiger To join, send e-mail to majordomo at net.tamu.edu and, in the text of your message (not the subject line), write: SUBSCRIBE tiger Discussion list for the UNIX security audit tool TIGER This is the TIGER users mailling list. It is for: 1. Update announcements 2. Reporting bugs in TIGER. 3. Discussing new features for TIGER. 4. Discussing use of TIGER. 5. Discussing anything else about TIGER. What is TIGER? TIGER is a set of shell scripts, C code and configuration files which are used to perform a security audit on UNIX systems. The goals for TIGER are to make it very robust and easy to use. TIGER was originally developed for checking hosts at Texas A&M University following a break in in the Fall of 1992. The latest version of TIGER is always available from the directory net.tamu.edu:/pub/security/TAMU. In addition, updated digital signature files for new platforms and new security patches will be maintained in the directory: net.tamu.edu:/pub/security/TAMU/tiger-sigs. ------------------------------------------------------------------------------- TIS Firewall Toolkit To join, send e-mail to fwall-users-request at tis.com and, in the text of your message (not the subject line), write: SUBSCRIBE Discussion list for the TIS firewall toolkit ------------------------------------------------------------------------------- Vendors and Organizations ------------------------------------------------------------------------------- CERT (Computer Emergency Response Team) Advisory mailing list. To join, send e-mail to cert at cert.org and, in the text of your message (not the subject line), write: I want to be on your mailing list. Past advisories and other information related to computer security are available for anonymous FTP from cert.org (192.88.209.5). ------------------------------------------------------------------------------- The CIAC (Computer Incident Advisory Capability) of DoE CIAC has several self-subscribing mailing lists for electronic publications: 1. CIAC-BULLETIN for Advisories, highest priority - time critical information and Bulletins, important computer security information; 2. CIAC-NOTES for Notes, a collection of computer security articles; 3. SPI-ANNOUNCE for official news about Security Profile Inspector (SPI) software updates, new features, distribution and availability; 4. SPI-NOTES, for discussion of problems and solutions regarding the use of SPI products. To join, send e-mail to ciac-listproc at llnl.gov and, in the text of your message (not the subject line), write any of the following examples: subscribe ciac-bulletin LastName, FirstName PhoneNumber subscribe ciac-notes LastName, FirstName PhoneNumber subscribe spi-announce LastName, FirstName PhoneNumber subscribe spi-notes LastName, FirstName PhoneNumber e.g., subscribe ciac-notes O'Hara, Scarlett 404-555-1212 You will receive an acknowledgment containing address, initial PIN, and information on how to change either of them, cancel your subscription, or get help. ------------------------------------------------------------------------------- HP, Hewlett Packard To join, send e-mail to support at support.mayfield.hp.com and, in the text of your message (not the subject line), write: subscribe security_info The latest digest of new HP Security Bulletins will be distributed directly to your mailbox on a routine basis. ------------------------------------------------------------------------------- Sun Security Alert To join, send e-mail to security-alert at sun.com and, in the subject of your message write: SUBSCRIBE CWS your-email-addr The message body should contain affiliation and contact information. ------------------------------------------------------------------------------- Copyright This paper is Copyright (c) 1995 by Christopher Klaus of Internet Security Systems, Inc. Permission is hereby granted to give away free copies electronically. You may distribute, transfer, or spread this paper electronically. You may not pretend that you wrote it. This copyright notice must be maintained in any copy made. If you wish to reprint the whole or any part of this paper in any other medium excluding electronic medium, please ask the author for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. Address of Author Please send suggestions, updates, and comments to: Christopher Klaus of Internet Security Systems, Inc. Internet Security Systems, Inc. Internet Security Systems, Inc, located in Atlanta, Ga., specializes in the developement of security scanning software tools. Its flagship product, Internet Scanner, is software that learns an organization's network and probes every device on that network for security holes. It is the most comprehensive "attack simulator" available, checking for over 100 security vulnerabilities. -- Christopher William Klaus Voice: (770)441-2531. Fax: (770)441-2431 Internet Security Systems, Inc. "Internet Scanner lets you find 2000 Miller Court West, Norcross, GA 30071 your network security holes Web: http://iss.net/ Email: cklaus at iss.net before the hackers do." From hugh Fri Aug 25 18:45:28 1995 From: hugh (Hugh Daniel) Date: Fri, 25 Aug 95 18:45:28 PDT Subject: ADMIN: You might not be on the list anymore! Message-ID: <9508260145.AA01411@toad.com> I want to warn you folks about how the list is run, just so you don't think that evil is a foot on toad.com. Recently the bounce messages for cypherpunks got to be over 80 megs large, largely due to my being busy. When I went to clean them and the offending messages out (only 38 addresses needed to be culled) I found a lot of bounces from the likes of AOL and MCI that were "user XXX's mail box is full..." bounces. In the past I tryed to ignore these message as it was clear that the mail boxes would get emptyed at some point. Now I have seen these messages from the same address for weeks, and combined with the number of hours it takes to cull this crud from the list has pushed me into a new policy. I am now deleteing (allmost) all addresses from the list that generate bounce messages. If you stop getting cypherpunks email the FIRST thing to do is ask the majordomo at toad.com mailbot if you are still on the list, this might looks like: To: majordomo at toad.com Subject: --text follows this line-- which yourlogin at yourhost.dom If you are NOT on the list, just subscribe again and leave it at that. Please note that many of the bounce messages came from email to (local) news group gateways, and while I try to send warning mesages, it would be better if folks maintaining such gateways made sure that bounce messages went to the local maintainers insted of me. Enjoy the list, and keep it on topic folks! ||ugh Daniel Majordomo Potty Trainer hugh at toad.com From ponder at wane-leon-mail.scri.fsu.edu Fri Aug 25 18:53:06 1995 From: ponder at wane-leon-mail.scri.fsu.edu (P.J. Ponder) Date: Fri, 25 Aug 95 18:53:06 PDT Subject: Auto-pgp for pine/elm/tin (fwd) Message-ID: In Garfinkel's book, he talks about the risks of running PGP on a multiuser system where others (sys. admins, eg) have higher levels of authority than you do. I have PGP installed on my pc and if I want to use it, I can save the message in ascii, then upload it to the server where I have my Internet account, then mail it. maybe not entirely transparent, but at least it seems to me that the convenience of running it on the server with something like Mr. Wilcox's BAP is not worth the added risk. Besides, how often do you need to use it? -- pjp ---------- Forwarded message ---------- Date: Fri, 25 Aug 1995 12:03:52 -0400 (EDT) From: Henry W. Farkas To: cypherpunks at toad.com Subject: Auto-pgp for pine/elm/tin -----BEGIN PGP SIGNED MESSAGE----- > Does anyone know of an addon to the Pine mailer that supports PGP? > the only PGP software i could find required me to first compose a > letter in an editor then run it through a pgp signature program > then finally read it into my favorite mailer. > > I'm looking for something that is hopefully transparent, or if not > relatively quick to do. > ________________________________________________________________________ > Sameer Manek Seawolf at challenger.atc.fhda.edu > ________________________________________________________________________ - ------------------------------------------------------------------------ Yes, it exists, and I'm using it now. I've tried competing products and found this to be the cleanest, smoothest and easiest to install. I have no personal, commercial or financial interest in this product. It does "auto-pgp" for pine, elm and tin. *********************************************************************** * BAP v.1.01 * * Written August 1995 by Bryce Wilcox * * e-mail: * * PGP key id: <617C6DB9> * * snail mail: <2228 Canyon Blvd, Apt. 1E, Boulder, CO, 80302> * * URL: * * BETA TEST VERSION! DO NOT DISTRIBUTE! * * (Note that documentation, among other things, is still unfinished.) * *********************************************************************** I also found the author responsive to my comments and suggestions. Just please do *-NOT-* put your pass phrase in a cleartext file! - ------------------------------------------------------------------------ =========================================================================== Henry W. Farkas | Me? Speak for IBM? Fat chance. hfarkas at ims.advantis.com |------------------------------------------------ hfarkas at vnet.ibm.com | http://newstand.ims.advantis.com/henry henry at nhcc.com | http://www.nhcc.com/~henry - --------------------------------------------------------------------------- PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52 B3 80 34 1C CE 38 EC 53 Public key at: pgp-public-keys at pgp.mit.edu, and other popular key servers. - --------------------------------------------------------------------------- Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not fast, but it's not bad, and we're cheaper than the guy down the street!" =========================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMD30WaDthkLkvrK9AQF6sQP/fVen7ZI4DbgC14y+NPdZYOjaRQ9/jQNT d4StD638OoBRkO7b8efiTd/rNULwuzSPKDiplKwRdE8Bboh4FdSWYvz6wfqgNJcd D3imouQcEt+erjEC2H5haQyZwBHeNNR9mTYhkzoBt4+jMqsRCECduaExyHUOTWFj euOkRqTJ0l4= =2q74 -----END PGP SIGNATURE----- From norm at netcom.com Fri Aug 25 19:06:35 1995 From: norm at netcom.com (Norman Hardy) Date: Fri, 25 Aug 95 19:06:35 PDT Subject: Billing for internet usage Message-ID: At 5:06 PM 8/1/95, David G. Koontz wrote: .... >One way would be to perform cooperative billing balances between nodes, >and allow each node to 'bill upward'. This means that any two machines >are more interested in their relative balance than how much money they >are really spending. There are some interesting problems of trust and >reliability, that might be solved through the use of digital money. .... Ideas like these are discussed in my "Digital Silk Road" paper which is now accessible as "http://www.webcom.com/~agorics/dsr.html". There may soon be a PostScript version available. These are the ideas that I presented at a Cypherpunks meeting about a year ago. From wilcoxb at nagina.cs.colorado.edu Fri Aug 25 19:12:45 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Fri, 25 Aug 95 19:12:45 PDT Subject: Auto-pgp for pine/elm/tin (fwd) In-Reply-To: Message-ID: <199508260212.UAA27830@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > I have PGP installed on my pc and if I want to > use it, I can save the message in ascii, then upload it to the server > where I have my Internet account, then mail it. I use PGP on every outgoing message and about 20% of incoming messages. And I send/receive a *lot* of messages. No way I would be able to do a process like the above on my mail. In a few weeks I will be able to get mail on my home computer, but most (80%?) Internet users will still not have that luxury. > maybe not entirely > transparent, but at least it seems to me that the convenience of running > it on the server with something like Mr. Wilcox's BAP is not worth the > added risk. In my opinion it *is* worth the risk. I believe that having "BEGIN PGP SIGNED MESSAGE" in your posts and e-mail is a social good (raising public awareness of/acceptance of PGP) which is more important than actually protecting my e-mail from spying/forgery. > Besides, how often do you need to use it? Public awareness/acceptance, traffic analysis, the "electronic envelope" analogy... If you don't use it, it's not doing any good at all. Regards, Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMD6C7/WZSllhfG25AQFQ7gP9EX48Bw6mZ5WJYR+4j78oPUL7++Irz39i b6EbU8ZWUia1AEqSVLmKibIE4JOBejZKzSCCF4OrE7j+BCT1B5hLbIrUZzNNHDQk pXbfLo51FyIsR4SlCYtWdsMUiAI08ACOAAxtab/3uC2DEO7UB/9A+xALPGNFQWdz oRnku9NOOY0= =0uru -----END PGP SIGNATURE----- From hayden at krypton.mankato.msus.edu Fri Aug 25 19:14:28 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 25 Aug 95 19:14:28 PDT Subject: ADMIN: You might not be on the list anymore! In-Reply-To: <9508260145.AA01411@toad.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I administrate several mailing lists. Bounce as of late have gotten so bade, especially from AOL, C$erv, etc (and I expect soon from MSN.COM) that I also just nuke the person out of hand. It's better in the long run :-) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMD5nbDokqlyVGmCFAQE5bAP/XP99zqzhOK/5o2lflO5AY/ecAEoQBI0A Nxj1wTHtWMb5mjuW2zruHSDn/Z2Kk/hQ7aEpEXaLhNtpqdBYe/PnJl/BR84abnT+ JaNP018cFx2VHbAkroQ8XdSYWRQFbgqXbU0z4Ju47oajNHoTMqzEt2ZiR/2pwYBi XFTtjjjQcU4= =dPYd -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++) ULU++ P+ L++ E---- W+(-) N++++ o+ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++ e++ h r-- y++** ------END GEEK CODE BLOCK------ From hayden at krypton.mankato.msus.edu Fri Aug 25 19:17:18 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 25 Aug 95 19:17:18 PDT Subject: PINESIGN 2.2 (re: PGP for Pine) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I've been out of town this week, so I coulsn't respond in a timely manner (and I returned to 500+ pieces of cypherpunks email :-) I'm appending a copy of PineSign 2.2, ehich is the most recent version of the PineSign program. It doesn't do any encryption, it simple allows for easy signing of messages composed with pine (and maybe other mailers as well). If you want to encrypt and such, I'd recommend mkpgp if you can find it or perhaps autopgp does it (not sure). I also have a version of a similiar program for Tin available on my home page, or I can post it if there is interest. ===== #!/bin/sh # PINESIGN v2.2 # Written by: Robert A. Hayden # PINESIGN is a simple program that will allow you to automatically sign # your email and news messages composed with the Pine 3.91 mail reader. It # may also work with other mail and news programs, but it has not been # tested. # INSTRUCTIONS FOR CONFIGURING PINE # # You need to define the following options in Pine. This can be done # either via the SETUP options in the main menu of Pine, or via editing # the .pinerc. # # A) signature-file=" " (an empty space) # B) enable-alternate-editor-cmd # C) enable-alternate-editor-implicitly (optional but recommended) # D) signature-at-bottom # E) editor= # INSTRUCTIONS FOR CONFIGURING PINESIGN # # The PGP program must be in your path, and the PGPPATH environment # variable must be defined. See the PGP documentation for details. # # Double check that the first line of this program points to sh. # # In addition to PGP and the editor you define, PineSign also will use the # following programs: # cat # clear # echo # mv # # Execute the command "chmod 700 " # # Edit the SIGPATH and PINEEDITOR variables to point at your signature # (if any) and the editor you wish to use for your Pine mail. Default # signature will be the file .signature-pine in your $HOME directory. # Default editor is pico -z -t. # # Define SIGPATH=/dev/null if you do not have an ASCII signature to # append. SIGPATH=$HOME/.signature-pine PINEEDITOR='pico -z -t' # Next, define the ECHOTYPE variable. Some systems do not allow the use # of the echo -n command. If your system doesn't like echo -n, uncomment # the plain echo variable and comment out (put a "#" in front of it) the # echo -n commant. ECHOTYPE='echo -n' #ECHOTYPE='echo' # INSTRUCTIONS FOR USING PINESIGN # # When you compose a message, you will compose your message as normal. # # When you exit your editor (control-X in Pico), you will receive a prompt # asking if you wish to add your signature file to the message. If you # respond with y, Y or just press return, your text signature file will # be appended to your message. If you type anything else, your message # will not have your signature added. # # Next, you will be prompted as to whether you wish to PGP sign your # message. If you answer with y, Y or return, you will be prompted for your # PGP passphrase and then dumped back to the address/subject section of # Pine. If you type anything else, your message will not be signed. # # If you selected it to be added, your signature file will be appended # AFTER your digital signature. # # If you have not defined your alternate editor to be run implicitly, you # will need to start it manually. If you do not run the alternate editor, # your signature file will not be appended and you will also have to do # that manually. It is highly recommended that your define your alternate # editor to run implicitly. ### DO NOT EDIT ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING ### $PINEEDITOR $1 clear $ECHOTYPE "Would you like to add your ASCII signature to this message? [y] " read SIG echo " " $ECHOTYPE "Would you like to sign this message with your PGP signature? [y] " read PGP if [ "$PGP" = "y" ] then pgp -sat +comment="PGP Signed with PineSign 2.2" +clearsig=ON $1 mv $1.asc $1 fi if [ "$PGP" = "Y" ] then pgp -sat +comment="PGP Signed with PineSign 2.2" +clearsig=ON $1 mv $1.asc $1 fi if [ "$PGP" = "" ] then pgp -sat +comment="PGP Signed with PineSign 2.2" +clearsig=ON $1 mv $1.asc $1 fi if [ "$SIG" = "y" ] then echo " " >> $1 cat $SIGPATH >> $1 fi if [ "$SIG" = "Y" ] then echo " " >> $1 cat $SIGPATH >> $1 fi if [ "$SIG" = "" ] then echo " " >> $1 cat $SIGPATH >> $1 fi # REVISION HISTORY # 1.0 - Original Release # 2.0 - Added the ability to select whether or not to add the ASCII signature # 2.1 - Forgot to add the +clearsig=on parameter to the PGP statements. # OOPS! # 2.2 - CURRENT RELEASE # After receiving complaints about some systems not being able to # handle the -n parameter for echo, added in the ECHOTYPE variable. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMD5oFzokqlyVGmCFAQHW0AQAuw7BVRcAKGfi7Bk53KBoQnYPO0H+3Ubn aMCiOx9lWU2CDCtBxYM3TyMtNCIrcLt9YV5kFqSLXAN4kpe3s+p2wko3PdL9JyZg 63h1Wl7HT7t/Q+yYhYrI3kazrHJj9Bhv/AZTVhicEHV89z0SadXq7dZKrIQX6H3t 0aVz5mmZ5+E= =Tfxw -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++) ULU++ P+ L++ E---- W+(-) N++++ o+ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++ e++ h r-- y++** ------END GEEK CODE BLOCK------ From zinc at zifi.genetics.utah.edu Fri Aug 25 19:28:02 1995 From: zinc at zifi.genetics.utah.edu (zinc) Date: Fri, 25 Aug 95 19:28:02 PDT Subject: Auto-pgp for pine/elm/tin (fwd) In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 25 Aug 1995, P.J. Ponder wrote: > Date: Fri, 25 Aug 1995 21:52:47 +0100 > From: P.J. Ponder > To: hfarkas at ims.advantis.com > Cc: cypherpunks at toad.com > Subject: Auto-pgp for pine/elm/tin (fwd) > > > In Garfinkel's book, he talks about the risks of running PGP on a > multiuser system where others (sys. admins, eg) have higher levels of > authority than you do. I have PGP installed on my pc and if I want to > use it, I can save the message in ascii, then upload it to the server > where I have my Internet account, then mail it. maybe not entirely > transparent, but at least it seems to me that the convenience of running > it on the server with something like Mr. Wilcox's BAP is not worth the > added risk. Besides, how often do you need to use it? > -- > pjp the risks etc of using pgp on a multiuser platforms are well known. i'd say it's better to have a pgp signed mesg than an unsigned one. if you post a lot, or mail a lot, that's a lot of mesgs to sign. finding a tool to do this more easily than using pgp through the shell interface is 'a good thing'. given that, here are some args for signing on a multiuser platform. often, people (me included) choose to use a separate 'weak' key for these purposes. it's always nice to have some sort of indication that that is what the key is for. i had a key with 'INSECURE KEY!!' tagged on the end of my userid. i had another for secure communications. now, you can't stop some sysop type person from doing whatever to you. that's the way it goes. but, if you've got a really malicious sysop, they could just spoof you to the world, including making up a key supposedly from you. if they posted enough crap using that key people would begin to think that they are really you or that one of you is lying and to hell with both of you. this sort of denial of service attack is an unlikely event (unlikely for a sysop to do - someone else is a diff matter). finally, independent of multiuser platforms, the signing utilities are quite useful for people like me who have their own personal unix box on the net. - -pjf patrick finerty = zinc at zifi.genetics.utah.edu = pfinerty at nyx.cs.du.edu U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA! ** FINGER zinc-pgp at zifi.genetics.utah.edu for pgp public key - CRYPTO! zifi runs LINUX 1.2.11 -=-=-=WEB=-=-=-> http://zifi.genetics.utah.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMD6GjE3Qo/lG0AH5AQHazAP/ToRRiftaXDspBAnECzoM1ZexhqKb8Ou/ uxSljS/w3h9yz7+j6bJIbak1CI2JFrTneyj6jKsW/2wCV/p65F+5dvD2a2VUCJ6u +93zmFHiMS0XhCl3lLutKKlcrZkXC1P1qvY7ozFYoJ5PQ7rqQGfoxUuPisGJ5gJm XH/kkQSIuis= =VpN7 -----END PGP SIGNATURE----- From dneal at usis.com Fri Aug 25 19:41:46 1995 From: dneal at usis.com (David Neal) Date: Fri, 25 Aug 95 19:41:46 PDT Subject: Auto-pgp for pine/elm/tin (fwd) In-Reply-To: <199508260212.UAA27830@nagina.cs.colorado.edu> Message-ID: On Fri, 25 Aug 1995, Bryce Wilcox wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > > I have PGP installed on my pc and if I want to > > use it, I can save the message in ascii, then upload it to the server > > where I have my Internet account, then mail it. > > > I use PGP on every outgoing message and about 20% of incoming messages. And > I send/receive a *lot* of messages. No way I would be able to do a process > like the above on my mail. > > > In a few weeks I will be able to get mail on my home computer, but most > (80%?) Internet users will still not have that luxury. Is that assumption based on the fact that most inet users are using shell accounts? Using a PPP or SLIP dialup and managing your mail locally using POP is pretty easy. Clients like Private Idaho and PGPclip then make the PGP transition painless. Here at USIS, we have 305 entries in the password file. Subtract 10 entries for system accounts (root, news, majordomo, bin, etc) Now of the entries left 80 are PPP, 48 SLIP. There are shell accounts for each slip/ppp user, thus we have 39 people left over who are shell only. So, 70% of our users have the ability to locally manage and pgp encrypt mail. Now that winblows 95 is out and ppp dialup into the i-net is point and gruntable, I expect this disparity to worsen. Why learn icky unix commands when you can follow some simple instructions and have ras up and running ppp in 10 minutes? Since people will _already_ be using windows mail interfaces, the transition to PGP wil be quick and painless. Hell, I hear the latest version of Eudora has it integrated. David Neal - GNU Planet Aerospace 1-800-PLN-8-GNU Unix, Sybase and Networking consultant. "...you have a personal responsibility to be pro-active in the defense of your own civil liberties." - S. McCandlish From dan at milliways.org Fri Aug 25 19:58:28 1995 From: dan at milliways.org (Dan Bailey) Date: Fri, 25 Aug 95 19:58:28 PDT Subject: Auto-PGP for OS/2 Message-ID: <199508260258.AA11781@ibm.net> A few weeks ago, someone anonymously posted a uuencoded version of an add-on to the OS/2 System Editor that claimed to automatically use PGP to encrypt and/or sign ASCII documents. However, when I uudecoded it with several different versions of uudecode, all I got was garbage. I sent mail to the poster's anon.penet.fi address, but didn't get a response. Did anyone manage to get a clean file or know where I can FTP it? Thanks. Dan ****************************************************************************** "I think, therefore I am" - Descartes Dan Bailey "I don't think, therefore I'm a moustache." - Sartre dan at milliways.org Worcester Polytechnic Institute and The Restaurant at the End of the Universe ****************************************************************************** From tcmay at got.net Fri Aug 25 20:09:03 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 25 Aug 95 20:09:03 PDT Subject: ADMIN: You might not be on the list anymore! Message-ID: At 2:14 AM 8/26/95, Robert A. Hayden wrote: >I administrate several mailing lists. Bounce as of late have gotten so >bade, especially from AOL, C$erv, etc (and I expect soon from MSN.COM) >that I also just nuke the person out of hand. It's better in the long >run :-) I agree. Kill them all. God will know his own. --Tim the Impaler (I'm seeing bounces on all Compuserve addresses for the simple Cypherpunks Santa Cruz I administer manually.) ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From hal9001 at panix.com Fri Aug 25 22:00:17 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Fri, 25 Aug 95 22:00:17 PDT Subject: Florida Drivers Permits Message-ID: At 13:10 8/25/95, Jim Ray wrote: >I saw the same story. The name, address, age, & height mentioned >are already obvious on licenses, but this may preclude incorrect data entry >by FL cops, and counterfeiting (a problem here for *years*). I saw nothing >on the digitized photo, but we could be looking at different stories. >Phase-in in July, '96. The story I saw suggests that other data, such as >tickets, criminal violations (presumably convictions) and "other >biographical information" [welfare, credit info] could eventually be >included, depending on FL's state budgetary considerations. No author, >just "Associated Press," listed on the story, and the card uses a magnetic >strip "like those on credit cards" rather than a chip, which may be a >mistake [considering the renewal period & my experience with bank-cards]. >Story doesn't say it, but it sounds like FL *may* be the first state to do >this. Are any other states doing this already? NY has Photo Drivers Permits with Mag Strips on the back and Computer Generated Pictures (I've even seen them being created when I was on an assignment at the DMV office in Albany that creates them). From carolab at censored.org Fri Aug 25 22:12:08 1995 From: carolab at censored.org (Censored Girls Anonymous) Date: Fri, 25 Aug 95 22:12:08 PDT Subject: Florida Drivers Permits In-Reply-To: Message-ID: On Sat, 26 Aug 1995, Robert A. Rosenberg wrote: > At 13:10 8/25/95, Jim Ray wrote: > >Story doesn't say it, but it sounds like FL *may* be the first state to do > >this. Are any other states doing this already? > > NY has Photo Drivers Permits with Mag Strips on the back and Computer > Generated Pictures (I've even seen them being created when I was on an > assignment at the DMV office in Albany that creates them). Minnesota has now been doing this for over a year. There's been a lot of trouble with it, but they have them. Mine is do any day, and it will certainly come in contact with a magnet, upon my possession. Love Always, Carol Anne Member Internet Society - Certified BETSI Programmer - WWW Page Creation ------------------------------------------------------------------------- Carol Anne Braddock <--now running linux 1.0.9 for your pleasure carolann at censored.org __ __ ____ ___ ___ ____ carolab at primenet.com /__)/__) / / / / /_ /\ / /_ / carolb at spring.com / / \ / / / / /__ / \/ /___ / ------------------------------------------------------------------------- A great place to start My Cyber Doc... From gnu at toad.com Sat Aug 26 01:26:50 1995 From: gnu at toad.com (John Gilmore) Date: Sat, 26 Aug 95 01:26:50 PDT Subject: John Walker releases encrypting Speak Freely/Netfone Message-ID: <9508260826.AA11577@toad.com> [John lives in Switzerland and renounced his US citizenship, so there's no export issue...] Date: Wed, 23 Aug 1995 07:14:10 -0400 Forwarded-by: farber at central.cis.upenn.edu (David Farber) From: John Walker Subject: Free secure Internet voice communication I've just released to the public domain Release 5 of Speak Freely for Windows and its Unix counterpart, Netfone for Sun and Silicon Graphics workstations. Assuming you have a fast enough connection to the Internet (with reasonably consistent packet delivery time) and/or a fast enough CPU to perform audio compression in real time, you can talk to anybody on Earth connected to the Internet who's also running the program. The Windows and Unix versions have entirely different user interfaces, but can intercommunicate. Complete source code is available. For communications security, IDEA, DES (less initial and final permutations), and one-time pad (re-used for each sound packet) encryption are available. The intensely paranoid can enable any combination of these. The documentation explains how to use PGP to securely exchange session keys before a conversation; an automatic session key generator is provided. DES is included for commercial users who don't have a license to use the IDEA patent. One-time pad encryption is for those with machines too slow to run IDEA or DES in real time. I didn't include a public key mechanism because I wanted to avoid all the confusion. If somebody wants to navigate the narrow strait between the RSA patent Scylla and Charybdis of export controls, the programming work to implement public keys is straightforward and the source code is yours to hack. For further information, see: http://www.fourmilab.ch/netfone/windows/speak_freely.html which describes the Windows version in detail and contains pointers to the Sun and SGI editions, as well as links to download source code and a ready-to-run executable for Windows. You can also obtain the program by anonymous binary FTP: Unix source code: ftp://ftp.fourmilab.ch/pub/kelvin/netfone/netfone5.tar.gz Windows executable: ftp://ftp.fourmilab.ch/pub/kelvin/netfone/windows/speakfb.zip Windows source code (for Visual C 1.5): ftp://ftp.fourmilab.ch/pub/kelvin/netfone/windows/speakfs.zip The Sun and SGI versions of this program are quite stable, and should work for just about anybody with an adequate network connection. Porting the code to other Unix workstations with audio hardware should be relatively straightforward. The Windows version has just been finished and until it's shaken down on a variety of machines, networks, sound cards, etc. may not work for everybody. The Windows version requires a sound card with Windows Multimedia drivers (I've tested it on a variety of Sound Blasters of various generations) and a TCP/IP stack that supports WINSOCK (I'm using NetManage Chameleon NFS). Since multimedia and network hardware and drivers vary tremendously from machine to machine, I wouldn't be surprised if some tweaking were needed for various configurations. The CPU speed required interacts with the speed of your network connection; if you have a high-bandwidth connection to the Internet, or you're talking to another person on a high-speed LAN, there's no need to compress sound and the CPU load is minimal; just about any machine will do. If you need to compress in order to squeeze 8000 samples per second into a dial-up connection, then you need a CPU fast enough to run GSM compression in real time: basically we're talking a very fast 486 or Pentium. If you turn on IDEA and/or DES encryption, that also consumes CPU time. Based on my experience with other Windows programs, it will probably take months to track down misbehaviour due to strange hardware and software configurations. Complete, detailed bug reports are welcome. I may not be able to respond individually, but the Web page will track updates as they're released. I have tested the program only on vanilla 16 bit Windows 3.1. The Windows version contains preliminary code to support direct dial-up modem connections, acting as a phone scrambler. Serial port support in most Windows machines is so poor (unless you have a 16550A UART and appropriate drivers, which most people don't) that this feature isn't usable at present. I've left the code in just in case somebody with suitable hardware wants to bash it into working form. If you add features, port the program to 32 bits, fix bugs, etc., let me know so I can make your contributions generally available. -------------------- ------------------- John Walker | A sufficiently advanced Internet: kelvin at fourmilab.ch | technology is indistinguishable | from a rigged demo. From Damien.Doligez at inria.fr Sat Aug 26 03:34:18 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Sat, 26 Aug 95 03:34:18 PDT Subject: SSL trouble Message-ID: <9508261034.AA15406@couchey.inria.fr> Let us call "sequential search" an algorithm that remembers which keys were tried and avoids trying them again, and "random search" an algorithm that just tries keys at random without bothering to check. The sequential search has the following problems: 1. The server is badly overloaded. It is vulnerable to a variety of active attacks: 2. "result hoarding" attacks: finding the result and reporting it "not found". 3. "dilution" attack: allocating some search space and not sweeping it. 4. plain old "denial of service" attack: deliberately overloading the server with bogus communications. 5. And of course all of the above in their "buggy software or hardware" versions. The random search has none of them: attacks 1 and 4: there is no server to overload attacks 2 and 3 are no worse than simply refusing to participate in the search, because the rest of the computation is independent of what any one party is doing. The main drawback of the random search is that the expected running "time" is the size of the key space instead of half the size for the sequential search ("time" here is the number of keys to try before finding the right one). In practice, because of server overload, our machines don't seem to be working more than half the time, so the random search could be actually faster than the sequential search. Even if it isn't, I think doing twice as much work is a good trade-off for protection against all attacks, and no more network or server problems, and no more allocation hassles for off-line users. Four more remarks: * I get the factor of two by assuming that the algorithm is "pick a segment at random, look for the key in it, pick a new segment at random, and so on". I suspect that sequential searching from a random starting point would be much worse in the case of many independent searchers. * I hope there's no bug in my math. * Another drawback is that the worst-case running time is infinite (but it is infinitely unlikely). * Of course, we need a good PRNG, but that's essentially what RC4 is. In conclusion, I think random searching is the way to go. It's even better than Monty's pre-allocation with quad-coverage. -- Damien From Piete.Brooks at cl.cam.ac.uk Sat Aug 26 04:08:11 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Sat, 26 Aug 95 04:08:11 PDT Subject: Thanks for all your efforts ... you can stop now ... Message-ID: <"swan.cl.cam.:131320:950826110802"@cl.cam.ac.uk> The actualy attempt is now over. See http://www.brute.cam.ac.uk/brute/ (which is being updated from time to time). Thanks for your patience. Could people running old versions please kill any looping clients. Anyone wanting to try to sort out any remaining problems (NB: the load has dropped, so only the "hard faults" will remain) should contact me. From Piete.Brooks at cl.cam.ac.uk Sat Aug 26 04:09:19 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Sat, 26 Aug 95 04:09:19 PDT Subject: SSL CHALLENGE: I told you so.... In-Reply-To: <8AFD417.000300036F.uuout@famend.com> Message-ID: <"swan.cl.cam.:131630:950826110839"@cl.cam.ac.uk> > Geez. It would be better not to even have a damned keyserver at all, > but to just have everybody pick a random start location, than to do it > this way. Define "better" ... See my earlier post on what this poroject was about ... (1) and (2) -- (3) is later From rsnyder at janet.advsys.com Sat Aug 26 04:28:52 1995 From: rsnyder at janet.advsys.com (Bob Snyder) Date: Sat, 26 Aug 95 04:28:52 PDT Subject: Wide Release (Re: PGPfone (BETA TEST) is released) In-Reply-To: <199508252155.XAA06116@utopia.hacktic.nl> Message-ID: <199508261129.HAA22154@janet.advsys.com> > ftp host: net-dist.mit.edu, AKA bitsy.mit.edu > > 220 bitsy FTP server (Version wu-2.4(1) Thu Apr 14 20:21:35 EDT 1994) ready. > USER ftp > 331 Guest login ok, send your complete e-mail address as password. > PASS ***** The fact that it uses exactly 5 *'s, and the MACB E command below indicate this was probably an Anarchie transcript, a ftp/archie client for the Mac. > PWD > 257 "/" is current directory. > MACB E > 500 'MACB E': command not understood. > TYPE A > 200 Type set to A. > > CWD /pub/PGPfone > 250-Please read the file README > 250- it was last modified on Fri Aug 25 15:52:05 1995 - 0 days ago > 250 CWD command successful. > PORT 199,117,100,36,7,146 Too bad "Anonymous" isn't more aware of the FTP protocol. This indicates that the connection was made from 199.117.100.36, p36.Boulder-2.dialup.csn.net. > 200 PORT command successful. > LIST > 150 Opening ASCII mode data connection for /bin/ls. > total 29 > -r--r--r-- 1 0 1001 4287 Aug 25 15:52 README > drwxr-x--- 4 1 27 512 Aug 25 17:00 dist > -r--r--r-- 1 0 1001 2172 Aug 24 22:02 mitlicen.txt > -r--r--r-- 1 0 1001 19546 Aug 24 23:43 rsalicen.txt > 226 Transfer complete. > > CWD /pub/PGPfone/dist > 250 CWD command successful. This indicates "Anonymous" is either making up everything from this point on, or has access to the machine other than normal anonymous FTP. The permissions on dist would prevent the CWD from happening. Actually, the permissions on dist prevent this from working at all. Look, if you want to make PGPfone available overseas in violation of ITAR, go ahead. It's a stupid law, and you aren't likely to get caught. But don't make MIT or Phil the fall guy for it. Send it out yourself. MIT and Phil have contributed greatly to the privacy community, and stupid stunts like this aren't going to encourage them much. Bob From ai05 at solo.pipex.com Sat Aug 26 04:38:16 1995 From: ai05 at solo.pipex.com (News Department, New Scientist) Date: Sat, 26 Aug 95 04:38:16 PDT Subject: Microsoft Network Message-ID: <41l7se$hkc_001@dial.pipex.com> This may be the wrong place to pose this question but... Does anyone have any experience of using the nascent Microsoft Network ? Early reports from beta testers say it could be a hackers delight due to the use it makes of objects and such like. Any opinions or does anyone know of any hacks or cracks circulating yet ? Thanks in advance. From cg at bofh.lake.de Sat Aug 26 06:05:14 1995 From: cg at bofh.lake.de (Cees de Groot) Date: Sat, 26 Aug 95 06:05:14 PDT Subject: Wide Release (Re: PGPfone (BETA TEST) is released) In-Reply-To: <199508261129.HAA22154@janet.advsys.com> Message-ID: A non-text attachment was scrubbed... Name: not available Type: application/x-pgp-message Size: 26 bytes Desc: not available URL: From rsnyder at janet.advsys.com Sat Aug 26 06:49:02 1995 From: rsnyder at janet.advsys.com (Bob Snyder) Date: Sat, 26 Aug 95 06:49:02 PDT Subject: Wide Release (Re: PGPfone (BETA TEST) is released) In-Reply-To: Message-ID: <199508261349.JAA23170@janet.advsys.com> cg at bofh.lake.de said: > > This indicates "Anonymous" is either making up everything from this > point on, or has access to the machine other than normal anonymous > FTP. The permissions on dist would prevent the CWD from happening. > Actually, the permissions on dist prevent this from working at all. > Wrong. The FTP daemon probably has a wrapper around it which checks > where the call comes from. When it thinks you come from the U.S. or > Canada, it probably starts up the FTP daemon in group 27, otherwise > in the default anonymous group. The idea is nice, but you have to > implement it correctly, of course. You appear to be correct. I came in from a .net address, which MIT apparently feels is non-US, and they would be correct about some .net's, but that's true of .com and .edu as well. I came in from a Multinational corporation in .com, and it let me in. :-) > That's the dillema: if you export it, you are taking the > risk they won't put up this kind of software for FTP the next time. > If you don't, you are complying with these stupid laws... But > anyway, with the present state of the MIT FTP server, PGPfone is > likely to be all over the (non-US-and-Canada) place before the > weekend is over. But if people get it from MIT directly, then MIT is violating ITAR/DTR, and its lawyers would be justified in shutting things down. If it's pulled down by a US citizen, and then sent out, I don't see how MIT could be held responsible for it. Bob From Piete.Brooks at cl.cam.ac.uk Sat Aug 26 09:40:40 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Sat, 26 Aug 95 09:40:40 PDT Subject: SSL trouble In-Reply-To: <9508261034.AA15406@couchey.inria.fr> Message-ID: <"swan.cl.cam.:234280:950826164020"@cl.cam.ac.uk> > 1. The server is badly overloaded. Let's not get implementations confused with algorithms ... We were using ALPHA code when we started .... With BETA clients, a hierarchy and select/poll loops, I reckon a server would stand a chance. > It is vulnerable to a variety of active attacks: > 2. "result hoarding" attacks: finding the result and reporting it "not found". Sure. > 3. "dilution" attack: allocating some search space and not sweeping it. Un ACKed space is re-allocated after the first scan has completed. > 4. plain old "denial of service" attack: deliberately overloading the server > with bogus communications. Few systems can resist such an attack ! > 5. And of course all of the above in their "buggy software or hardware" > versions. ... causing them ... yes -- especially (1) !! > The random search has none of them: > attacks 1 and 4: there is no server to overload (4) is still applicable isn't it ? What tells people to stop, or do they go on for ever ? > attacks 2 and 3 are no worse than simply refusing to participate in the > search, because the rest of the computation is independent of what any one > party is doing. (3) is just the same for the server -- it re-allocates. (4) would require a restart :-( > The main drawback of the random search is that the expected running "time" is > the size of the key space instead of half the size for the sequential search > ("time" here is the number of keys to try before finding the right one). where "expected" is some loose average ..... My stats is *very* rusty, but I'd have thought it would be somewhat less than twice a linear search ... However, I agree that as a ballpark figure, yes: it would be somewhere between N/2 and N ... > In practice, because of server overload, our machines don't seem to be working > more than half the time, so the random search could be actually faster than > the sequential search. IMPLEMENTATION ! > Even if it isn't, I think doing twice as much work > is a good trade-off for protection against all attacks, and no more network > or server problems, and no more allocation hassles for off-line users. random probing does indeed have its merits. Personally I'd go for a scheme whereby on finishing a random search, the client multicast a PGP signed message (there would be a WWW/email/telnet/... interface which would multicast for our non-connected members) allowing interested parties 1) to gather stats as to what actually happened 2) maps of "unsearched" areas to be built by anyone wanting to fill gaps 3) the "big boys" could learn to trust each other and use (2). 4) when all notified keys are tried, go in to killer mode, and try to find who is untrustworthy. Someone can only try it once, and getting a "big boy" tag takes a while, and a lot of CPU cycles ! > I suspect that sequential searching from a random starting point would be > much worse in the case of many independent searchers. Convince me (please) .... What size "chunks" should be scanned ? > * Another drawback is that the worst-case running time is infinite (but it is > infinitely unlikely). See above ... the big boys will do it eventually ... > In conclusion, I think random searching is the way to go. It has its advantages -- yes. Did you use it for Hal1 ? :-)) From usura at replay.com Sat Aug 26 10:03:49 1995 From: usura at replay.com (Alex de Joode) Date: Sat, 26 Aug 95 10:03:49 PDT Subject: Wide Release (Re: PGPfone (BETA TEST) is released) Message-ID: <199508261703.AA29706@xs1.xs4all.nl> Bob Snyder sez: [..] : > likely to be all over the (non-US-and-Canada) place before the : > weekend is over. : But if people get it from MIT directly, then MIT is violating ITAR/DTR, and : its lawyers would be justified in shutting things down. If it's pulled down : by a US citizen, and then sent out, I don't see how MIT could be held : responsible for it. It's already posted to alt.anonymous.messages, alt.fan.david-sternlight and alt.binaries.warez.mac . -- Alex de Joode Fear Uncertainty Confusion and Kaos, Inc. From tedwards at src.umd.edu Sat Aug 26 10:10:32 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Sat, 26 Aug 95 10:10:32 PDT Subject: Thanks for all your efforts ... you can stop now ... In-Reply-To: <"swan.cl.cam.:131320:950826110802"@cl.cam.ac.uk> Message-ID: On Sat, 26 Aug 1995, Piete Brooks wrote: > The actualy attempt is now over. See http://www.brute.cam.ac.uk/brute/ > (which is being updated from time to time). Thanks for your patience. > Could people running old versions please kill any looping clients. Thanks to Piete and the rest of the brute crew for getting this experiment together! I hope this will not be the end of our distributed brute-forcing runs, but only the beginning! We should be able to take what we have learned from this run and put together an even smoother run for the next challenge. -Thomas From tcmay at got.net Sat Aug 26 10:21:21 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 26 Aug 95 10:21:21 PDT Subject: Modern Journalism (was: All about Bernstein) Message-ID: I've never met either Dan Bernstein or Peter Cassidy, but this raises an issue of slight relevance to the themes of this list, at least the nexus of publicity and journalism issues. You folks may have different views of this trend toward journalistic puff pieces. As crypto issues reach public visibility, and as things like the SSL breakage get reported, and as digital money efforts reach fruition, I expect a lot more journalistic coverage. Sadly, I also expect most of the articles to be in the vein of the many repetitive articles about Phil Zimmermann. "The Soul of a New Journalist" meets "Manufacturing Drama" (apologies to Kidder and Chomsky). At 10:56 AM 8/25/95, Peter F Cassidy wrote: >Folks, > >I'm the guy who authored an upcoming piece about Bernstein's law suit >with the state department for WIRED. WIRED loves the piece but, in the >style of popular mags, wants more personal stuff on Bernstein, who is >super articulate about the science and law of crypto but super shy about >his heroic self. (Guy wouldn't even disclose his age! Had to threaten to >throw myself in front of a bus to get him to tell me he's from Long >Island!) Editor thinks guy comes across as a ghost, not surpisingly. . . > >One fellow from the list, following up an appeal I made here for Friends >of Bernstein to call me and tell me about the litigant's best qualities, >I'd appreciate greatly hearing from again. He called when I'd pretty much >passed deadline for manuscript delivery. I'm calling Dan again, but after >one trip to Delphi, I dunno if the responses from the Oracle will be any >more forthcoming. We need to "Just say No!" to journalists asking for "more personal details" to spice up their stories. No offense meant to Peter, who is apparently just responding to editorial pressures, but this "personal journalism" is getting tiresome. (Needless to say, "in my opinion." Your mileage may vary.) I no longer read the many puff pieces on Phil Zimmermann, for example, as they all are seemingly in the same format: huge closeup photos of Phil's face, crap about his peace activist days, personal anecdotes about his battles with RSADSI, speculations about his possible indictment, etc. Utter journalistic bullshit, Oprah style. I have expect Stone Philips to attach an Estes rocket engine to Phil to give the story more pizazz. Instead of good "science reporting," we get "personality pieces." Instead of explanations of crypto, of PGP, of the many important (and complicated!) issues involving identity, key signing, "nymity," digital money, and the implications of crypto anarchy, we get "People" magazine. "In the next issue, computer hackers reveal the secrets of their special diets." Granted, many people prefer personality stories. Fits with short attention spans, with only the most casual interest in the subject. If you've never heard of a prime number before, all you can get out of a story is where Dan Bernstein grew up and why he became a scientist. On a personal note, I provided almost no personal details to Steven Levy, for a book he's reported to be writing. I think he'll confirm this, if he's still reading this list. When he did the "Wired" piece a couple of years ago (cover story on "Crypto Rebels," issue #2, or "1.2"), the few personal details which crept in about us were (at least in my case) nearly the only such details provided. I kidded (not kiddered) Levy about the focus on "personalities" in modern books on high tech and science, and asked him not to do the same with me. There were three books out at that time (late 1992) on "complexity" and/or "artificial life": Levy's "Artificial Life," Mitchell Waldrop's "Complexity," and one by Lewin (sp?), which I have someplace but can't find right now. All were remarkably similar, with this as a typical personality passage: (opened at random) "When Langton finally made it to the University of Arizona campus in Tucson in the fall of 1976, he was able to hobble around with the aid of a cane, although there were still more operations to come on his knee and right shoulder..." (Waldrop, p. 211) And so on, ad nauseum. Chris Langton, a very fine fellow whom I met at the first Artificial Life conference, back in 1987 (before it got so trendy, so high tech chic), has been "profiled" in dozens of books, ad nauseum. Like Zimmermann, his childhood and exploits with hang gliders have been told over and over again, often substituting for solid explanations of the important ideas. I haven't seen Cassidy's story, of course, nor have I seen Levy's book (forthcoming, I think), so perhaps they have moved away from the personality profile approach. Editors may demand more personality stuff, but we should just say No. (Or not get interviewed, which is fine. I've turned down three interviews in the last year, mostly because I couldn't say what would be gained. Too many damned magazines anyway! What's the point of being the "freak of the week"--to use Dave Mandl's term--in some obscure issue of "Access" or "Spin" or "Raygun," when the issues are just skimmed by the Generation Xers to whom they are targetted? A wonderful, wonderful book which--I think--set the stage for modern personality profile journalism, at least in high tech, was Tracy Kidder's "The Soul of a New Machine." It came out in 1981 and was a best-seller and award-winner, recounting in great detail the development of the Data General answer to the VAX. Wonderful stuff about "shootouts at HoJos," about how "if you succeed you get to do it again," and how "Wests hire Wests." The personal stuff was fascinating, and lent an air of a group biography to the book. Highly recommended. I think this has become one of the main models for modern high tech journalists to emulate. However, few have the flair that Kidder had (Levy does, in my opinion), and many misapply the Kidder model to stories that basically don't have the drama that the Kidder story did. For example, artificial life is interesting stuff, but it's hard to get any high stakes drama out of it, except by "manufacturing drama" (to borrow from Chomsky). John Markoff, another writer whom I respect a great deal, is doing a screenplay (or story treatment, so I have heard) about the Mitnick affair. Lots of Hollywood stuff is already there: Shimomura, Mitnick, high tech war rooms tracking Mitnick's movements, a raid by the authorities, even a Nevada hooker who has it in for Shimomura (read the personality piece by Katie Hafner, Markoff's wife (I think), in a recent issue of "Esquire"). If he hits the big time, even more so than he's already hit, I expect even more journalists and writers will be sniffing around. "Cypherpunks--The Movie"? The modern crypto issue has some real drama, of course, but I'm not sure I want to read several pages on Dorothy Denning's childhood, or why Stu Baker had to miss Woodstock. I hope Levy is not just Kiddering. Anyway, enough of my rant on journalism today. I mean no offense to journalists, who are probably just doing their job. But publicity can be seductive, and sometimes it's better to just take a Zen approach of avoiding the empty furor. --Tim May, who lives in "Digital Walden," 90 miles south of San Francisco, and who thus finds it easy to turn down requests for interviews in SF. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From hallam at w3.org Sat Aug 26 10:59:28 1995 From: hallam at w3.org (hallam at w3.org) Date: Sat, 26 Aug 95 10:59:28 PDT Subject: SSL trouble In-Reply-To: <9508261034.AA15406@couchey.inria.fr> Message-ID: <9508261758.AA25920@zorch.w3.org> There are more effective solutions than simple random search, these have been known in the distributed processing arena for years. What you effectivelly have is a farmed solution to a problem with a high degree of trivial parallelism. Farms always suffer from the server bottleneck problem. The alternative is to use a multifarm, its a bit complicated to explain bu the essence is that you distribute the farmming mechanism. The most extreeme example of this is to have every slave also act as a master for some part of the problem. Since the bandwidth/processing ratio is unfavourable it would be better to have a small but non trivial (5-10) number of master controllers. The basic principles are to leverage pipelined parallelism, a slave does not simply ask for a chunk of keyspace, process it, return results and ask for the next chunk. Instead overlap work packages, give them more than one to work at at once so that the system does not suspend waiting on the server. Size the chunks adaptively, the more keyspace a processor works through the more packets it is given at once. Use integrity checks to ensure that the slaves are acting properly. One method of doing this is to keep secret part of the known plaintext (say 16 bits). A slave is required to report _all_ matches in the range to the master. Slaves who report a statistically low number of matches may be considered suspicious. It is a simple matter to allocate part of that keyspace to another processor for a double-check. [Its so obvious I'll apply for a patent on that technique] Another usefull technique is to require the slave to checksum some collateral result from the calculation mix. Then if its simply braindead software it can be detected. When running a multi-master farm it is important to realise that the slaves serve all the masters, not just a single one. Masters can distribute work chunks amongst themselves in larger chunks, as chunks are completed this is communicated to the other workers. If we used the Web as a substrate for this work the control software could then be used for other related tasks requiring large scale parallel processing on networked workstations. This was one of the original applications I looked at back in 1992 when I was doing an awful lot of this type of work. Phill Hallam-Baker From adept at minerva.cis.yale.edu Sat Aug 26 12:26:09 1995 From: adept at minerva.cis.yale.edu (White Adept) Date: Sat, 26 Aug 95 12:26:09 PDT Subject: PGP and AIX Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Has anyone sucessfully compiled PGP with AIX v.4 on an IBM RS6000? If so, please mail me, as I'm trying to install it sucessfully. Thanks! Ben. ____ Ben Samman..............................................samman at cs.yale.edu I have learned silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet, strange, I am ungrateful to those teachers.-- K. Gibran. SUPPORT THE PHIL ZIMMERMANN LEGAL DEFENSE FUND! For information Email: zldf at clark.net http://www.netresponse.com/zldf -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQB1AwUBMD90vL5ALmeTVXAJAQFY/wL/eMTW42xlF7BGJ8btfb4VCHvZcRFkTTZa vTAiCRRdlXsKsdLRtxmE+Bf2aRVsiXg1xQ3YVQNewcX42PLET+GGqmIo6u2jXuCn bfslubIHAr9InfPMV+/tOvGhgAWP3nTr =8qXL -----END PGP SIGNATURE----- From silly at whip.ugcs.caltech.edu Sat Aug 26 13:57:32 1995 From: silly at whip.ugcs.caltech.edu (me) Date: Sat, 26 Aug 95 13:57:32 PDT Subject: Florida Drivers Permits In-Reply-To: Message-ID: <41o1rg$hg9@gap.cco.caltech.edu> Censored Girls Anonymous writes: >On Sat, 26 Aug 1995, Robert A. Rosenberg wrote: >Minnesota has now been doing this for over a year. There's been a lot of >trouble with it, but they have them. Mine is do any day, and it will >certainly come in contact with a magnet, upon my possession. California has both the digitized picture and the mag stripe, and they even get a digital copy of your thumbprint. Hello, Brave New World. (me) From sryan at reading.com Sat Aug 26 14:22:12 1995 From: sryan at reading.com (steven ryan) Date: Sat, 26 Aug 95 14:22:12 PDT Subject: Modern Journalism (was: All about Bernstein) Message-ID: <199508262121.RAA24748@zork.tiac.net> I want to puhhff you up -- SNL? >We need to "Just say No!" to journalists asking for "more personal details" >to spice up their stories... >I no longer read the many puff pieces on Phil Zimmermann, for example, as >they all are seemingly in the same format: huge closeup photos of Phil's... You may not want to read those stories any more because you know all the details. But a puffed up cover story on Phil Z in People magazine would be one of the best things that could happen. Some actresses feel that any publicity is better than no publicity and they may be right. Given that we are not going to get many in depth technical articles in the mainstream press, puff pieces are better than nothing. In the last month on two different occasions I have been in casual conversations at work when the subject of PGP and cryptography came up based on articles in the local media. I was able to answer the questions and explain in detail the benefits of PGP and as well give out a disk loaded with the program for them to try. If the puff pieces weren't read by these people the subject would not have come up and I wouldn't have been likely to have had the opportunity to get these people interested in using PGP. Given that the average person still knows nothing of cypherpunk technology and issues and probably wouldn't mind if it was all outlawed in the name of national security, anything that keeps the topic in the public's eye is good. Steven Ryan sryan at reading.com From wfrench at interport.net Sat Aug 26 14:22:25 1995 From: wfrench at interport.net (Will French) Date: Sat, 26 Aug 95 14:22:25 PDT Subject: SSL trouble Message-ID: <199508262118.RAA15661@interport.net> > Use integrity checks to ensure that the slaves are acting > properly. One method of doing this is to keep secret part of > the known plaintext (say 16 bits). A slave is required to > report _all_ matches in the range to the master. Slaves who > report a statistically low number of matches may be considered > suspicious. It is a simple matter to allocate part of that > keyspace to another processor for a double-check. Please don't do anything like this. This will prevent people like me who prefer the "random" method from participating. Will French From tcmay at got.net Sat Aug 26 14:29:54 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 26 Aug 95 14:29:54 PDT Subject: PGPfone 1.0b4 Test at Party Tonight Message-ID: Talk about synchronicity! Three years ago, as we met for our first meeting (before we had been dubbed "Cypherpunks"), PGP 2.0 had just appeared a day or two earlier. Arthur Abraham prepared copies on floppies (I know, I know, not fully secure :-}), and we all got copies at that first meeting. Well, PGPfone was released yesterday, and the release date is officially 25 August. And I have it, and my Cypherpunks Santa Cruz party/meeting is tonight. It runs on Macintoshes, so far, and I got it downloaded (from "alt.anonymous.messages," ironically, as the MIT site would not let me have it, claiming they couldn't verify that "got.net" was a kosher site....so, "the street" gave it to me, without any of those messy restrictions on who I can give it to, etc.:-}). Quit an example of synchronicity, that it just appeared, that the Mac is its first implementation platform, and that today's my party. It seems to work, at least in voice mode, though I need to read up on set-ups for my sound input and output (fairly standard for the Mac, but always a chance of some misconfiguration). I have a PowerMac 7100av, goosed up to 84 MHz, so power should not be a problem. What would really be nice is to have someone to test this with. Hence this message. If you are willing to be a test partner, especially at tonight's Cypherpunks Santa Cruz party, send me a message with your phone number. And any tips you've found are necessary to make it work. (I already realized I had to get the latest Threads Manager, and did so via Apple's Web site.) The party starts around 6 p.m., PDT. A call around 8-10 p.m. PDT would be nice. I can call you, or vice versa, depending. Three cheers for synchronicity! --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From Piete.Brooks at cl.cam.ac.uk Sat Aug 26 14:58:08 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Sat, 26 Aug 95 14:58:08 PDT Subject: SSL trouble In-Reply-To: <199508262118.RAA15661@interport.net> Message-ID: <"swan.cl.cam.:029190:950826215747"@cl.cam.ac.uk> >> Use integrity checks to ensure that the slaves are acting >> properly. One method of doing this is to keep secret part of >> the known plaintext (say 16 bits). A slave is required to >> report _all_ matches in the range to the master. Slaves who >> report a statistically low number of matches may be considered >> suspicious. It is a simple matter to allocate part of that >> keyspace to another processor for a double-check. > Please don't do anything like this. This will prevent people > like me who prefer the "random" method from participating. You can't use the random method if the CRACK is using a sequential search. It just doesn't fit ! You can't ACK something which has not been allocated to you. However, if a CRACK were to be using random, the above would be useful as a "progress report" as the rate of reports indicates how well the search is going. It would also allow more equal sharing out of the prize money, as on average 2**15 "possible" keys would be found, and the first finder of each would receive a fraction of the prize. I don't know enough of the theory -- is there any limit as to how many "partial" matches there could be in a single "segment" ? (currently brure{ssl,rc4} stops on finding a match. They would have to keep going, and might have to return upto 2**16 partial results ?? ) From sandfort at crl.com Sat Aug 26 15:28:16 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 26 Aug 95 15:28:16 PDT Subject: Modern Journalism (was: All about Bernstein) In-Reply-To: <199508262121.RAA24748@zork.tiac.net> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sat, 26 Aug 1995, steven ryan wrote: > You may not want to read those stories any more because you know all the > details. But a puffed up cover story on Phil Z in People magazine would be > one of the best things that could happen. . . . I concur with Steven, but only so long as the piece is more or less sympathetic. I think Phil has gotten an amazing amount of positive press. In the scheme of things, this may prove to be more beneficial for the Cypherpunkish agendas than even his creation of PGP. Phil's image--cryptographer as puppy-dog--will help us a lot more than the "evil kiddieporn/terrorist/hacker" image the FBI and Diane Feinstein would prefer the public to see. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Buzz at static.noise.net Sat Aug 26 16:30:34 1995 From: Buzz at static.noise.net (Buzz White) Date: Sat, 26 Aug 95 16:30:34 PDT Subject: Article in Time Magazine In-Reply-To: <9508250941.AA00683@elysion.iaks.ira.uka.de> Message-ID: <41nhbe$2jb@nntp.crl.com> danisch at ira.uka.de (Hadmut Danisch) wrote: >> All the more reason to use Linux or FreeBSD - an OS you have the source for, >> on hardware that you can examine. >How would you want to examine a pentium processor? >Just an idea: >Take the block move instructions and attach a little state machine. >If a certain sequence of bytes is detected, a fuse somewhere on the chip >is burned and the processor could switch irreversible into a mode where >it does partial incorrect calculations. Send someone an email, an IP packet >or an ethernet packet and you can expect the packet to be moved by a >block move command. >Hadmut > Err, ummm -- what I meant is that _you_ are the one that purchases, installs, and decides on the processor, moterhbooard, RAM and accessories (like a PCI video card, SCSI controller, etc). If you want to go all the way to the microcode on the chip, then that's another thing altogether. I was mentioning microcode in the IBM way, being the thing you load on the IPL startup disk for a naked machine, not the embedded circuitry. Short of having a degree in Electronics Engineering, along with a scanning electron microscope (for viewing the chip masks) and a whole lot of experience with the chip in question, you are stuck with a trust of the chip manufacturer. No disagreement there. But, should there be a malicious "bug" in a chip, expecially in the PC world, it would show up sooner or later (as shown by the Pentium FP error). ALl the more reason to NOT be the first one on the block to upgrade (I still have Xenix on a 286 for my kid, Linux up on my old 386DX40, and my 486(NT) is just fine. I only recently aquired my first Pentium now that they are cheap enough for a P5-90). Regards Buzz From rjc at clark.net Sat Aug 26 16:31:07 1995 From: rjc at clark.net (Ray Cromwell) Date: Sat, 26 Aug 95 16:31:07 PDT Subject: proliferation of voicesystems Message-ID: <199508262330.TAA08738@clark.net> It's really great that there are all these voice transmission/encryption programs out there, the problem is, none of them will talk to each other. If I have a unix box, I have to use product X, if I have a PC, product Y, and a Mac, product Z, and X,Y, and Z all speak different protocols. The issue is more frustrating with web clients. I like to use Netscape, but if I want to view RealAudio, I have to switch to Windows, etc. Rather than have one "successful" product set a defacto standard and lock the rest of the market into one algorithm, cypherpunks who are working on voice products should collaborate to product an open standard, which specifies base level functionality, and drop in algorithm improvements. Perhaps even video should be considered as that too will eventually be a reality. Sooner or later, there must be a shakeout and a "standard" (defacto) will emerge. The question is, do you want this to be an extensible open standard that can cope with changing hardware and network capability, or do you want, say, InternetPhone, to win and set the standard by shear market share like Netscape is doing now and like Microsoft has been doing? Just something to consider. -Ray From wfrench at interport.net Sat Aug 26 16:36:41 1995 From: wfrench at interport.net (Will French) Date: Sat, 26 Aug 95 16:36:41 PDT Subject: SSL trouble Message-ID: <199508262332.TAA26817@interport.net> >> Please don't do anything like this. This will prevent >> people like me who prefer the "random" method from >> participating. > You can't use the random method if the CRACK is using a > sequential search. It just doesn't fit! Hehe... I've always been a bit of a misfit. > You can't ACK something which has not been allocated to you. But I could announce it on the list. > However, if a CRACK were to be using random, the above would > be useful as a "progress report" as the rate of reports > indicates how well the search is going. I don't want to make progress reports. > It would also allow more equal sharing out of the prize money, > as on average 2**15 "possible" keys would be found, and the > first finder of each would receive a fraction of the prize. Well, if someone starts talking real money, I might change my tune. Will French From hallam at w3.org Sat Aug 26 17:12:37 1995 From: hallam at w3.org (hallam at w3.org) Date: Sat, 26 Aug 95 17:12:37 PDT Subject: SSL trouble In-Reply-To: <199508262118.RAA15661@interport.net> Message-ID: <9508270011.AA25215@zorch.w3.org> >> Use integrity checks to ensure that the slaves are acting >> properly. One method of doing this is to keep secret part of >> the known plaintext (say 16 bits). A slave is required to >> report _all_ matches in the range to the master. Slaves who >> report a statistically low number of matches may be considered >> suspicious. It is a simple matter to allocate part of that >> keyspace to another processor for a double-check. > Please don't do anything like this. This will prevent people >like me who prefer the "random" method from participating. Not true, it would be open for anybody to sweep a random space and report the results. The only difference would be that the sweeper who discovered the real key would not be the first to know of a break and that it would not be possible to attack the crack through dishonestly claiming to have swept space that hadn't been. Phill From ylo at cs.hut.fi Sat Aug 26 18:21:39 1995 From: ylo at cs.hut.fi (Tatu Ylonen) Date: Sat, 26 Aug 95 18:21:39 PDT Subject: proliferation of voicesystems In-Reply-To: <199508262330.TAA08738@clark.net> Message-ID: <199508270121.EAA24196@shadows.cs.hut.fi> > It's really great that there are all these voice transmission/encryption > programs out there, the problem is, none of them will talk to each other. Maybe someone could start writing an internet draft about "encrypted voice transmission on the internet". It should address several issues: - compression methods, sampling rate differencies, encoding methods - encryption methods used for bulk data: at least IDEA, 3DES, DES (3DES and DES required, IDEA optional but recommended (for patent reasons)) - key exchange and authentication methods. One good model could be that used in Photuris (see the internet draft draft-ietf-ipsec-photuris-02.txt at e.g. www.ietf.cnri.reston.va.us). Photuris is essentially Diffie-Hellman followed by authenticating the other party via signing the exchange. (Authentication is important to avoid man-in-the-middle attacks). - specification of the protocol for modem-to-modem connections Provided that the compression method is patent-free, all of the related crypto patents expire within about two years (assuming something other than RSA can be used for the signatures - see the Photurs draft). (IDEA should be optional because its patent will not expire in near future). I think it would be a good idea to set up a mailing list for this. Tatu Ylonen From wfrench at interport.net Sat Aug 26 19:16:35 1995 From: wfrench at interport.net (Will French) Date: Sat, 26 Aug 95 19:16:35 PDT Subject: SSL trouble Message-ID: <199508270132.VAA05017@interport.net> >> Use integrity checks to ensure that the slaves are acting >> properly. One method of doing this is to keep secret part of >> the known plaintext (say 16 bits). A slave is required to >> report _all_ matches in the range to the master. Slaves who >> report a statistically low number of matches may be >> considered suspicious. It is a simple matter to allocate part >> of that keyspace to another processor for a double-check. > Please don't do anything like this. This will prevent > people like me who prefer the "random" method from > participating. > Not true, it would be open for anybody to sweep a random space > and report the results. I don't get it. If the challenge is partly secret, how will I know if I crack the code? > The only difference would be that the sweeper who discovered > the real key would not be the first to know of a break ? Sorry, the terminology seems to be over my head here. > and that it would not be possible to attack the crack through > dishonestly claiming to have swept space that hadn't been. That is one reason I like the random method. > You can't ACK something which has not been allocated to you. >> But I could announce it on the list. A clarification: my "it" above refers to a successful cracking of the code. Will French From dr261 at cleveland.Freenet.Edu Sat Aug 26 19:35:03 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Sat, 26 Aug 95 19:35:03 PDT Subject: proliferations of voicesystems Message-ID: <199508270234.WAA07065@kanga.INS.CWRU.Edu> I'd have to agree with you (Ray) completely about the need for standards for the voice internet communications software. I think it would be best to draw up a standard and disseminate it rather than wait for one to emerge out of a product. If a standard is designed, it could be designed with portability and extensions in mind, whereas if something like InternetPhone became a de-facto standard, it would probably be more difficult to add upon and port to alternate platforms. -- ================================================================= Tobin Fricke, Alias Light Ray dr261 at cleveland.freenet.edu TobinTech Engineering KE6WHF Amateur Radio The Digital Forest BBS (714) 586-6142, 28800bps From hallam at w3.org Sat Aug 26 20:20:53 1995 From: hallam at w3.org (hallam at w3.org) Date: Sat, 26 Aug 95 20:20:53 PDT Subject: SSL trouble In-Reply-To: <199508270132.VAA05017@interport.net> Message-ID: <9508270319.AA26098@zorch.w3.org> > I don't get it. If the challenge is partly secret, how will I >know if I crack the code? You don't thats how we make sure that you can't crack the code and not tell everyone else. The servers can be validated by using a standard bit commitment type affair. Its a matter of principle, we should ensure that the key breaking service is not itself subject to cryptanalytic attacks. One small point, cryptanalysis equipment is also covered by ITAR restrictions. Phill From adept at minerva.cis.yale.edu Sat Aug 26 21:14:07 1995 From: adept at minerva.cis.yale.edu (White Adept) Date: Sat, 26 Aug 95 21:14:07 PDT Subject: Eudora/Trumpet encryption (stupid, solved here) In-Reply-To: Message-ID: On Sat, 19 Aug 1995, Markku-Juhani Saarinen wrote: > > On Wed, 16 Aug 1995, Sean A. Walberg wrote: > > > I'm a crypto newbie here, but does anybody know how Trumpet Winsock > > and/or Eudora encrypt the passwords in their .ini files? I am trying to > > write a front end for a client and would rather it set up automatically > > rather than the program ask. > > > > It's not xor. It's wrap-around addition. Not much better than rot-13 :) I > broke it for my friend just a couple of days back, but it seems like he > has deleted the source I wrote at his place (crytoanalysis and writing the > 4-line c-source took about 20 minutes, total). Besides the key (the one > used in encryption of the password) may be different in different four line C source? I'm impressed. I've enclosed a bit longer C-source that does the same. > versions and licences of these programs. > > Here's what you'll have to do to get the built-in key: > > 1. set password to 00000000, for example, and see what it encrypts into. > 2. now substract 0x30 (ascii 0) from every character of the encrypted > password. congratulations, you have the key! :) > > Now you can pretty much figure out how to decrypt any password. > > Note: > Encrypted characters are in the range 32..127. First perform a logical > and with 0x7f. If the result is smaller than 32, add 32. Ben. ____ Ben Samman..............................................samman at cs.yale.edu I have learned silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet, strange, I am ungrateful to those teachers.-- K. Gibran. SUPPORT THE PHIL ZIMMERMANN LEGAL DEFENSE FUND! For information Email: zldf at clark.net http://www.netresponse.com/zldf /*This was written to deal with trumpet winsock's 'encryption' by spitting out the ppp-username and ppp-password values. This was written by: Ben Samman . The algorithm is very simple and a simple inspection of this file should be sufficient for most people to figure out whats going on. Feel free to copy this as you please, as long as you include this message with it. If you use this, please send me mail and tell me what its used for--I'd be somwhat curious. If there are any questions, feel free to mail me and ask me. USAGE: trmpbrk Definitions: BASE: Base is a trumpwsk.ini file in which you have inputted "000000000000" into the ppp-username box in the File/PPP Options/Username menu in Trumpet Winsock. Don't forget to rename this to something other than trumpwsk.ini(something like "0") I've included my copy of base, but every version/revision of Trumpet Winsock changes it, so I would recommend you do this yourself. PASS: This is the file that you want to decrypt the value for. Most of the time it will be trumpwsk.ini. Example: trmpbrk 0 trumpwsk.ini (c)Ben Samman */ #include #include void main(int argc, char **argv) { int i; unsigned char line[256], username[256], username_2[256]; FILE *BASE, *PASS; printf("TRMPBRK.EXE for finding PPP passwords from TRUMPWSK.INI\n"); printf("By: Ben Samman \n"); printf("Copyright 1995\n"); printf("\n\n"); /*First test for number of arguments*/ if (argc!=3) { fprintf(stderr, "Error: Too few arguments\n"); fprintf(stderr, "Usage:\t%s \n", argv[0]); exit(1); } BASE=fopen(argv[1], "r"); PASS=fopen(argv[2], "r"); while((strncmp(fgets(line, 255, BASE), "ppp-username", 12))!=0); for (i=14;i<(strlen(line)-3);i++) { username[i-14]=line[i]-'0'; } username[i]=0; while((strncmp(fgets(line, 255, PASS), "ppp-username", 12))!=0); for (i=14;i<(strlen(line)-3);i++) { username_2[i-14]=line[i]-username[i-14]; username_2[i-14]=(((username_2[i-14])%128)+(96*(username_2[i-14]<32))); } username_2[i]=0; printf("PPP Username: %s\n", username_2); while((strncmp(fgets(line, 255, BASE), "ppp-password", 12))!=0); for (i=14;i<(strlen(line)-3);i++) { username[i-14]=line[i]-'0'; } username[i]=0; while((strncmp(fgets(line, 255, PASS), "ppp-password", 12))!=0); for (i=14;i<(strlen(line)-3);i++) { username_2[i-14]=line[i]-username[i-14]; username_2[i-14]=(((username_2[i-14])%128)+(96*(username_2[i-14]<32))); } username_2[i]=0; printf("PPP Password: %s\n", username_2); } From monty.harder at famend.com Sat Aug 26 21:26:15 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Sat, 26 Aug 95 21:26:15 PDT Subject: SSL trouble Message-ID: <8AFE51A.0003000395.uuout@famend.com> DD> In conclusion, I think random searching is the way to go. It's even better DD> than Monty's pre-allocation with quad-coverage. Here's a thought: How about the best of both worlds. Keep the double-coverage, bidirectional sweep, and allocate only one "team". The client software will take the pre-allocated segment, and then go random for the rest of the run. * GHOTI = FISH? touGH: GH = F wOmen: O = I dicTIonary: TI=SH. I love English! --- * Monster at FAmend.Com * From wfrench at interport.net Sat Aug 26 21:35:56 1995 From: wfrench at interport.net (Will French) Date: Sat, 26 Aug 95 21:35:56 PDT Subject: SSL trouble Message-ID: <199508270432.AAA20728@interport.net> >> I don't get it. If the challenge is partly secret, how >> will I know if I crack the code? > You don't thats how we make sure that you can't crack the code > and not tell everyone else. Why would I want to do such a thing? And if I did, why would anyone care? > Its a matter of principle, we should ensure that the key > breaking service is not itself subject to cryptanalytic > attacks. Absolutely. And the simplest way to do that is to use the random method! > One small point, cryptanalysis equipment is also covered by > ITAR restrictions. What is the significance of this rather ominous warning? Will French From q at c2.org Sat Aug 26 22:57:39 1995 From: q at c2.org (Q Mixmaster Remailer) Date: Sat, 26 Aug 95 22:57:39 PDT Subject: Florida Drivers Permits Message-ID: <199508270513.WAA26795@infinity.c2.org> silly at whip.ugcs.caltech.edu ((me)) wrote: > California has both the digitized picture and the mag stripe, and > they even get a digital copy of your thumbprint. Hello, Brave New > World. I wonder what, if anything, you could be charged with if that magnetic strip "accidentally" came too close to a degausser? From adept at minerva.cis.yale.edu Sat Aug 26 23:18:45 1995 From: adept at minerva.cis.yale.edu (White Adept) Date: Sat, 26 Aug 95 23:18:45 PDT Subject: Florida Drivers Permits In-Reply-To: <199508270513.WAA26795@infinity.c2.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 26 Aug 1995, Q Mixmaster Remailer wrote: > silly at whip.ugcs.caltech.edu ((me)) wrote: > > > California has both the digitized picture and the mag stripe, and > > they even get a digital copy of your thumbprint. Hello, Brave New > > World. > > I wonder what, if anything, you could be charged with if that > magnetic strip "accidentally" came too close to a degausser? Why bother to degauss it--why not just let it "rest" too long on those demagnetizing pads they use at department stores and libraries to demagnetize the security strips? Ben. ____ Ben Samman..............................................samman at cs.yale.edu I have learned silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet, strange, I am ungrateful to those teachers.-- K. Gibran. SUPPORT THE PHIL ZIMMERMANN LEGAL DEFENSE FUND! For information Email: zldf at clark.net http://www.netresponse.com/zldf -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQB1AwUBMEAMob5ALmeTVXAJAQHYcAL+JRRXuWGz3f5bxlQ3g5lExTkmPiKMYs7I nIGxLgEXDd2+krZBa++M+6k30ZcxBhsrJamz1IzLhQ6tiXbqsOmTHtlGlBHuppi+ 0pHTk/ddFuDU/gu6NXuix7f8XOTCfd4S =YMlm -----END PGP SIGNATURE----- From poodge at econ.Berkeley.EDU Sat Aug 26 23:21:23 1995 From: poodge at econ.Berkeley.EDU (Sam Quigley) Date: Sat, 26 Aug 95 23:21:23 PDT Subject: Florida Drivers Permits In-Reply-To: <199508270513.WAA26795@infinity.c2.org> Message-ID: <199508270620.XAA16117@quesnay.Berkeley.EDU> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "Q" == Q Mixmaster Remailer writes: > silly at whip.ugcs.caltech.edu ((me)) wrote: >> California has both the digitized picture and the mag stripe, >> and they even get a digital copy of your thumbprint. Hello, >> Brave New World. > I wonder what, if anything, you could be charged with if that > magnetic strip "accidentally" came too close to a degausser? Not much...(!) People who don't have the strip at all aren't breaking any laws, and they aren't required to get strips added. It's just that the DMV won't give out new cards that don't have the strip. Presumably just like the post office and zip codes: you don't *need* it, but it speeds things up if you've got it. - -sq -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMEAOrVIP+Y8TPTdtAQHADAQAuZUNX+cuW/nJHBSoc4KW1+C1LpJFWhUB vXJoA7kgLuq3J38fuk/NNJ2/96z+DQdp8woJxk7PQu5LOdTRQrUajB1sxYL4vB9B m9gELh/sdmtoSpXcraQMRCMKYnWHiBUZJzvEqBIEbBjM4Q4y4DDkHN3S+yukPTyk AQW8vmlCEaw= =8fIS -----END PGP SIGNATURE----- From dr261 at cleveland.Freenet.Edu Sat Aug 26 23:26:32 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Sat, 26 Aug 95 23:26:32 PDT Subject: Greetings Message-ID: <199508270626.CAA00589@kanga.INS.CWRU.Edu> Greetings, everyone. I just discovered this list a few days ago and have been monitoring since then. It's pretty interesting. I'd like to get involved. I'm very interested in cryptography and mathematics, but I have very little cryptographic experience. (hm. Is there a Cypherpunks FAQ?) From the conversation that's going on, I am led to beleive that Cypherpunks is setting up a distributed system to break some cryptographic system or factor a large number. I would expect that a constant net connection would be a requirement to participate in such an interesting event. In any case, I have a 486DX-50 running Linux and I'm interested and curious and willing to learn and help in any way I can. -- ================================================================= Tobin Fricke, Alias Light Ray dr261 at cleveland.freenet.edu TobinTech Engineering KE6WHF Amateur Radio The Digital Forest BBS (714) 586-6142, 28800bps From dr261 at cleveland.Freenet.Edu Sat Aug 26 23:37:31 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Sat, 26 Aug 95 23:37:31 PDT Subject: Demagnetizing Message-ID: <199508270637.CAA03863@kanga.INS.CWRU.Edu> > demagnetizing pads they use at department stores and libraries How exactly does that system work? They can't instantly demagnetize something with a quick tap on a pad, can they? Also, what are they demagnetizing? Is it a strip embedded in the spine of the book, or is it just in a sticker on the outside? For instance, how do they do it to magazines (or do they? they go through the process with magazines, too, or is that just because they don't know better?)? -- ================================================================= Tobin Fricke, Alias Light Ray dr261 at cleveland.freenet.edu TobinTech Engineering KE6WHF Amateur Radio The Digital Forest BBS (714) 586-6142, 28800bps From Piete.Brooks at cl.cam.ac.uk Sun Aug 27 00:41:51 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Sun, 27 Aug 95 00:41:51 PDT Subject: Greetings In-Reply-To: <199508270626.CAA00589@kanga.INS.CWRU.Edu> Message-ID: <"swan.cl.cam.:183500:950827074128"@cl.cam.ac.uk> > going on, I am led to beleive that Cypherpunks is setting up > a distributed system to break some cryptographic system or > factor a large number. See http://www.brute.cl.cam.ac.uk/brute/ We are trying to show that the US Govt' crippling iof exportable "secure" protocols to 40 bits leaves them open to CRACKing by others than the NSA. > I would expect that a constant net connection would be a requirement to > participate in such an interesting event. No -- that is the preferred way, but you can use a network connection (WWW or direct socket) to get part of the address space to search, process it offline, and then report back your findings later. From dr261 at cleveland.Freenet.Edu Sun Aug 27 00:45:12 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Sun, 27 Aug 95 00:45:12 PDT Subject: Demagnetizing Message-ID: <199508270744.DAA15929@kanga.INS.CWRU.Edu> Where exactly is the r/c circuit? Is it very small and in a label? Book publishers don't put them in, do they? Also, if the thing gets "burned out" by the magnet in the pad, what do libraries and such do where materials are reused? Just slap on another label thing? -- ================================================================= Tobin Fricke, Alias Light Ray dr261 at cleveland.freenet.edu TobinTech Engineering KE6WHF Amateur Radio The Digital Forest BBS (714) 586-6142, 28800bps From dr261 at cleveland.Freenet.Edu Sun Aug 27 00:48:53 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Sun, 27 Aug 95 00:48:53 PDT Subject: Greetings Message-ID: <199508270748.DAA16297@kanga.INS.CWRU.Edu> Ah. By address space, you mean a set of possible keys, right? Is there specific software we use to test this 'address space,' or do we come up with our own? It seems that there ought to be a more exotic method other than a brute force attack. I don't know much about cryptography, but if there's a way to get "feedback" as to how "close" a key is to the real key, then some sort of genetic algorithm could be devised. Actually, perhaps not, since there are no "genes" envolved, just a big number. Hm. -- ================================================================= Tobin Fricke, Alias Light Ray dr261 at cleveland.freenet.edu TobinTech Engineering KE6WHF Amateur Radio The Digital Forest BBS (714) 586-6142, 28800bps From mib at davinci.netaxis.com Sun Aug 27 01:18:55 1995 From: mib at davinci.netaxis.com (Man In Black) Date: Sun, 27 Aug 95 01:18:55 PDT Subject: Demagnetizing In-Reply-To: <199508270637.CAA03863@kanga.INS.CWRU.Edu> Message-ID: On Sun, 27 Aug 1995, Tobin T Fricke wrote: > How exactly does that system work? They can't instantly > demagnetize something with a quick tap on a pad, can they? Also, > what are they demagnetizing? Is it a strip embedded in the spine > of the book, or is it just in a sticker on the outside? For > instance, how do they do it to magazines (or do they? they > go through the process with magazines, too, or is that just > because they don't know better?)? The way the system works at my local library is that there _is_ a strip embedded in the spine and it isn't demagnetized by a quick tap by rubbing it several times over a demagnetizer (there's a big sticker on the side that says not to leave any magnetic storage media near it). As far as magazines go, my library simply doesn't let people borrow them (which means if it ain't there, it's stolen). Anyone know how they protect against magazine theft (okay, no crypto relevance. reply to me and not the list, then). Later. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 Comment: There is no such thing as electronic privacy. mQCNAzA9lawAAAEEAMYfSOuOc2Han9mukOOf1JPVQnke79fMxSiwbq25IKAAgIUP x6ICYwsm8s2l1vjoBgPHcVIyoJ1mlA8s1X05oSnO6skwhtASMS7CNY/m+b7gG1XH uZkwSXkwP5ZZXOaYkVHaImKKVXCk3VoPax7l4V5JsfLuiRuP6PCnxsH0qebZAAUR tB5NYW4gSW4gQmxhY2sgPG1pYkBuZXRheGlzLmNvbT4= =BJS/ -----END PGP PUBLIC KEY BLOCK----- From anonymous-remailer at shell.portal.com Sun Aug 27 01:38:11 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Sun, 27 Aug 95 01:38:11 PDT Subject: nym server development mailing list Message-ID: <199508270829.BAA15699@jobe.shell.portal.com> ------- Forwarded Message To: Remailer-Operators at c2.org From: Bryan Strawser Subject: Nym Server Development.... Date: Fri, 11 Aug 1995 21:04:22 -0500 (EST) John Fleming, along with a bit of support help from myself, is developing a nym server that he is intending to release to the public once we are satisfied with the performance and the state of the code. At this point and time, John has pushed the code to the point where we have am experimental nym server operating that is being constantly refined and features added. Along the same lines, I am presently working on solid documentation for when the nymserver is ready for public use, and for the later public release of the code. John created a mailing list for those interesting in contributing to the development of his nymserver and as a forum for discussion of nymserver related issues. So far, there have been few folks subscribed, and no answer from those that are presently subscribed to the list. I find this rather disappointing. This is your chance to get involved in developing this server. There has been alot of interest expressed in nymservers on this list previously, as well from other folks that presnetly use the type I and II remailers that are running today. Just like the other types of anonymity out there, a nymserver has many viable reasons for existance. The lack of publically available code for such a server, as there is for remailers, should motivate us to get behind John and his efforts. To subscribe to the nymserver development & discussion forum, send a message to majordomo at sephiroth.org with the line "subscribe nyms " in the body of the message. Questions about the nymserver should be directed to that list so that all can be involved in the development. Thanks for your input, Bryan - -- Bryan Strawser, Gondolin Technologies, Bloomington, IN USA Remember Waco feanor at gondolin.org Live free or die ------- End of Forwarded Message From A.Back at exeter.ac.uk Sun Aug 27 01:39:50 1995 From: A.Back at exeter.ac.uk (A.Back at exeter.ac.uk) Date: Sun, 27 Aug 95 01:39:50 PDT Subject: SSL trouble In-Reply-To: <199508262332.TAA26817@interport.net> Message-ID: <9584.199508270839@olib> Will French writes: > Well, if someone starts talking real money, I might change my > tune. We are talking real money, the guy who hit the key will shortly be getting c$ 442.30 (DigiCash c$), the amount of c$ donated for the 2nd challenge on this page: http://dcs.ex.ac.uk/~aba/sslprize.html Now collecting donations for the 3rd challenge which I guess Piete will be hoping to do in the next few weeks, after a few software improvements have been made. You can buy US$ with these on the unofficial digicash exchange: http://www.c2.org/~mark/ecash/ecash.html The current exchange rate is around 100 c$ = 5 US$, so that's ~22 US$, not a huge prize, but all it needs is more donors to get a bigger prize fund, if you want to join in to make the prize fund bigger, sign up for the digicash trial (you get 100 c$ free): http://www.digicash.com/ecash/ and buy some c$ on the unofficial exchange. Adam From q at c2.org Sun Aug 27 01:51:02 1995 From: q at c2.org (Q Mixmaster Remailer) Date: Sun, 27 Aug 95 01:51:02 PDT Subject: Mixmaster Questions Message-ID: <199508270823.BAA07092@infinity.c2.org> Is there an automated way I can keep my PUBRING.MIX and TYPE2.LIST files updated automatically? (I'd prefer to be able to "finger" them from somewhere and redirect the results into a file.) Also, does anyone do a periodic "ping" of Mixmaster remailers to make sure they're up and running? I only run Mixmaster as a client, and not as a remailer, and I'd like a way to make sure I don't send a message to the bitbucket by accidentally chaining it through a "dead" remailer. Also, what is the latest version of Mixmaster? Thanks. From www at www.sierra.com Sun Aug 27 02:05:29 1995 From: www at www.sierra.com (NCSA HTTPd) Date: Sun, 27 Aug 95 02:05:29 PDT Subject: Sierra On-Line FAQ Message-ID: <199508270906.CAA22206@www.sierra.com> (Following is a FAQ for the SierraWeb Welcome Kit) Welcome to SIERRAWEB� Here is some helpful information which we hope can answer a range of possible questions. At Sierra On-line, we want to make all your visits to our web site most enjoyable. SIERRAWEB FAQ (Frequently Asked Questions) Q: How do I log on to the Sierra On-line web site? A: The SierraWeb address on the World Wide Web is http://www.sierra.com/ Since this document was most likely sent to you along with your password verification then you've already signed on to SierraWeb once. Q: What do I do with the verification code-words you e-mailed to me? A: Log back on to SierraWeb by typing our address in your web browser. Then, after typing in your name and password, type in the Verification Code-Word and you'll be officially registered. This is the only time you'll have to type in your Verification Code unless you re-register again. Q: Why does SierraWeb use a password and verification code-word? A: We ask for your name and email address to confirm the unique- ness of every member. It allows us to a.) customize the service for each individual member's preferences and b.) help us better understand the demographic profile our membership and c.) prevent abuse of the website such as unauthorized orders or the use of offensive language. All in all, we want to get to know you as an individual. Q: What if I forget my password? A: At SierraWeb, you choose your own password so we hope it will be easy to remember. If you forget it, then you'll need to re- register and pick a new one. Q: How do I change the look and links of my personal User Page? A. Just one of the things that makes SierraWeb unique is that it allows you to change the way you view much of the information that is available. Special 'looks' will change the web control page bars at the top and bottom of the page as well as the page background. (Can't view backgrounds on your browser :^( , you can still change your control bars.) For instance, you can choose an Arcade 'look' by choosing 'Arcade' from the pop-up menu at the bottom right of your SierraWeb Personal Page. If you're in- terested in Football or Baseball, you might select the 'Box Seats' look. Do you like outer space and science fiction? Try out the Space Command look. Here's a chart to help you choose the look or looks that you might like If you like... You might try... Adventure games like Myth and Magic King's Quest Mother Goose or Playtoons 'Family Fun' Comedy like Space Quest or 'Comedy' Leisure Suit Larry or Woodruff & the Schnibble Children's Learning 'Kid Smarts' Reality Role Playing '9-1-1' Action/Arcade 'Arcade' Air/Sea Battle Simulations 'Combat' Football/Baseball 'Sports Fan' Horror/Mystery/Suspense 'Frightful' ...and more! Plus you can choose from a selection of pure colored backgrounds Q: What does the LINK change do? A: Along with changing your 'look' on SierraWeb, you can also change your 'Link.' A 'link' is a direct click-jump to a Sierra game category (also called genre). There are a number of categories of games at Sierra. Here is a brief list. ACTION ADVENTURE COMEDY KIDS EDUCATION FAMILY SIMULATION SPORTS ...and more! To create a link directly to a category, select the 'Link' you want to jump to and click on the change button. The new 'Link' you select will appear in the Link window. Q: Back to the 'looks,' I noticed that I have a choice between a full page's background and a GIF tile. What's the difference? A: The full page background is a page backdrop from an actual Sierra game. Since these files are generally around 30K in size you'll either need to have a fast modem, say 14,400 or 28,800 or some patience. (They're worth waiting for!). If you are using a slower modem, or would like a change of pace, choose the tile looks. These files load much quicker since they are quite a bit smaller in size. Q: I can't see any backgrounds on my page. A: Some browsers are not yet compliant with the background feature. You may wish to change your browser to one that meets the HTML 2.0 standards. Q: I can't see the whole page? A: The standard width size for most pages on our website is 9 inches and you should adjust the size of your browser window to that width. Q: I see a mailbox on my personal page and the words 'YOU HAVE MAIL!'? What is this? A: From time to time, Sierra will be informing members with news about our company products and people. If you see the words 'YOU HAVE MAIL!,' click on the mailbox to read your mail from Sierra HQ. Q: How do I send mail to Sierra? A: To reach Sierra On-line with a Technical Support question, go to the Help Center which is reachable by clicking the 'Help Center' icon on the bottom control bar (the one with the ? Over the globe). You can also make Customer Service inquiries from the Help Center. Note: Some links may not be suitable for youngsters under the age of 13 and may be automatically deactiviated. Q: How do I use the SEARCH feature? A: You'll find a SierraWeb SEARCH button in the upper left hand corner of most SierraWeb pages. Click on it and you will be presented with a Word Search Box ready for you to type in the word or words you are interested in locating on other pages. For instance, if you are interested in football, Simple type in: football. If you are interested in Space, type in: Space. By typing space you might be directed to the Space Quest series games or to a space game like Outpost. Q: How do I find my way back to my Personal Page? A: Just click on the HOME button underneath the Sierra logo in the upper right hand corner of most pages on SierraWeb and you will be automatically transported back HOME to your Personal Page. From www at www.sierra.com Sun Aug 27 02:05:30 1995 From: www at www.sierra.com (NCSA HTTPd) Date: Sun, 27 Aug 95 02:05:30 PDT Subject: Sierra On-Line Authentication Key Message-ID: <199508270906.CAA22203@www.sierra.com> Welcome cypherpunks to SierraWeb. We are pleased to present you with the key to our magical kingdom in the form of a verification key. Your Sierra Web verification key is... humane-tomato Be sure and make a note of it! The next time you log in and are prompted for it, type in your verification key. Remember, your verification key is not your password. Your password is the word you chose when registering. Use the following URL to verify your membership: http://www.sierra.com/authenticate.html From perry at piermont.com Sun Aug 27 04:25:08 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 27 Aug 95 04:25:08 PDT Subject: proliferation of voicesystems In-Reply-To: <199508270121.EAA24196@shadows.cs.hut.fi> Message-ID: <199508271034.GAA20541@frankenstein.piermont.com> Tatu Ylonen writes: > > It's really great that there are all these voice transmission/encryption > > programs out there, the problem is, none of them will talk to each other. > > Maybe someone could start writing an internet draft about "encrypted > voice transmission on the internet". Well, we already have standards for how to send audio in general over the internet (the RTP standards that are used in the MBONE among other places.) Presumably if you take IPSEC and cross it with RTP... The real issue to me is setting such things up so that they work nicely even on point to point modem connections without too much protocol overhead. > I think it would be a good idea to set up a mailing list for this. Probably... Perry From jsantala at walli.uwasa.fi Sun Aug 27 04:44:33 1995 From: jsantala at walli.uwasa.fi (Jukka Santala) Date: Sun, 27 Aug 95 04:44:33 PDT Subject: C2.ORG REMAILER In-Reply-To: <41gsan$elo@utopia.hacktic.nl> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In scroll <41jnqn$qgm at nntp.crl.com>, Nobody wrote: > sameer at soda.CSUA.Berkeley.EDU (Sameer Parekh) wrote: >> Community COnneXion will not reveal the identity of non-anonymous >> account holders without a court order or explicit permission from >> the account holder. > Sameer - You caved WAAAY too easily - I will suggest that we ban ALL > inclusion of your reamiler in any chain, due to the fact tha your > c2.org CAN NOT be trusted to resist pressure. See ya on the c-punks > area. Now, Nobody, that is chickenshit if anything, and I "suggest" you know it. The actions taken by Community ConneXion in no way prove that it would be any less trustable in this matter than any other remailer in the world. In fact, certain coolheadedness to all parties present is, in my opinion, one of the main requirements of respectable remailer. In fact, had c2.org been pinned down for the copyright infrigment with no ability to point the real infriger, CoS could well have stood a change to get hold of any possible remailer logs. Just like in the anon.penet.fi case, where Helsingius gave out the entries identifying the account in question instead of holding them back at the risk of getting all the entries confiscated. It's called picking the lesser evil. In fact, the only effect you stand to gain from accusing people of such acts is perhaps making them that much more inclined to really co-operate with your enemy next time they ask for it. Furthermore, altough Sameer could've been pretty sure of even monetary support from the 'net community in his battles against CoS, I personally think such would only be waste of resources. The copyrights of OT materials will be found out in Erlich's case, posting them publicly in Lerma's case and the common provider status of ISP's will be tested in Netcom's case. In my opinion, we stand nothing to gain, only lose, from increasing the number of cases further. Not to even mention that the Fishman documents have now been temporarily sealed, which further clouds the issue. Finally, I hope you do know that the reason of actually using remailer-chains is the admittance that some of them might be compromised. The idea behind remailer chains is that each and every one of the mailers in the chain needs first to be identified and then compromised to successfully find out the real poster. "Banning" it out of the remailer chains, even if possible, would serve no purpose. Posting the facts and letting people make their own decisions based on those could, perhaps, be warranted. Regards, Donwulff Intergalactic terrorist and arms dealer, squire for Knights of Xenu. Operation Entheta National Command, captain Donwulff of Discordia. Tell your people. alt.religion.scientology Let The World Know! -><- Hail Eris! All hail Discordia! -><- -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMEBkayrmAC3+VL2ZAQEw3AQAvq5NKAExecLJ1/GKpSfO10w8Y/H/1cpi AJAGc2JikWfPVvhxaw1b1Ib3TiX4IyvMHXu2YIldDUcWnCYq/Yx2iAnbeo08r7Uq y7sgDjghyuMBX9EXtaVN4uiRSc+ESDM/oTQGc6atFbtqrSmoKlyO/jHWp/A76pL/ SIYVGLU+kV8= =DQ3K -----END PGP SIGNATURE----- From henri at netcom.com Sun Aug 27 06:34:38 1995 From: henri at netcom.com (henry) Date: Sun, 27 Aug 95 06:34:38 PDT Subject: this is getting silly (was Re: C2.ORG REMAILER) In-Reply-To: <41gsan$elo@utopia.hacktic.nl> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article , Jukka Santala wrote: >In scroll <41jnqn$qgm at nntp.crl.com>, Nobody wrote: >> sameer at soda.CSUA.Berkeley.EDU (Sameer Parekh) wrote: >>> Community COnneXion will not reveal the identity of non-anonymous >>> account holders without a court order or explicit permission from >>> the account holder. >> Sameer - You caved WAAAY too easily - I will suggest that we ban ALL >> inclusion of your reamiler in any chain, due to the fact tha your >> c2.org CAN NOT be trusted to resist pressure. See ya on the c-punks >> area. this is bogus. i'll explain why. >Now, Nobody, that is chickenshit if anything, and I "suggest" you >know it. The actions taken by Community ConneXion in no way prove >that it would be any less trustable in this matter than any other >remailer in the world. In fact, certain coolheadedness to all >parties present is, in my opinion, one of the main requirements of >respectable remailer. In fact, had c2.org been pinned down for the >copyright infrigment with no ability to point the real infriger, CoS >could well have stood a change to get hold of any possible remailer >logs. i seriously doubt that sameer keeps logs, as i believe he runs a cypherpunks remailer. furthermore, regardless of how anyone feels about the state of sameer's courage, attacking his integrity is utterly ridiculous. he hasn't given out anyone's userid, nobody's anonymity has been compromised, and to suggest that because you don't like his decision in this matter that he's going to go around coughing up userids and personal identities is completely ridiculous. ridiculous beyond belief. i agree with jukka. sameer's given us no reason not to trust him, even if he's given us a bit of attitude. i'd probably have responded in about the same way if i were suddenly dragged into what you have to admit is an extremely convoluted and bizarre netwar with an alarming tendency to get people's computers confiscated and homes attacked. h - -- Xenu's Famous House o' Clams T-shirts! *All* profits go to MoFo to help with the Dennis Erlich Defense Fund. Email to: ladyada at gnu.ai.mit.edu for details $15 per shirt, 3 colors. Design available at http://www.cybercom.net/~rnewman/scientology/home.html -----BEGIN PGP SIGNATURE----- Version: 2.6.i iQBVAgUBMEBxw3Z/m2/Pgo35AQHpkwH8DO752jxoMFwG6fCLsI7vZGMV/hxX4H/U K1PWw5XZQanIeSMytdML5lbok5iwWWoD2xMwnWBSjvgSRyxmuNkLyQ== =tTgw -----END PGP SIGNATURE----- From cwe at Csli.Stanford.EDU Sun Aug 27 11:48:30 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Sun, 27 Aug 95 11:48:30 PDT Subject: SSL trouble In-Reply-To: <9508261034.AA15406@couchey.inria.fr> Message-ID: <199508271848.LAA18104@Csli.Stanford.EDU> | Let us call "sequential search" an algorithm that remembers which keys were | tried and avoids trying them again, and "random search" an algorithm that | just tries keys at random without bothering to check. | | The sequential search has the following problems: | | 1. The server is badly overloaded. | It is vulnerable to a variety of active attacks: | 2. "result hoarding" attacks: finding the result and reporting it "not foun d". | 3. "dilution" attack: allocating some search space and not sweeping it. | 4. plain old "denial of service" attack: deliberately overloading the serve r | with bogus communications. | 5. And of course all of the above in their "buggy software or hardware" | versions. And there is the third alternative, hierarchical search, which distributes the task of giving out keys. This is admittedly a little bit more involved, of course. The SKSP had provisions for doing it hierarchically, as far as I understood it, although I might be wrong. What I wonder is wheter the server congestion really showed that the protocol is flawed. Handing out bigger blocks relieved the situation. I think this can be further improved if you do a couple more things. 1. The server knows approximately how many requests per second it can take, and tells the clients this information. 2. The client initially does a testrun, and determines how fast it runs. 3. Each client is handed a block that, given the approximate number of currently pending and active blocks out there, together with the calculation time of the client, will give an acceptable number of requests/time unit to the server. 4. The server acks (S-ACK) the block-ack to the client. If the client doesn't get an ack (S-ACK) from the server for its ack (B-ACK), it keeps the ack around til the next block is calculated, and sends this ack together with the new acks. 5. The server can hand out allocated blocks to others, for those blocks that has not been acked in three times the estimated calculation time. 6. If a client is unable to get a key allocation after a number of tries, it can chose a random block and search that. It can then be acked to the server. This may result in overlapping blocks, but this should not pose such a big problem, since most of the key space is searched in an orderly manner anyway. It would be very interesting if detailed statistics or the logfile of the server could be published somewhere. How many machines were involved? etc... /Christian From Piete.Brooks at cl.cam.ac.uk Sun Aug 27 12:21:34 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Sun, 27 Aug 95 12:21:34 PDT Subject: SSL trouble In-Reply-To: <199508271848.LAA18104@Csli.Stanford.EDU> Message-ID: <"swan.cl.cam.:079000:950827192056"@cl.cam.ac.uk> > And there is the third alternative, hierarchical search, which > distributes the task of giving out keys. This is admittedly a > little bit more involved, of course. The SKSP had provisions for > doing it hierarchically, as far as I understood it, although > I might be wrong. Indeed, it does, and we plan to provide a "local CPU farm" server which can be used when a number of machine are sharing the same ID. > What I wonder is wheter the server congestion really showed that > the protocol is flawed. No -- but that the early version of the code were buggy. As it is, 6 clients which are still running are managing to keep the server permanently busy. I think the protocol itself is OKish .. > Handing out bigger blocks relieved the situation. Not really. It did however mean that when a chunk was allocated, three times as much work was done ! > 1. The server knows approximately how many requests per second it > can take, and tells the clients this information. Hmm -- hard to tell -- the *server* can take lots, but if the *clients* have problems, things go wrong. A select/poll server is not going to be tried on the next one -- that'll only be used if that goes slow as well ... > 2. The client initially does a testrun, and determines how fast it > runs. The latest version of brloop starts with a call of "brutessl -q -t 1" to decide how big the chunks should be ... > 3. Each client is handed a block that, given the approximate number > of currently pending and active blocks out there, together with the > calculation time of the client, will give an acceptable number of > requests/time unit to the server. I suspect that figures would be too crude ... The server would have to keep track of clients and how long their sessions take .... Should a client which takes 20s for a session be given blocks that take 20 times longer to process than one which manages it in 1s ? > 4. The server acks (S-ACK) the block-ack to the client. Sorry -- what does that mean ? > If the client doesn't get an ack (S-ACK) from the server for its ack (B-ACK), > it keeps the ack around til the next block is calculated, and sends this > ack together with the new acks. Sorry -- I'm lost ... > 5. The server can hand out allocated blocks to others, for those > blocks that has not been acked in three times the estimated > calculation time. I've split allocation from ACKs. One server just doles out keys, the other just collects the ACKs. I don't want to add that sort of realtime feedback. What do you do about WWW clients ? What if someone grabe a big chunk, farms it out to several machines, and they ACK bits back ... ? > 6. If a client is unable to get a key allocation after a number of > tries, it can chose a random block and search that. It can then be > acked to the server. This may result in overlapping blocks, but this > should not pose such a big problem, since most of the key space is > searched in an orderly manner anyway. Again no realtime fedback from ACKs :-( > It would be very interesting if detailed statistics or the logfile > of the server could be published somewhere. How many machines were > involved? etc... That'll come -- as the WWW pags says. pelase let me know what stats you'd like. From tedwards at src.umd.edu Sun Aug 27 12:39:01 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Sun, 27 Aug 95 12:39:01 PDT Subject: proliferation of voicesystems In-Reply-To: <199508270121.EAA24196@shadows.cs.hut.fi> Message-ID: On Sun, 27 Aug 1995, Tatu Ylonen wrote: > Maybe someone could start writing an internet draft about "encrypted > voice transmission on the internet". It should address several > issues: > - compression methods, sampling rate differencies, encoding methods BTW - does anyone actually know what the voice compression is in PGPfone? -Thomas From tedwards at src.umd.edu Sun Aug 27 12:40:34 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Sun, 27 Aug 95 12:40:34 PDT Subject: proliferations of voicesystems In-Reply-To: <199508270234.WAA07065@kanga.INS.CWRU.Edu> Message-ID: On Sat, 26 Aug 1995, Tobin T Fricke wrote: > I'd have to agree with you (Ray) completely about the need for > standards for the voice internet communications software. There is a standards track for real-time audio and video communications. Seems to me the hard part is defining codecs, the easy part is dropping in crypto. -Thomas From shamrock at netcom.com Sun Aug 27 13:15:11 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 27 Aug 95 13:15:11 PDT Subject: proliferation of voicesystems Message-ID: At 15:38 8/27/95, Thomas Grant Edwards wrote: >On Sun, 27 Aug 1995, Tatu Ylonen wrote: > >> Maybe someone could start writing an internet draft about "encrypted >> voice transmission on the internet". It should address several >> issues: >> - compression methods, sampling rate differencies, encoding methods > >BTW - does anyone actually know what the voice compression is in >PGPfone? GSM lite and I think CELP. PGPFone has some serious problems with the variable latencies of real life connections. These problems will not go away until PGPFone makes the shift to APIs that are designed to deal with such problems, such as QuickTime conferencing. I hope PRZ will realize this. -- Lucky Green PGP encrypted mail preferred. From anonymous-remailer at shell.portal.com Sun Aug 27 13:18:29 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Sun, 27 Aug 95 13:18:29 PDT Subject: Florida Drivers Permits Message-ID: <199508272017.NAA06661@jobe.shell.portal.com> White Adept wrote: > -----BEGIN PGP SIGNED MESSAGE----- > On Sat, 26 Aug 1995, Q Mixmaster Remailer wrote: > > silly at whip.ugcs.caltech.edu ((me)) wrote: > > > California has both the digitized picture and the mag stripe, and > > > they even get a digital copy of your thumbprint. Hello, Brave New > > > World. > > I wonder what, if anything, you could be charged with if that > > magnetic strip "accidentally" came too close to a degausser? > Why bother to degauss it--why not just let it "rest" too long on those > demagnetizing pads they use at department stores and libraries to > demagnetize the security strips? Better would be to figure out the encoding scheme and post it here. Anonymously to be sure From terrell at sam.neosoft.com Sun Aug 27 13:41:18 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Sun, 27 Aug 95 13:41:18 PDT Subject: Demagnetizing Message-ID: <199508272050.PAA05379@sam.neosoft.com> >Reply-To: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) > >Where exactly is the r/c circuit? Is it very small and in >a label? Book publishers don't put them in, do they? >Also, if the thing gets "burned out" by the magnet in the >pad, what do libraries and such do where materials are >reused? Just slap on another label thing? > It's much more low-tech than that. Libraries and book stores just put a strip of magnetized material (it's much like audio tape, about 1/8 inch wide and comes on rolls) inside the book and then put detectors at the doorway. It the detector feels a magnetic field, it buzzes; if the tape has been deguassed, nothing happens. For libraries, it's usually mounted on sticky tape and put down inside the book spine. Bookstores usually just snip off a 4 - 5" segment and slip it inside the book. Music stores frequently tape a small section on the outside of CD jewel boxes. Sorry, there's no real mystery or exciting tech here. Buford C. Terrell 1303 San Jacinto Street Professor of Law Houston, TX 77002 South Texas College of Law voice (713)646-1857 terrell at sam.neosoft.com fax (713)646-1766 From carolab at censored.org Sun Aug 27 13:44:56 1995 From: carolab at censored.org (Censored Girls Anonymous) Date: Sun, 27 Aug 95 13:44:56 PDT Subject: Florida Drivers Permits In-Reply-To: <199508272017.NAA06661@jobe.shell.portal.com> Message-ID: On Sun, 27 Aug 1995 anonymous-remailer at shell.portal.com wrote: > > Better would be to figure out the encoding scheme and post it here. > Anonymously to be sure Thanks, I'll remember to do that to MN's license. Anyone know of stripereaders in the state? Member Internet Society - Certified BETSI Programmer - WWW Page Creation ------------------------------------------------------------------------- Carol Anne Braddock <--now running linux 1.0.9 for your pleasure carolann at censored.org __ __ ____ ___ ___ ____ carolab at primenet.com /__)/__) / / / / /_ /\ / /_ / carolb at spring.com / / \ / / / / /__ / \/ /___ / ------------------------------------------------------------------------- A great place to start My Cyber Doc... From tedwards at src.umd.edu Sun Aug 27 14:01:11 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Sun, 27 Aug 95 14:01:11 PDT Subject: proliferations of voicesystems In-Reply-To: Message-ID: On Sun, 27 Aug 1995, Thomas Grant Edwards wrote: > There is a standards track for real-time audio and video communications. > Seems to me the hard part is defining codecs, the easy part is dropping > in crypto. See ftp://gaia.cs.umass.edu/pub/hgschulz/rtp/draft-ietf-avt-rtp-06.txt for more information on the RTP standard. See ftp://gaia.cs.umass.edu/pub/hgschulz/rtp/draft-ietf-avt-profile-04.txt for the use of RTP in video and audio conferencing. This draft recommends the following audio encodings: name nom. sampling rate type frame description Hz kb/s S/F ms _________________________________________________________________________ L8 11025 88.2 S 8-bit linear, offset L16 48000 768 S 16-bit linear, 2's complement L16 44100 705.6 S L16 22050 352.8 S L16 11025 176.4 S G722 16000 64 S CCITT/ITU-T subband ADPCM PCMU 8000 64 S CCITT/ITU-T mu-law PCM PCMA 8000 64 S CCITT/ITU-T A-law PCM G721 8000 32 S CCITT/ITU-T ADPCM IDVI 8000 32 S Intel/DVI ADPCM [IMA] IDVI 16000 64 S Intel/DVI ADPCM [IMA] G723 8000 24 S CCITT/ITU-T ADPCM GSM 8000 13 F 20 RTE/LTP GSM 06.10 1016 8000 4.8 F 30 CELP _________________________________________________________________________ Some of these seem perfectly appropriate for 28.8 kbps transmission, even with the overhead of a PPP dialup connection. From cwe at Csli.Stanford.EDU Sun Aug 27 14:43:44 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Sun, 27 Aug 95 14:43:44 PDT Subject: proliferation of voicesystems In-Reply-To: <199508270121.EAA24196@shadows.cs.hut.fi> Message-ID: <199508272143.OAA19782@Csli.Stanford.EDU> Note that most of the MBone tools already has encrypted sessions built in them, and have had that for at least a year, and that the MICE project in Europe has tried to put encryption into the last ones. There is also a lot of standardization efforts going on within the IETF community, for example within the MMUSIC group, chaired by Mark Handley from UCL, London . They are standardizing the session control protocol, for example, using one called CCCP. They are also concerned about security, thats for sure. /Christian From Piete.Brooks at cl.cam.ac.uk Sun Aug 27 14:53:57 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Sun, 27 Aug 95 14:53:57 PDT Subject: Thanks for all your efforts ... you can stop now ... In-Reply-To: Message-ID: <"swan.cl.cam.:122740:950827215255"@cl.cam.ac.uk> > Can someone please summarize the experience for those of us whom were on > vacation during the trial so we can learn in an abridged way? What > problems ensued (the bottlenecks, etc.) and what solutions were thought > up? Thanks. See http://www.brute.cl.cam.ac.uk/brute/ for a view from the centre ... Any other experiences welcomed. From rjc at clark.net Sun Aug 27 15:00:34 1995 From: rjc at clark.net (Ray Cromwell) Date: Sun, 27 Aug 95 15:00:34 PDT Subject: proliferation of voicesystems In-Reply-To: Message-ID: <199508272159.RAA00299@clark.net> Lucky Green writes: > >BTW - does anyone actually know what the voice compression is in > >PGPfone? > > GSM lite and I think CELP. PGPFone has some serious problems with the > variable latencies of real life connections. These problems will not go > away until PGPFone makes the shift to APIs that are designed to deal with > such problems, such as QuickTime conferencing. I hope PRZ will realize > this. And Windows95/NT has a Audio Compression Manager which comes with GSM and TrueSpeech compression drivers. The problem is, what will be done for the Unix users? A standard audio API is sorely missing in the unix world (NetWork Audio System and AudioFile aren't solutions) -Ray From midnight at rio.atlantic.net Sun Aug 27 15:30:01 1995 From: midnight at rio.atlantic.net (Richard) Date: Sun, 27 Aug 95 15:30:01 PDT Subject: Demagnetizing In-Reply-To: Message-ID: On Sun, 27 Aug 1995, Man In Black wrote: > On Sun, 27 Aug 1995, Tobin T Fricke wrote: > > > How exactly does that system work? They can't instantly > > demagnetize something with a quick tap on a pad, can they? Also, > > what are they demagnetizing? Is it a strip embedded in the spine > > of the book, or is it just in a sticker on the outside? For > > instance, how do they do it to magazines (or do they? they > > go through the process with magazines, too, or is that just > > because they don't know better?)? > > The way the system works at my local library is that there _is_ a strip > embedded in the spine and it isn't demagnetized by a quick tap by rubbing > it several times over a demagnetizer (there's a big sticker on the side > that says not to leave any magnetic storage media near it). As far as > magazines go, my library simply doesn't let people borrow them (which > means if it ain't there, it's stolen). Anyone know how they protect > against magazine theft (okay, no crypto relevance. reply to me and not > the list, then). Later. > Okay. The strips that you see in books and on those fake UPC stickers on merchandise are NOT magnetic. They are simply antennas that are tuned to a particular frequency. What happens is that when you go near one of the readers/recievers, an elecromagnetic (RF) wave is transmitted. The antenna/sticker is tuned to this particular frequency and resonates with it. The result is that there is a RE-RADIATION of that particular wave and the receiver detects that out-of-phase retransmitted wave and sets of the alarm. The deactivator simply raditates a stronger wave (tuned to the same frequency) that burns a small fuse on the sticker and changes the length of the antenna and hence its resonant frequency. I'm not sure how the book strips work but they are similar. There has to be a mechanism in there for resetting some sort of small microelectric circuit that can be reset and change the length of the antenna. -Richard From cwe at Csli.Stanford.EDU Sun Aug 27 15:52:56 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Sun, 27 Aug 95 15:52:56 PDT Subject: SSL trouble In-Reply-To: <199508270432.AAA20728@interport.net> Message-ID: <199508272252.PAA20854@Csli.Stanford.EDU> | > One small point, cryptanalysis equipment is also covered by | > ITAR restrictions. | | What is the significance of this rather ominous warning? And I guess they would consider even brute-forcing code to be cryptoanalysis? But not the actual netscape binaries, since they are for "proper" use. :-( Sigh. I'm getting tired of all this. /Christian From scmayo at rschp1.anu.edu.au Sun Aug 27 17:28:13 1995 From: scmayo at rschp1.anu.edu.au (Sherry Mayo) Date: Sun, 27 Aug 95 17:28:13 PDT Subject: SSl challenge - it was fun! Message-ID: <9508280028.AA28532@toad.com> > Hi > > Someone asked about the SSL challenge. Well if you're interested > here is a personal view from a "client" participant. > > Despite criticisms posted to this > list I think it worked pretty well for a first attempt, > mainly due to Piete for hacking out new code and fixing things > pretty quickly when things went wrong. > > There was very little time to test software initially and > get problems ironed out. I couldn't get brutessl to compile > without tinkering and had timeout problems with brclient > due to the sometimes slow > link from Austalia. Later versions of client software (that I didn't > get till half way through the challenge) seemed to run without > any problems and without losing ACKs. But my old client had failed > to ACK quite a few of its earlier keyspaces and due to lack > of a logfile I ended up writing a script to redo them and > ACK them with the new version of the client software. > > One problem with being in Australia was that I was asleep when > new software updates were announced and tended to get them later > than everyone else, and because of this an auto-update would > be particularly useful to me if we do this again. > > In the end it needed a bit of user intervention to get all > my keyspaces ACKed but the problems were sorted out by the > time the challenge was half way through and I think the next > time we try this (and I hope we will) it will run much more > smoothly. It was a good "learning" experience for all of us > (especially Piete!) and should be regarded as what it was: > an experiment that didn't run completely smoothly but was > ultimately successful. > > Taking part in the challenge was fun and I hope we can do > another challenge sometime soon. > > One gripe though - my ACKs don't appear on the credits list ;-( > > Sherry > > From cwe at Csli.Stanford.EDU Sun Aug 27 17:42:04 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Sun, 27 Aug 95 17:42:04 PDT Subject: Server congestion Message-ID: <199508280041.RAA22255@Csli.Stanford.EDU> I talked about acks of acks in a previous message, and I guess is was somewhat vague there. What happened, according to my uninformed view, during the SSL2 challenge was that the server got congested, and had problems with both answering to key allocation requests and ack replies. I guess that the load of the machine was so high that it lost packets in the input queues. Client -----> UDP/Key allocation req ----> Client -----> UDP/Key allocation req ----> Client -----> UDP/Key allocation req ----> Server ---+ | alloc Client <------- UDP/allocation reply ----------------+ | | working... | Client ------- UDP/ack ------------------> ?? One problem was that the client believed that the ACK had arrived at the server if it had sent it off, not counting with the possibility of the ACK being lost on the way. I instead propose that the Server sends a acknowledgement back to the client once it has received an ACK from a client. | working... | Client ------- UDP/ack ------------------> Server -+ | Client <------ UDP/Server-ack ------------ Server -+ And then the client knows the server actually received the ACK and has incorporated it into its table. The client has to handle the case that either the Ack or the Server-ack is lost. I propose it doesn't retransmit immediately, but rather waits until next time it has to ack something, and piggybacks the old ack onto the new one. Client -----> UDP/Key allocation req ----> Client -----> UDP/Key allocation req ----> Client -----> UDP/Key allocation req ----> Server ---+ | alloc Client <------- UDP/allocation reply ----------------+ | | working... | Client ------- UDP/ack1 ------------------> ?? | "oops, oh well, lets try later." | Client -----> UDP/Key allocation req ----> Server ---+ | alloc Client <------- UDP/allocation reply ----------------+ | | working... | Client ------- UDP/ack2/ack1 ------------> Server -+ | Client <------ UDP/Server-ack {1,2} ------ Server -+ | There are countermeasures if either part doesn't get messages for some reason. If the server doesn't see the ACK for a block, it might give that block out to someone else. If the client is unable to retrieve a block from the server, I suggest it just picks a random block and starts working on it. I may very well not be allocated to someone else, and then the client was able to do something good in the meantime even though it didn't get a proper key alloc. /Christian From perry at piermont.com Sun Aug 27 18:20:52 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 27 Aug 95 18:20:52 PDT Subject: proliferation of voicesystems In-Reply-To: <199508272159.RAA00299@clark.net> Message-ID: <199508280120.VAA20942@frankenstein.piermont.com> Ray Cromwell writes: > The problem is, what will be done for the Unix users? A standard > audio API is sorely missing in the unix world (NetWork Audio > System and AudioFile aren't solutions) It depends on what you mean by an API. If you are just talking about driver interfacing there are de facto standards at this point -- basically everyone has been adopting the sun /dev/audio ioctls. .pm From loofbour at cis.ohio-state.edu Sun Aug 27 18:52:16 1995 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Sun, 27 Aug 95 18:52:16 PDT Subject: SSL ACKs vs. Anonymity (was Re: SSL trouble) In-Reply-To: <199508271848.LAA18104@Csli.Stanford.EDU> Message-ID: <199508271943.PAA16219@hammond.cis.ohio-state.edu> Having ACKs from the people cracking your SSL exchange is fun; it provides feedback on whether your code is working, allows the volunteers to see their name in lights, and gives you this nice warm feeling that progress is being made. In server-allocation schemes, it also provides an optimization: no need to hand out chunks that have been ACKed. Not having ACKs provides anonymity to those who are performing the crack. The only two agents who have issues of anonymity to consider are: the one presenting the challenge (and its prize), and the one that gets the solution (and its prize). Perhaps anonymity is unimportant for toy problems: so far, Hal has not complained that Agent 86's CCNs have been spread all over the Net. I can imagine a "real" challenge being a much more serious affair. Do you really want to be caught talking with www.brute.cam.cl.ac.uk for two days straight just before someone posts Louis Freeh's American Express number to alt.credit-cards.exploit? nathan From rjc at clark.net Sun Aug 27 19:44:17 1995 From: rjc at clark.net (Ray Cromwell) Date: Sun, 27 Aug 95 19:44:17 PDT Subject: proliferation of voicesystems In-Reply-To: <199508280120.VAA20942@frankenstein.piermont.com> Message-ID: <199508280244.WAA12743@clark.net> > > > Ray Cromwell writes: > > The problem is, what will be done for the Unix users? A standard > > audio API is sorely missing in the unix world (NetWork Audio > > System and AudioFile aren't solutions) > > It depends on what you mean by an API. If you are just talking about > driver interfacing there are de facto standards at this point -- > basically everyone has been adopting the sun /dev/audio ioctls. That's too low-level to deal with the proliferation of PC sound systems, especially since even non-intel workstations are adopting PCi buses. If I recall, /dev/audio relies on u-law/a-law encoding. That's only one component of a higher level audio system. That's like having a /dev/svga but no Motif library. Furthermore, a /dev/audio like interface doesn't admit good hardware acceleration, such as if you had to play an MPEG layerIII audio, but your sound card had a DSP. -Ray From sryan at reading.com Sun Aug 27 19:50:19 1995 From: sryan at reading.com (steven ryan) Date: Sun, 27 Aug 95 19:50:19 PDT Subject: nym server development mailing list Message-ID: <199508280250.WAA09233@zork.tiac.net> >John created a mailing list for those interesting in contributing to the >development of his nymserver and as a forum for discussion of nymserver >related issues. So far, there have been few folks subscribed, and no >answer from those that are presently subscribed to the list. I find >this rather disappointing. This sounds very interesting and on topic for the list. If it is such low volume why not talk about it here and then if it gets to be too much volume move it to a separate list? You may generate more interest that way and keep more people informed. Steven Steven Ryan sryan at reading.com From mark at lochard.com.au Sun Aug 27 20:04:56 1995 From: mark at lochard.com.au (Mark) Date: Sun, 27 Aug 95 20:04:56 PDT Subject: SSl challenge - it was fun! In-Reply-To: <9508280028.AA28532@toad.com> Message-ID: <199508280134.AA19987@junkers.lochard.com.au> >> One problem with being in Australia was that I was asleep when >> new software updates were announced and tended to get them later >> than everyone else, and because of this an auto-update would >> be particularly useful to me if we do this again. I would be extremely wary of this as accepting code written by someone else to automatically run on your machine is bad. I realise the non unix people are forced to use binaries and have no way of knowing what in hell is in the nice software, but Unix people have a responsibility to themselves and the others on their machines/networks to at least check that everything is ok. If they do not have the expertise, they will hear of it soon enough when others scan the offered code. Having source code to these programs is essential, from a security and snub the TLAs point of view. People need to be educated how to write systems to use crypto and they need to be able to check no trojans are included. Mark mark at lochard.com.au opinions are rumoured to be mine. From penny at tyrell.net Sun Aug 27 20:33:19 1995 From: penny at tyrell.net (Alan Penny) Date: Sun, 27 Aug 95 20:33:19 PDT Subject: e$: The Book-Entry/Certificate Distinction Message-ID: <199508280328.AA18864@tyrell.net> > Date: Wed, 23 Aug 1995 23:30:27 -0700 > From: tcmay at got.net (Timothy C. May) > Subject: Re: e$: The Book-Entry/Certificate Distinction > > At 4:10 AM 8/24/95, Alan Penny wrote: > >The other night I heard that some of the rules for selling stock have > >been changed to allow companies to sell stock directly to investors. > >I have been thinking that this may have the potential to support an > >interesting system. > > My company sold stock to me directly, through a Stock Participation Plan > and an Incentive Stock Option Plan. I think that the point of the news report was that in the past companies were limited in the type of investor they could sell to (e.g., employee, stock-broker). I assume what they meant by the report was that a company under the new rules could sell stock to anyone who asked. > > >Imagine "Portfolio Accounts" with a debit-card like access method. > > I use a debit card which directly accesses my stock account. More on this > in a moment. > > >Instead of paying for an item at a store with money or credit you use > >your Portfolio-Account card and buy the item with shares/micro-shares > >of stock. Stock brokers may offer this type of service in response the > >competition of companies bypassing them. Stock brokers could setup > >services that mediate between transactions calculating trades and values > >"on-the-fly" (anonymity could be tricky to build into this system). > > This is where it breaks down. Stock prices are denominated in dollars (or > the local currency, as applicable). And local purchases are denominated in > dollars. Nobody pays "one microMicrosoft" for a loaf of bread. They pay $1. > And Microsoft stock sells for $100, not 100 loaves of bread. Prices could still be denominated in dollars, but the actual transaction could be executed with stock value (at the current market price). There would be an element of risk in these transactions since after the transaction a stock's value might go down, but it might also go up as well. I would think that if a merchant had a large volume of transactions and a varied stock "intake" a merchants portfolio would tend to balance out in terms of stock increases and decreases. > > >If the company you worked for paid you with stock instead of money this > >would complete the loop. > > The IRS and other tax authorities have this one figured out: barter > economies are not generally a way to avoid taxes. > Oh well, you win some and you loose some :-) > >This also has the interesting feature of avoiding all taxes. Until you > >"cash out" your account you would not have to pay taxes, if you never > >need cash out your account, you never need to pay taxes. I suspect that > >our friendly governments would try to "correct" this "problem" in the > >long run if they can. > > If you are paid in barter for some service, taxes are still owed, based on > the estimated value of services rendered. > > By the way, a simpler example than all this talk of partial shares of > companies is simply to talk about paying each other in gold, or oil, or any > other commodities. Hmmm, a "micro-spot" commodity market? Cordially, [-------------------------------------------------------------------------] [ Public pgp-key: email penny at tyrell.net with subject as 'send pgp-key' ] [ My opinions are mine. I have scored 90% on the the Turing Test. ] [ Alan Penny, penny at tyrell.net ] From crypto at midex.com Sun Aug 27 20:55:24 1995 From: crypto at midex.com (Matt Miszewski) Date: Sun, 27 Aug 95 20:55:24 PDT Subject: Thanks for all your efforts ... you can stop now ... In-Reply-To: Message-ID: On Sat, 26 Aug 1995, Thomas Grant Edwards wrote: > I hope this will not be the end of our distributed brute-forcing runs, > but only the beginning! We should be able to take what we have learned > from this run and put together an even smoother run for the next challenge. > Can someone please summarize the experience for those of us whom were on vacation during the trial so we can learn in an abridged way? What problems ensued (the bottlenecks, etc.) and what solutions were thought up? Thanks. > -Thomas > Matt From root at wero Sun Aug 27 22:13:48 1995 From: root at wero (root) Date: Sun, 27 Aug 95 22:13:48 PDT Subject: Encrypted TCP, telnet, etc Message-ID: <199508280514.XAA00277@wero> -----BEGIN PGP SIGNED MESSAGE----- Just noticed this on USENET. Sorry if it's passed through cpunks lately, but ya know, sometimes I just fall asleep while the conspiracypunks drivel goes by, and don't notice when someone strays back to crypto. - ---Start Msg Newsgroups: alt.security,sci.crypt Subject: Secure Telnet: Summary Message-ID: <41q81d$22he at info4.rus.uni-stuttgart.de> From: zcbi1122 at rpool4.rus.uni-stuttgart.de (Jochen Schwarze) Date: 27 Aug 1995 16:55:09 GMT Organization: Comp.Center (RUS), U of Stuttgart, FRG NNTP-Posting-Host: rpool4.rus.uni-stuttgart.de Lines: 74 Thanks to everyone who responded to my posting regarding a `secure telnet' implementation: Is there a (possibly free) implementation of something like a "secure telnet"? I'm looking for a way to login into a remote system providing secure interactive communication between the two hosts over (possibly insecure) Internet connections. Here's a summary of the implementations I am now aware of: * SSL There is a free implementation of Netscape's SSL Protocol (Secure Socket Layer) by Eric Young named "SSLeay" . Eric Young is also the author of a popular DES Library. SSL provides a secure authentication and encryption basis on top of which application protocols like telnet, ftp, and http may be transparently added . However, the RC4 encryption using a 40 bit key, which is employed by SSL, has recently been cracked with a brute force attack, see RISKS-17.27 . A modified version of telnet that uses SSL-based authentication and encryption is also available . * Deslogin Deslogin by Dave Barrett provides a network login service much like rlogin/rlogind. Deslogin uses a `challenge-response' protocol to authenticate users. Also, all data transmitted to and from the remote host in encrypted using the DES. Deslogin also includes a command-line program `cipher' for fast DES encryption. * SRA Telnet This is a version of the SRA Telnet modified by the Technical University of Chemnitz. A session key is negotiated using an uncertified Diffie-Hellman-Method and used for the encryption of UID and password. The complete session text in encrypted with DES in CFB mode. * Ssh Ssh (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. Among other features, Ssh is a complete replacement for rlogin, rsh, and rcp. * Skey Bell Canada's `skey' free-ware implements a one-time password system, so that sniffers can get your ID and PW, but can't use the PW next time. - ---------------------------------------------------------------------- I provide this information in the hope that it will be useful, but with no claim of either completeness or correctness. Thanks again to all who contributed to compile the above information. - -- Jochen Schwarze - ---End Msg First question: what does anyone know about these programs. Second question: since I'm only a cyphergroupie, how can I make use of these programs? Currently, I'm trying to move as many operations as I can (mix client, mail reading, etc) to my local Linux box so that all traffic headed through my server is already encrypted. Naturally, some of these programs look interesting, the SSL telnet (but what about the other end?) for example. I noticed an announcement that DID come across cpunks: [snip] Announcing CryptoTCP beta version 0.9 CTCP is a public domain software package to do encrypted TCP sessions on unix systems. It features Diffie-Hellman key exchange with triple-DES encryption. This initial release is to be considered a beta version. Bug reports or comments on security issues are invited. [snip] Detached signature for ctcp.0.9.tar: - - -----BEGIN PGP MESSAGE----- Version: 2.71828 iQCVAgUAMBqiPf32LDYerV6NAQHUoAP/RLU0mM3ydxC9vjzay8hR5Qmb5zupHyCO klW8IYjxIt14jnBTqkVM7q+mnaAWK2Ishppe14H5K6MAn/VOe2o5Hf61wAzJuxzw wywiA9ZOdb+2cxm86YMgdbrnv430BCbSjPITV5PHyorovSqhX4RLLB1R8oOX4WUB 5WwzgLyV6Kc= =ltvK - - -----END PGP MESSAGE----- But I missed where this comes from, and I doubt I'd be able to drop it into my Linux in anything resembling a plug-and-play style. Anybody tried this? Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMEFQdMLa+QKZS485AQENNwMAu5du39fa8Dy5qaFCV0sq2IK4kwUVGYsP 1RndpErFYQoWC6wTmz2wB4AqeDUG6OmujFPF6as9vvl6RPT3MxKcd2St7wAGllwX p7Q0WTfPA7u2ICStsvJ/MtRMKSMQniii =fYr3 -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From Jaeson.M.Engle at dronf.org Sun Aug 27 23:08:47 1995 From: Jaeson.M.Engle at dronf.org (Jaeson Engle) Date: Sun, 27 Aug 95 23:08:47 PDT Subject: PGP for pine and other Unix programs Message-ID: I'd like to be added to your list of people wanting the 1.0 version. By then I should have MachTen running on my PowerPC Mac, and I would like to make sure that it works for that. Thanks Jaeson At 2:19 AM 8/23/95, Bryce Wilcox wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >> Does anyone know of an addon to the Pine mailer that supports PGP? >> the only PGP software i could find required me to first compose a >> letter in an editor then run it through a pgp signature program >> then finally read it into my favorite mailer. >> >> I'm looking for something that is hopefully transparent, or if not >> relatively quick to do. > > >My "Bryce's Auto-PGP" fits the bill. It is an sh script so it can be >integrated without too much trouble into Pine, Elm, trn, tin, mh, etc etc. >I have personally tested it with Pine so I know it'll work. You can e-mail >me for a beta copy, or you can ask for a v1.0 copy if you don't mind waiting >an unspecified amount of time for beta-testing to finish. > > >Regards, > >Bryce > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 >Comment: Auto-signed with Bryce's Auto-PGP v1.0beta > >iQCVAwUBMDrWWfWZSllhfG25AQEpXQP+ISF5DNtNa/SbceUTPzFkHLO7YFoV01+S >t91Tt488GplyFQrimqbJpRTRtdxNjt4fR7o23F9kbRkPRtD3zQPxi0/jjT29JrNU >Oi0eiteq2FpgAoevMdkfwdsVKupW2fb78jNnz2490JHM/Zr1CvOH+2bwziQ1i8hR >5y48rjUrLTE= >=DQYq >-----END PGP SIGNATURE----- -- Jaeson M. Engle http://www.dronf.org Coordinator of the Jourvian Group PGP Mail Encouraged -> jme.pub.key at dronf.org Project List -> programs at dronf.org From alt at iquest.net Sun Aug 27 23:46:25 1995 From: alt at iquest.net (Al Thompson) Date: Sun, 27 Aug 95 23:46:25 PDT Subject: Demagnetizing Message-ID: At 04:26 PM 8/27/95 -0500, Buford Terrell wrote: > >>Reply-To: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) > >> >>Where exactly is the r/c circuit? Is it very small and in >>a label? Book publishers don't put them in, do they? >>Also, if the thing gets "burned out" by the magnet in the >>pad, what do libraries and such do where materials are >>reused? Just slap on another label thing? >> >It's much more low-tech than that. Libraries and book stores just >put a strip of magnetized material (it's much like audio tape, >about 1/8 inch wide and comes on rolls) inside the book and then >put detectors at the doorway. It the detector feels a magnetic field, >it buzzes; if the tape has been deguassed, nothing happens. > >For libraries, it's usually mounted on sticky tape and put down >inside the book spine. Bookstores usually just snip off a 4 - 5" >segment and slip it inside the book. Music stores frequently tape >a small section on the outside of CD jewel boxes. > >Sorry, there's no real mystery or exciting tech here. There's still some mystery. For instance, how does it differentiate between the magnetic field of their strip, and the magnetic field of the strip on your credit card, or the speaker on your cell phone? From jirib at sweeney.cs.monash.edu.au Sun Aug 27 23:51:51 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Sun, 27 Aug 95 23:51:51 PDT Subject: Auto-update (was: Re: SSl challenge - it was fun!) In-Reply-To: <199508280134.AA19987@junkers.lochard.com.au> Message-ID: <199508280649.QAA12896@sweeney.cs.monash.edu.au> Sorry if I stuff up; I'm trying for PGP-signed and the PGP is on a different machine... -----BEGIN PGP SIGNED MESSAGE----- Hello Mark and scmayo at rschp1.anu.edu.au (Sherry Mayo) and cypherpunks at toad.com ...[asking for an auto-update]... > I would be extremely wary of this as accepting code written by someone else to > automatically run on your machine is bad. ... Why? I wouldn't say "bad". I'd say "you need to know what you are doing". ... > If they do > not have the expertise, they will hear of it soon enough when others scan the > offered code. ... Perhaps there should be a mechanism whereby code offered would be signed by various parites. When sufficient signatures have collected, auto-update can proceed. Yes, no, maybe? Jiri - -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMEFmuixV6mvvBgf5AQEkRwP/TUorbtcmElHjWVrxJ8KoTlM0D3/oK4xh Jh4+QLGaH/aNvI5ehdhPjn+tFXwL/ONS+J/pzO0b2cP9GcM3D6PvtUWxmsTwwaMh jXkctAPIuO24nb0cAXtcj7LlUe4s5DqIVvkCYi8UrdPXrYEV5DaKti4MYD7oShgC XMkzzcv55bQ= =wa8h -----END PGP SIGNATURE----- From edgar at highnrg.sbay.org Mon Aug 28 00:18:29 1995 From: edgar at highnrg.sbay.org (Edgar Swank) Date: Mon, 28 Aug 95 00:18:29 PDT Subject: Announcing SecureDrive 2.4 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- This is to announce the availability of Version 1.4 of SecureDrive. SecureDrive Version 1.4 replaces version 1.3d and previous versions. Changes for 1.4 have added significant new function. New features include ability to use a keyfile either instead of or in addition to a passphrase, the /ADD function and the option to specify a drive letter, which is remembered, when specifying manual partition parameters to LOGIN. /ADD allows you to LOGIN multiple hard disk partitions (with the same key) at the same time. The subroutine which "finds" a physical hard disk partition based on the DOS drive letter has been improved, so hopefully situations where manual partition parameters must be used will be rare. Releases 1.3, 1.3a, 1.3d and 1.4 of Secure Drive are based on releases 1.0 and 1.1, mostly written by Mike Ingle and version 1.2, with significant new code by myself. The code which we wrote is not copyrighted, but the program contains GNU Copylefted code, and therefore may be freely distributed under the terms of the GNU General Public Licence. See file COPYING for legalese. SecureDrive provides strong encryption via the IDEA cypher (The same symmetrical cypher used by PGP) for your files on diskettes or up to four hard disk partitions. You encrypt your diskettes and/or HD partitions with CRYPTDSK. Then you can access the data by using LOGIN and SECTSR. This provides "on-the-fly" decryption (and re-encryption) as disk sectors are accessed by your applications. Entering LOGIN /C or powering off your PC clears the crypto keys from memory and your encrypted disks are "instantly" secure. Mike Ingle and I have different opinions on the distribution of SecureDrive. Under the GNU General License (copyleft) I do not need Mike's permission to distribute version 1.4 and I have not asked for same. My policy on distribution is in the version 1.4 doc: Exporting this program. Cryptography is export controlled, and sending this program outside the country may be illegal. Don't do it. The "author" of versions 1.2 and 1.3, Edgar Swank, says that the export ban should not prevent you from placing this program on public BBS's and anonymous FTP sites in the US and Canada. If individuals outside the US/Canada use the internet or international long distance to obtain copies of the program, THEY may be breaking US law. Any such foreign individuals should be aware that US law enforcement may legally (under US law) apprehend individuals who break US laws even if such individuals are not on or even have never been on US soil. Such apprehension may remove such individuals directly to US jurisdiction without benefit of extradition proceedings in such individuals' home country(ies). SecureDrive Version 1.4 is already available for download on the following public BBS's as SECDR14.ZIP: Flying Dutchman (408)294-3065 Colorado Catacombs BBS, 303-772-1773 (up to 28,800 bps, log in with your own name, answer the questions, and download SECDR14.ZIP). ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/disk/secdr14.zip see ftp://ftp.csn.net/mpj/README for the ??????? ftp://miyako.dorm.duke.edu/mpj/crypto/disk/secdr14.zip See ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS for access instructions. Here is the contents of SECDR14.ZIP Length Method Size Ratio Date Time CRC-32 Attr Name ------ ------ ----- ----- ---- ---- -------- ---- ---- 18321 DeflatX 6914 63% 06-14-93 22:27 0767480b --w- COPYING 2022 DeflatX 789 61% 08-06-95 00:00 dd3e9e64 --w- COPYSECT.C 12542 DeflatX 7670 39% 08-06-95 00:00 c089888f --w- COPYSECT.EXE 152 Stored 152 0% 08-06-95 00:00 17b02bc2 --w- COPYSECT.SIG 19664 DeflatX 4183 79% 11-19-93 21:42 22c2502c --w- CRYPT2.ASM 19622 DeflatX 4594 77% 08-06-95 00:00 14940d0b --w- CRYPTDSK.C 41834 DeflatX 19854 53% 08-06-95 00:00 2e5664b8 --w- CRYPTDSK.EXE 152 Stored 152 0% 08-06-95 00:00 484719f3 --w- CRYPTDSK.SIG 4353 DeflatX 1724 61% 08-06-95 00:00 b4e99e6a --w- FPART.C 15450 DeflatX 9790 37% 08-06-95 00:00 44c4a0e7 --w- FPART.EXE 152 Stored 152 0% 08-06-95 00:00 0b345a16 --w- FPART.SIG 2998 DeflatX 2113 30% 04-22-95 13:23 1a54cbe5 --w- KEY.ASC 18447 DeflatX 4526 76% 08-06-95 00:00 d9f91a8e --w- LOGIN.C 43476 DeflatX 20274 54% 08-06-95 00:00 39b32d3d --w- LOGIN.EXE 152 Stored 152 0% 08-06-95 00:00 cb182e12 --w- LOGIN.SIG 1554 DeflatX 568 64% 08-06-95 00:00 3589f489 --w- MAKEFILE 11557 DeflatX 3277 72% 05-09-93 19:38 e71f3eea --w- MD5.C 3407 DeflatX 1097 68% 05-11-93 12:49 f1f58517 --w- MD5.H 1355 DeflatX 629 54% 01-21-94 08:44 db63ade4 --w- RLDBIOS.ASM 14757 DeflatX 4050 73% 08-06-95 00:00 2142bf7c --w- SDCOMMON.C 52175 DeflatX 18701 65% 08-06-95 00:00 da0e2c45 --w- SECDRV.DOC 3656 DeflatX 1094 71% 08-06-95 00:00 6ed75bcc --w- SECDRV.H 32595 DeflatX 8860 73% 08-06-95 00:00 1c7d2225 --w- SECTSR.ASM 2000 DeflatX 1326 34% 08-06-95 00:00 ba1568d1 --w- SECTSR.COM 152 Stored 152 0% 08-06-95 00:00 3817512c --w- SECTSR.SIG 11519 DeflatX 2801 76% 08-06-95 00:00 060d33e8 --w- SETENV.ASM 1254 DeflatX 541 57% 05-09-93 19:39 182978aa --w- USUALS.H 276 DeflatX 248 11% 08-06-95 00:00 20880832 --w- FILE_ID.DIZ ------ ------ --- ------- 335594 126383 63% 28 Also note that the ZIP file contains PGP detached signatures (*.SIG) for the executable files. Finally here is my public key, also available on many public keyservers; note who has signed it. (HighNRG is only address currently valid) Type bits/keyID Date User ID pub 1024/DA87C0C7 1992/10/17 Edgar W. Swank Edgar Swank Edgar W. Swank Edgar W. Swank - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAirfypkAAAEEAKe2jziPeFw6hY19clR2GtQ4gtGCSSVOTgPKEJzHfuC74Scf 9PEuu1kebLhHk43A9wo1vr52o4jpH/P/tnFmRtBQOMzLUzAt5rMucswtSVviMQS2 hBuc9yGJKWHVcyfA79EARKEYTdhx+2qKI+hFJcPE+rmD8wVoF94nNf3ah8DHAAUR tClFZGdhciBXLiBTd2FuayAgIDxlZGdhckBIaWdoTlJHLnNiYXkub3JnPokAlQMF EC+W0kveJzX92ofAxwEB1rsEAIsfe/gJas0E9Ky+oA6I13Z4sjuECt+B9ouHFQ5m hvS5pVXCl4FM5ymMS9BaASK4nh1NK89bTtP0syGQId6G9K4YYphhuhNmIuoi6YCF G9DZo1ZseDMMcBwKMN1IMK06YhBFZXaaZGnAD9q+8IEwphqUCKQhZ+kz9np1DXI+ WleBtClFZGdhciBTd2FuayAgIDxlZGdhckBHYXJnLkNhbXBiZWxsLkNBLlVTPokA lQMFEC+SO/jeJzX92ofAxwEBCcwD/05FhVGTxYOsRjXjuEEWtndNhgX1fCpEKrtH 2kj7vnNLjZHYKqgFJhKKuu4T0RxYHweoM5zwMD0TaUlMZeeUHJTrCnS6MACf9UMS x5wdcNqptGL/LsErJudGXfEfiCtSyMtWchAuKHgE0Gxgac1yjx6LwB6RR32Mo39u V1rO3ncLtCdFZGdhciBXLiBTd2FuayA8ZWRnYXJAc3BlY3RyeC5zYmF5Lm9yZz6J AJUDBRAvTcc16RnkL8BZX5EBAc3hA/sH117w/Wk0k4dJf0QiaBpg1s1aoipl1Qg8 bmOEuKuv7jfsxHIU1b5Lge2nA1tYgWuLOe8riNwJ5fFOgiBOx8ZfZWMpsZzzdEsp 3XZ+6zjIe0Yx+vHcwDNrLANHrhO50tL9vnU3Vn3iszpwGEWH/F4Jccv/JuD9pHIp lRGrTOHkDokAlQMFEC7KUw2GKKqoYRMKGwEBG7kEANXdWUGwnnEtW7mLd02nYozA 759qDHaVx3QtM5YYB8bDV7iZh7F+/XYnoPj9hzF4Ha0nLcISPXDHBHhtq7CscYJn 8DetJ71CMAe8Zd/+W/vOqCmUqORaMU/L1tqnvpOWUNnswOkzROzOmNpw+Kq4L+oq BFuqJPDXQYYEFKOsvB9LiQCVAgUQLiSVP18k3sEYI56RAQG5TgQAnw9Wtc+GdGSc Z48hvMWZABnUiAXThw+Tq79HdPu+IySNi7aRfkSeppn9QD6v2OS8ELatgkTSuGt4 CpME6hLHB46fTiTdoXMdw+z092mOuqVF2qVKtswnFar5Fy4j0XK/4lEx2d2/1Ipa TQ+sbicGH9CqCoWOKAy1j2Ly9Jf7ZgeJAJUCBRAt1dNBocE4X0qvAOUBAQdhA/kB 2vTXCIjZGtOw/bC6gOTHnMPBVTQeXHIZ3BZ4xYRdMfdKsxN3gTezOI8QixQoHzhv NGB02fB5EdB8+Ulw9kn08AR2b+mTwkgeNtlytvNZ52E7UpWEVtznxlGeiwRMbOFI aGKJFsGXFSRw3F89ZqoUnoeRvRgL0kJIQOZCLF62ZYkAlAIFEC2o/S8YM6FlCLcH xQEBHcsD9i0o2d7Q2rsG/iRRwapxGKQbHPxgQXCB6MLVNDEa3c/png8r2PA9cOeR cwx2xY/XxNuZo7lHXNp/j5xwYhooq+yTBJIL8DZqW99QT8+c05vw7M1UCEpy7NT1 exkMzoVR/Y3jKbIa4X1tX1ZrdmoozxW0T3DwCcCZ7dR26eZXlx2JAJUCBRAtmw+u NlaXxjLdmNkBAULKA/4wqdMn2GCApAq+5kJT+iJmLvVeNZj0JVjWspGDcd+1cjCK 9XWVTATVtRAfWbDukoJ2wNzNuz7gbqVHHcrV7nvcQt3KUsxWRyahREklc75PtXBm 0PKpr5TNTM2J/Kql28GXQQyL+PHawTDQVE8ybCPj+WUgK5qd1o/2QPxnb4EAmYkA lQIFEC2bGrAPRy9bNNdNwQEBhLAD/3vWoDu4msz4YA8BcnfuovI0ApDL5ekSu447 ByXgIcqNRe4oDtGdvrqXvJhpyuj5t7vVDGtzgQE0jU8H6u+Ocpj1nBlOXL36DASS aJuLErByNCzqTaGVya5WGxmK2m+pKS6UVIXitF2tGxrKu+Pdp3rkv3oPHTWVgFT5 eGRvfJIKtClFZGdhciBXLiBTd2FuayA8ZWRnYXJAc3BlY3RyeC5zYWlnb24uY29t PokAlQIFECsRFxzidd4O/2f3CwEBsmID/2qXL/VdjGxxYFNIZdA+DC6howUXlHw6 6MUArILE2/9J69VvcpbQTKmD4A+04SwH9q8SDzWxsg+1VANuy08EE0up9pm7ZBzr xkFcOydhsEwOt9fRn9EJ3tDNYe1SVoxV9Fc47of55Om7cTNrky0hdp1LA13uf/Te V3nrBYa21zaz =LWNj - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMD9Snt4nNf3ah8DHAQFVOAP5AQPD3TESTabv35I7yBtmMFYS5VDoQB5M 7Lxz3YbDDLr15vCzKcCe58KbCit+XqL11YjQcWXFjlYY83ouIxwIWRb0AEOQq2NC MRxIC61DGLcb2ry0UCKhD5Szj9QCJE/sF3Zx9EiuKDYu0Xbx8zKv4zTpdyO1CMQS sw/NA3PbzX8= =jv0o -----END PGP SIGNATURE----- --- edgar at HighNRG.sbay.org Keep Freestyle Alive! From Piete.Brooks at cl.cam.ac.uk Mon Aug 28 00:42:35 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Mon, 28 Aug 95 00:42:35 PDT Subject: SSl challenge - it was fun! In-Reply-To: <199508280134.AA19987@junkers.lochard.com.au> Message-ID: <"swan.cl.cam.:288030:950828074205"@cl.cam.ac.uk> >> One problem with being in Australia was that I was asleep when >> new software updates were announced and tended to get them later >> than everyone else, and because of this an auto-update would >> be particularly useful to me if we do this again. > I would be extremely wary of this as accepting code written by someone else to > automatically run on your machine is bad. Indeed ! This is why brclient and brloop are two separate programs .. (those who don't care about security can run "brclient -Ubrutessl -tssl | sh" (for a demo, type "brclient -Ubrutessl -tsslck") BUT it means that the SKSP server could run any command on your system! ) Users should read brclient (and make me blush !) to show that there are no trapdoors. Then they should read brloop and convince themselves that whatever data is returned by brclient, no rogue command will be run. (this is why brloop is written in sh rather than perl -- I assume more people read sh than perl ... ) Note that brclient and brloop do not do any file I/O (so can be chroot'ed, etc) and apart from "pretties" (such as calling hostname / uname -n to generate an ID) brclient doesn't exec any other commands, so all you need provide are those used by brloop (I think sed and head). If anyone cares to build a "cell" in which to run it, please let me know. However, I fear that it might be somewhat machine specific. One problem is that the more recent brloop starts by asking "which servers shoudl I use" unless they are explicitly set -- this means that you either need to wire down the host to call (e.g. a local SKSP "local CPU farm" server), or allow it to make an outgoing call to *ANY* host on port 19957 (well, you might care to disable access to your local network, 127.* etc). > If they do not have the expertise, they will hear of it soon enough when > others scan the offered code. I've been waiting, but not heard any yet :-)) After my experiences of a handfull of old clients killing the server for everyone, I plan to circumvent the problem by causing rogue brloop's to exit. Sure -- auto update would be nice, but until the padded cell above is implemented From root at wero Mon Aug 28 00:56:05 1995 From: root at wero (root) Date: Mon, 28 Aug 95 00:56:05 PDT Subject: DNS key distribution/keyservers Message-ID: <199508280757.BAA00876@wero> -----BEGIN PGP SIGNED MESSAGE----- A while ago, Peter Trei said: >Don Eastlake has actually done a draft RFC on >using the DNS for key distribution. > >It may be found at > >ftp://ietf.cnri.reston.va.us/internet-drafts/draft-ietf-dnssec-secext-04.txt [snip] I'm sure everyone agrees that a 5 meg keyfile is a bit big, but has anyone considered working on the QUALITY of the keyfile instead of making it easier to retrive QUANTITIES of keys.. Ie: What about creating one big web of trust out of current keys. Or maybe allowing keys only if they have some connection to some other key previously submitted, or simultaneously submitted. Currently, having one big keyfile creates the impression that keys distributed over a keyserver are more valid. In a sense they are, but only because someone who's being spoofed could learn of the key that is supposedly theirs. However, there's really no reason to trust a key as anything but a nym unless it's signed by someone in _your_ web of trust. I believe that modifying keyservers to accept only keys that are linked to currently known keys would encourage everyone to become part of that web of trust. After all, the public key of a nym can be obtained from the nym themself. Anybody have any thoughts on this? Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMEF2psLa+QKZS485AQHo/QL9GIEsboNghINgrzE5mnW/2d9i/sn4tgzw 5Ne9zerIdT0QcUWOI/ETw4pYMf8CBPD7iSU1oHxv+qoa/vgxGJCPW9fKYKPURYzE Aev2zw5Js4BnQqYKhhvPpnEEsGqnuuAd =0h+o -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From don at cs.byu.edu Mon Aug 28 01:15:18 1995 From: don at cs.byu.edu (Donald M. Kitchen) Date: Mon, 28 Aug 95 01:15:18 PDT Subject: oops, re last message Message-ID: <199508280814.CAA08632@bert.cs.byu.edu> Sorry to add another msg to the clutter, but please send responses to the previous message (DNS keyserver) to me at don at cs.byu.edu and NOT at root at _any_ system. Don From Piete.Brooks at cl.cam.ac.uk Mon Aug 28 02:40:29 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Mon, 28 Aug 95 02:40:29 PDT Subject: Server congestion In-Reply-To: <199508280041.RAA22255@Csli.Stanford.EDU> Message-ID: <"swan.cl.cam.:027060:950828094002"@cl.cam.ac.uk> > I talked about acks of acks in a previous message, and I guess is was > somewhat vague there. ... and maybe based on a false premis ? > What happened, according to my uninformed view, during the SSL2 > challenge was that the server got congested, and had problems with > both answering to key allocation requests and ack replies. Correct. > I guess that the load of the machine was so high that it lost packets in the > input queues. NO. The load was very *LOW*. The problem was that the single threaded server was spending most of its time talking to clients which failed to complete their interactions, and timed out. The earlier client "ACK" code didn't hang around long enough, and gave up. Later code kept trying .... > Client -----> UDP/Key allocation req ----> Nope -- basic fault here !! TCP not UDP !! > One problem was that the client believed that the ACK had arrived > at the server if it had sent it off, not counting with the possibility > of the ACK being lost on the way. Not the case. It uses a reliable bytestream, and the client does not consider a keyspace ACKed until it get back the "OK" response from the server. This makes it "at least once", but that isn't a problem. > I instead propose that the Server sends a acknowledgement > back to the client once it has received an ACK from a client. It does, in the reliable bytestream ... > The client has to handle the case that either the Ack or the > Server-ack is lost. As above -- "at least once" -- it just retries. > I propose it doesn't retransmit immediately, > but rather waits until next time it has to ack something, and > piggybacks the old ack onto the new one. brclient waits a bit and tries again, before asking for the next. > If the client is unable to retrieve a block from the server, I suggest > it just picks a random block and starts working on it. I may very > well not be allocated to someone else, and then the client was able > to do something good in the meantime even though it didn't get a > proper key alloc. Nah. From mark at lochard.com.au Mon Aug 28 05:02:11 1995 From: mark at lochard.com.au (Mark) Date: Mon, 28 Aug 95 05:02:11 PDT Subject: (Fwd) Re: Law enforcement and PGP ban in Australia Message-ID: <199508280756.AA24358@junkers.lochard.com.au> >X-News: uqvax aus.net.policy:286 >From: Peter Merel >Subject:Open Letter from Steve Orlowski >Date: 18 Aug 95 06:52:32 GMT > >I've received something that purports to be an open letter from Steve >Orlowski. Be warned that the letter has no digital authentication with it, >so it may have been forged. However it reads like the real magilla, so I'll >post it here in the hope that it might inform debate a little. > > >--------------------- cut here ---------------------------- > > >Dear > >Thank you for your comments on the subject of the use of encryption by private >individuals. > >Firstly I would like to make the point that the debate has arisen from one >person's interpretation of a paper I gave at a conference on "Cryptography >Policies and Algorithms" The full text of that paper is now available on the >net at > > http://commerce.anu.edu.au/comm/staff/RogerC/RogersHome.html > >The paper carries a disclaimer at the top that the views are mine and do not >necessarily represent the views of the Australian Government. The paper sets >out the Government's policy on telecommunications interception, which includes >the issue of the use of cryptography as: > >"As a result of the Report, Australia is, among other TI issues, monitoring the >impact of encryption in the telecommunications interception area and will >re-examine matters in 1997 following the opening of the telecommunications area >to full competition." > >Telecommunications covers both voice and data communications. > >The last paragraph of the paper says that there is a need to expand the >cryptography debate to cover the needs of individual users in the context of >the information superhighway rather than current Internet users. The paper >also points out that issues such as cost, convenience and public confidence in >cryptography systems will be the main issues. Public confidence is explained >in terms that as long as it meets the general requirement for privacy it will >be acceptable. I still maintain that the general user of the superhighway in >the next century will be satisfied with a lower level of encryption which will >meet that and cost and user friendliness requirements. > >On specific point made in the Internet message, the paper does not suggest, >either directly or by implication, that individuals should be banned from using >encryption. > >Regarding the use of higher level encryption, the paper supports the concept of >commercial key escrow where organisations hold their own keys but may be >required to provide them in response to a court order. the same would apply to >individuals who could either hold there own keys or store them with a >commercial body. Access to those keys would be by court order and in that >respect is no different to existing procedures for the interception or seizure >of telephone conversations or paper records. There is no suggestion that these >basic principles, and protection of individual's rights in general, should be >changed > >If individuals were to use lower level encryption there would be no need for >them to maintain copies of any keys for such systems. To my mind this is >preferable to a requirement for keys to be maintained for all encryption >systems, which could be the result if universal key escrow were introduced. > >Finally on the question of interception, the general public expects a >reasonable level of law enforcement to ensure the protection of their person >and property. Governments are required to find a balance between this and the >rights of individuals to privacy. Part of this balance is to ensure that law >enforcement authorities convince a court that there is a need to carry out an >interception. There is no suggestion that this fundamental approach should be >changed. The paper certainly does not suggest that the Attorney-General's >Department should become a centralised interception authority. In fact such a >role would not be consistent with its role as a source of advice to Government. > >I hope the above clarifies both the Government's policy and my personal views >on these matters. > >I consider this to be an open letter and have no objection to it being used as >such. > >Yours sincerely >Steve Orlowski From mark at lochard.com.au Mon Aug 28 05:02:35 1995 From: mark at lochard.com.au (Mark) Date: Mon, 28 Aug 95 05:02:35 PDT Subject: Auto-update (was: Re: SSl challenge - it was fun!) In-Reply-To: <199508280649.QAA12896@sweeney.cs.monash.edu.au> Message-ID: <199508280818.AA67660@junkers.lochard.com.au> >...[asking for an auto-update]... >> I would be extremely wary of this as accepting code written by someone else >>to automatically run on your machine is bad. >... > >Why? > >I wouldn't say "bad". > >I'd say "you need to know what you are doing". > >... >> If they do >> not have the expertise, they will hear of it soon enough when others scan the >> offered code. >... > >Perhaps there should be a mechanism whereby code offered would be >signed by various parites. When sufficient signatures have collected, >auto-update can proceed. > > >Yes, no, maybe? No. Bypassing anecdotes about personal experiences with some .au cpunks, why should I trust *anyone* to certify that code is auto runnable on my machine? In secure or commercial networks, the onus is on making sure holes are not opened up in the defences. To me, having all these crypto links, digital envelopes, crypto filesystems, etc all mean zero if you start offering to run code blindly from anyone. Next. Mark mark at lochard.com.au The above opinions are rumoured to be mine. From jpb at shadow.net Mon Aug 28 05:52:28 1995 From: jpb at shadow.net (Joe Block) Date: Mon, 28 Aug 95 05:52:28 PDT Subject: Florida Drivers Permits Message-ID: >Better would be to figure out the encoding scheme and post it here. I like this, myself. It'd be nice to be able to have the picture of my choosing instead of a digitized thumbprint... From jya at pipeline.com Mon Aug 28 05:59:31 1995 From: jya at pipeline.com (John Young) Date: Mon, 28 Aug 95 05:59:31 PDT Subject: JOB_les Message-ID: <199508281259.IAA13107@pipe2.nyc.pipeline.com> 8-28-95. NYPaper, Page One lead: "Skilled Workers Watch Their Jobs Migrate Overseas. College Educated Foreigners Are Doing High-Technology Tasks for Far Less Pay." The new tools of the information age were supposed to help the United States regain an edge in international competition. And while that has happened in many advanced-technology industries, the combination of powerful personal computers and high-capacity undersea telephone cables is also subjecting millions of white-collar Americans to the same global wage pressures that their blue-collar counterparts have long faced. As with steel and garment workers, the white-collar workers' positions and salaries increasingly depend on whether they can justify their higher pay with higher productivity. Many fear that the growing tendency of corporations to farm out tasks to developing countries is widening the gap even further between the rich and everybody else in American society by eliminating some categories of high-skill, high-wage jobs that make up the heart of the middle class. "Dissecting the information revolution (in advance): With a look at one of Newt's Laws and at 'friction-free capitalism.' " [Expands on last week's Aspen article] The Aspen conference provided some people with their first exposure to Newtonion economics -- which appears to be the information-age equivalent of Ronald Reagan's trickle-down economics. It is called "friction-free capitalism." Nathan Myhrvold noted that one can now order custom-fit blue jeans directly from the manufacturer. Double trouble: JOB_les (17kb) From Damien.Doligez at inria.fr Mon Aug 28 06:11:46 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Mon, 28 Aug 95 06:11:46 PDT Subject: SSL trouble Message-ID: <9508281310.AA21354@couchey.inria.fr> >From: Piete Brooks >We were using ALPHA code when we started .... I didn't realise that. >(4) is still applicable isn't it ? >What tells people to stop, or do they go on for ever ? A message in a newsgroup, a mailing list, or a web page. Even if you can mount a denial-of-service against this, it will only make people continue the search uselessly. It won't prevent you from finding the key. >>The main drawback of the random search is that the expected running "time" >where "expected" is some loose average ..... Nope. It's what I get when I do the math (basic probability theory) to find the expected running time. But I could be wrong. I'll try to write it in TeX and put it on my web page. >>I suspect that sequential searching from a random starting point would be >>much worse in the case of many independent searchers. >Convince me (please) .... That would be hard because I've been thinking about it, and I'm less and less convinced myself. >> In conclusion, I think random searching is the way to go. >It has its advantages -- yes. Did you use it for Hal1 ? :-)) No, but I had few machines and fast connections (and even then, I did have some network problems). But if you think sequential searching can work, let's do it. I don't think we have to worry about deliberate attacks for the moment, and the factor of two is significant. My previous message was based on the assumption that it would be hard to get rid of the server overload. Maybe we should use random searching as a fallback mode in case of network problems. It cannot hurt, except that it makes the programs more complex. -- Damien From raph at CS.Berkeley.EDU Mon Aug 28 06:50:49 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 28 Aug 95 06:50:49 PDT Subject: List of reliable remailers Message-ID: <199508281350.GAA20804@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all at chaos.taylored.com This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"vox"} = " cpunk pgp. post"; $remailer{"avox"} = " cpunk pgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp. hash"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub reord"; $remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post ek reord"; $remailer{"rahul"} = " cpunk pgp hash filter"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"syrinx"} = " cpunk pgp reord mix post"; $remailer{"ford"} = " cpunk pgp"; $remailer{"hroller"} = " cpunk pgp hash mix cut ek"; $remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"crown"} = " cpunk pgp hash latent cut mix ek reord"; $remailer{"robo"} = " cpunk hash mix"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"spook"} = " cpunk mix pgp hash latent cut ek reord"; $remailer{"rmadillo"} = " mix cpunk pgp hash latent cut"; $remailer{"ursula"} = " cpunk"; $remailer{"ncognito"} = " cpunk"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. 21 Apr 1995: The new version of premail (0.33) is out, with direct posting, perl5 and better MH support, and numerous bug fixes. Last ping: Mon 28 Aug 95 6:00:57 PDT remailer email address history latency uptime ----------------------------------------------------------------------- portal hfinney at shell.portal.com *##*#*****+* 9:28 99.99% alumni hal at alumni.caltech.edu **********+* 11:12 99.99% hacktic remailer at utopia.hacktic.nl **+********* 11:54 99.99% spook remailer at spook.alias.net -+------+-- 2:28:52 99.99% hroller hroller at c2.org *##*-+*--*** 31:39 99.98% c2 remail at c2.org ++++-++--+++ 1:31:06 99.98% mix mixmaster at remail.obscura.com --..---.---- 6:57:01 99.98% crown mixmaster at kether.alias.net ------.--- 2:55:00 99.99% syrinx syrinx at c2.org ----------- 2:13:52 99.98% flame remailer at flame.alias.net ++++++++++++ 51:11 99.96% ideath remailer at ideath.goldenbear.com --.-.------ 4:57:42 99.95% bsu-cs nowhere at bsu-cs.bsu.edu -##+*+****++ 52:12 99.84% vishnu mixmaster at vishnu.alias.net ----------- 3:15:22 99.82% rmadillo remailer at armadillo.com +++++++++++* 1:34:11 99.67% vox remail at vox.xs4all.nl ---.-----. 17:32:05 99.99% ncognito ncognito at gate.net #+** 3:44 99.46% replay remailer at replay.com **+****_**** 44:17 99.34% penet anon at anon.penet.fi - -++-----++ 3:58:07 98.44% ursula ursula at cyberspace.org # * 3:37 97.42% rahul homer at rahul.net *#*++******* 5:12 99.99% extropia remail at extropia.wimsey.com ._.-__..-.. 20:21:39 89.74% ford remailer at bi-node.zerberus.de ****# **** 7:36 87.14% robo robo at c2.org -*** 55:42 55.73% rebma remailer at rebma.mn.org 9:53:43 1.99% For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From ab411 at detroit.freenet.org Mon Aug 28 07:11:03 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Mon, 28 Aug 95 07:11:03 PDT Subject: Pre-allocating key segments Message-ID: <199508281410.KAA16345@detroit.freenet.org> -----BEGIN PGP SIGNED MESSAGE----- Christian Wettergren writes: >If the client is unable to retrieve a block from the server, I suggest >it just picks a random block and starts working on it. I may very >well not be allocated to someone else, and then the client was able >to do something good in the meantime even though it didn't get a >proper key alloc. Not only that, but the client ought to allocate some keyspace before it needs it, as I think one other cpunk suggested. For instance, if it has four segments allocated and it's done three of them, it should fork a process to begin requesting four more segments *while* it is scanning the last segment, rather than waiting until after it is done and leaving the machine idle until it can alloc more keys. David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCUAwUBMEHCiREcrOJethBVAQHqfwP4xfVbdkyR19WA5k4oC0GjW80s3nNrLkXZ mYspBE8e01waJ+6NYkeyvE4lPzW4OwkKTAtZV64GWovpjsyYh4bb7/mkpkdOktAZ J9DkHXouQ5M23FImbIcfkVUqQdR5tmSdHQqOpUNYPVqT3JZR6IC9vzwYoqcnQWyY WIIGs8DTUA== =9Y8g -----END PGP SIGNATURE----- -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From lwp at mail.msen.com Mon Aug 28 08:27:08 1995 From: lwp at mail.msen.com (Lou Poppler) Date: Mon, 28 Aug 95 08:27:08 PDT Subject: Turing test novel: "Galatea 2.2" Message-ID: Reviewed in The New Yorker (August 21&28 issue) is the novel "Galatea 2.2" by Richard Powers, wherein a neural net is nurtured by an English Literature professor "to counterfeit human responses to the Master's Comprehensive Exam, which calls for the interpretation of set texts". The review makes me want to read this book. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Lou Poppler | Doom an evil deed, :: :: http://www.msen.com/~lwp/ | liven a mood. :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: From sunder at escape.com Mon Aug 28 08:30:39 1995 From: sunder at escape.com (Ray Arachelian) Date: Mon, 28 Aug 95 08:30:39 PDT Subject: Bet e$ on how long it will take for PGPFone to make it overseas! In-Reply-To: <199508140120.VAA24979@bb.hks.net> Message-ID: $50 for 24 hours? That's a bit too conservative. I'd say within the first 3 hours or less, and you can bet, non-final versions too will make their way before that time. :-) =================================================================93======= + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| /|\ | Just Say | |----\ /---- | + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | =======/---------------------------------------------------------VI------/ / I watched and weeped as the Exon bill passed, knowing that yet / / another freedom vanished before my eyes. How soon before we see/ /a full scale dictatorship in the name of decency? While the rest / /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ From andrew_loewenstern at il.us.swissbank.com Mon Aug 28 08:38:45 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Mon, 28 Aug 95 08:38:45 PDT Subject: random coincidences Message-ID: <9508281537.AA00466@ch1d157nwk> Scott Brickner writes: > If NetScape uses such a PRNG to select 40bit keys for SSL, then > the work to be done in brute-force search going on right now might > be *significantly* reduced by knowing the planes on which the > numbers lie. If the constants are particularly poor, there might > be as little as ten or twelve bits of real key. So who here knows 80x86 assembler, is handy with a debugger, and has a few hours of spare time to figure out the PRNG? andrew From carolab at censored.org Mon Aug 28 09:07:01 1995 From: carolab at censored.org (Censored Girls Anonymous) Date: Mon, 28 Aug 95 09:07:01 PDT Subject: Bet e$ on how long it will take for PGPFone to make it overseas! In-Reply-To: Message-ID: I thought I saw a version over at ftp.hacktic.nl already. I tawt I taw a puddy tat. I did, I did taw a puddy tat! And it's been in the incoming directory for all weekend too! On Mon, 28 Aug 1995, Ray Arachelian wrote: > $50 for 24 hours? That's a bit too conservative. I'd say within the > first 3 hours or less, and you can bet, non-final versions too will make > their way before that time. :-) > > =================================================================93======= > + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | \-_ _-/ | > \|/ |sunder at escape.com| Where day by day, yet another | \ -- / | > <--+-->| | Constitutional right vanishes. |6 _\- -/_ 6| > /|\ | Just Say | |----\ /---- | > + v + | "No" to the NSA!| Jail the censor, not the author!| \/ | > =======/---------------------------------------------------------VI------/ > / I watched and weeped as the Exon bill passed, knowing that yet / > / another freedom vanished before my eyes. How soon before we see/ > /a full scale dictatorship in the name of decency? While the rest / > /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/ > Member Internet Society - Certified BETSI Programmer - WWW Page Creation ------------------------------------------------------------------------- Carol Anne Braddock <--now running linux 1.0.9 for your pleasure carolann at censored.org __ __ ____ ___ ___ ____ carolab at primenet.com /__)/__) / / / / /_ /\ / /_ / carolb at spring.com / / \ / / / / /__ / \/ /___ / ------------------------------------------------------------------------- A great place to start My Cyber Doc... From perry at piermont.com Mon Aug 28 09:14:42 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 28 Aug 95 09:14:42 PDT Subject: Turing test novel: "Galatea 2.2" In-Reply-To: Message-ID: <199508281614.MAA22790@frankenstein.piermont.com> Sounds interesting, but this is material for an AI list, not a list that discusses cryptography. Lou Poppler writes: > Reviewed in The New Yorker (August 21&28 issue) is the novel > "Galatea 2.2" by Richard Powers, wherein a neural net is nurtured > by an English Literature professor "to counterfeit human responses > to the Master's Comprehensive Exam, which calls for the interpretation > of set texts". The review makes me want to read this book. From andrew_loewenstern at il.us.swissbank.com Mon Aug 28 09:24:04 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Mon, 28 Aug 95 09:24:04 PDT Subject: SSL trouble Message-ID: <9508281622.AA00486@ch1d157nwk> Piete Brooks writes: > Let's not get implementations confused with algorithms ... We were > using ALPHA code when we started .... Pardon me here, as I don't mean to belittle your considerable efforts, but I think it was a mistake to make such loud announcements (posted to sci.crypt for instance) when the software was alpha! The software should have been tested and stable before the general public was invited to participate and "see how fast we can break SSL" As expected, lots of people tried to participate and the software just couldn't handle it. How many patched versions of the client software were distributed after the effort had started? If you want to do it as fast as possible, you can't be constantly updating your client software. > With BETA clients, a hierarchy and select/poll loops, I reckon a > server would stand a chance. I think protocol issues are a Red Herring. If your server had been able to handle more than one client at a time it would have stood a chance. Why didn't it fork? Sure, forking isn't the most efficient way to handle multiple clients, but HTTP servers (as well as SMTP and FTP) manage to handle hundreds of thousands of requests each day that way. One client at a time with a 30-second timeout was just plain dumb... I would recommend thorough testing of the software on many platforms and with realistic loads before the next public effort (there are plenty of willing testers on the cypherpunks list). I tried to join in the effort and after discovering that the client software was firing off multiple brutessl processes, I decided to wait until the client stabilized. I attempted to reject the keyspace I allocated through the WWW interface, but that didn't even work!! andrew From patrick at Verity.COM Mon Aug 28 09:39:06 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Mon, 28 Aug 95 09:39:06 PDT Subject: SSL trouble Message-ID: <9508281635.AA19987@cantina.verity.com> I did a distributed scheme for something else that had two levels, a master and a group of slaves. Only the slaves talked to the master. For this effort I think a variation of the idea would be better. Have all of the brutes contact the master, who will, in the first transaction assign them to the next slave in a round-robin fashion. Then all of the transactions from that point would take place between the brute and the slave:) (Sounds kind of like Conan or the Princess Bride.) The slaves would each be delegated large chunks of the keyspace, but not keyspace/numslaves. Maybe 1/16th or something like that, and could ask for more when their space was depleted. Periodically, perhaps when requesting more key space, and/or when a timer pops, the slaves could report results. What I mean is that every so often they'd report even if they didn't need more keyspace yet, iff they had any new stats to report. The nice thing here is that the work of the master and of the slaves is almost the same. The slaves don't have to do the initial assignment of slave, and the master doesn't have to report results, but everything else is the same. With careful design you could use the same daemon for both with a command line argument to tell it if it was the master (-m) or the slave (-s). Of course I'm sure you see that this allows you to add as many levels as you want to the hierarchy. A slave doesn't care whether a slave or a brute talks to it. The only thing that changes with the levels is the max size of an allocated chunk. For each daemon it would be nice to have the minimum, maximum and default chunk size configurable. The master might have all three the same, since it would be expected to talk only to slaves. That doesn't mean you couldn't get more than, (for example), 16th of the keyspace to work on. It just means that you'd have to make more than one request. You could make the slave software available as well, and a site with many machines could have only the slave contact the master to get assigned a slave to talk to, and could configure all of their brutes to talk to their own slave. Software like this is easy to write, (and fun), and we should go for it:) Of course I do everything like this in C++, but I suppose perl would be the most portable. It's a shame it's so aethestically displeasing to the eye. perl's never a pleasant read. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From cwe at Csli.Stanford.EDU Mon Aug 28 09:46:47 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Mon, 28 Aug 95 09:46:47 PDT Subject: Server congestion In-Reply-To: <"swan.cl.cam.:027060:950828094002"@cl.cam.ac.uk> Message-ID: <199508281645.JAA12868@Csli.Stanford.EDU> | > I talked about acks of acks in a previous message, and I guess is was | > somewhat vague there. | | ... and maybe based on a false premis ? | | > What happened, according to my uninformed view, during the SSL2 | > challenge was that the server got congested, and had problems with | > both answering to key allocation requests and ack replies. | | Correct. | | > I guess that the load of the machine was so high that it lost packets in the | > input queues. | | NO. | | The load was very *LOW*. | The problem was that the single threaded server was spending most of its ti me | talking to clients which failed to complete their interactions, and timed o ut. | The earlier client "ACK" code didn't hang around long enough, and gave up. | Later code kept trying .... | | > Client -----> UDP/Key allocation req ----> | | Nope -- basic fault here !! TCP not UDP !! Ok, I'll be quiet now. It's funny when you think you know what is happening based on an uninformed view, and simply shuts out all the other pieces of info that gets to you. By the way, thanks a lot Piete for the effort you put in! You did excellent, and it was real fun! 32 hours with serious performance problems is simply amazing. /Christian From Piete.Brooks at cl.cam.ac.uk Mon Aug 28 09:55:44 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Mon, 28 Aug 95 09:55:44 PDT Subject: Pre-allocating key segments In-Reply-To: <199508281410.KAA16345@detroit.freenet.org> Message-ID: <"swan.cl.cam.:184040:950828165514"@cl.cam.ac.uk> >> If the client is unable to retrieve a block from the server, I suggest >> it just picks a random block and starts working on it. I may very >> well not be allocated to someone else, and then the client was able >> to do something good in the meantime even though it didn't get a >> proper key alloc. > Not only that, but the client ought to allocate some keyspace before it > needs it, as I think one other cpunk suggested. I'd prefer to keep the number of segments "lost" if a brloop ceases. I have written a "local CPU farm" caching server which runs on a robust machine and grabs chunks from the root server and farms them out to local machines (running as the same "ID"). This logs all the client transactions so that you can work out if any keys were allocated to machines which failed to ask for another segment -- you should assume that that segment was not searched. With the Big Boys using that, and better code, I hope that server congestion will not be a problem. > For instance, if it has > four segments allocated and it's done three of them, it should fork a > process to begin requesting four more segments *while* it is scanning > the last segment, rather than waiting until after it is done and leaving > the machine idle until it can alloc more keys. That means that if it crashes, 8 segments are left unACKed :-( From abostick at netcom.com Mon Aug 28 11:15:51 1995 From: abostick at netcom.com (Alan Bostick) Date: Mon, 28 Aug 95 11:15:51 PDT Subject: R.I.P. John Brunner Message-ID: <8KWGmyczBiiT075yn@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- Science fiction writer John Brunner died last Friday, August 25, from a massive stroke, while attending the World Science Fiction Convention in Glasgow, Scotland. Among several other notable works, Brunner was the author of THE SHOCKWAVE RIDER, a groundbreaking vision of the information age that inspired and forsaw much that was pertinent to the Internet in general and the Cypherpunks in particular. Let us pause a moment to note his passing and honor his life and contributions. Alan Bostick | "Oh. You come to Heaven without a fortune?" Seeking opportunity to | "Yes." develop multimedia content. | "Unfortunate." Finger abostick at netcom.com | Roger Zelazny, LORD OF LIGHT for more info and PGP public key -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBMEIHReVevBgtmhnpAQG3IgL6A17RmOyCP/J4c/Dp5w1Qntv9/Ill90A/ OpulCQlBS4vBE5+yQ6nElJG0//13NNQ8/v73A/7hqeBEBZ6I0PG1rhdI8Iw5pqcd 74w4IYATmJ/YZe+IA/1GmqjwSohXcCbI =Tf1e -----END PGP SIGNATURE----- From Piete.Brooks at cl.cam.ac.uk Mon Aug 28 11:16:33 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Mon, 28 Aug 95 11:16:33 PDT Subject: SSL trouble In-Reply-To: <9508281635.AA19987@cantina.verity.com> Message-ID: <"swan.cl.cam.:216660:950828181616"@cl.cam.ac.uk> > I did a distributed scheme for something else that had two levels, a master > and a group of slaves. Only the slaves talked to the master. For this > effort I think a variation of the idea would be better. Have all of the > brutes contact the master, who will, in the first transaction assign them > to the next slave in a round-robin fashion. Well, imagine my suprise .... [[ reference to ISIRTA ]] One of the things that the latest brloop does is make a call to the master server asking for a list of servers to contact :-)) Note that it is a list, and it tries them in order (all A RRs). > Then all of the transactions from that point would take place between the > brute and the slave:) Currently just all the "allocate" transactions -- I haven't written my ACK reflector yet, so all ACKs go direct th the ACK master. > The slaves would each be delegated large chunks of the keyspace, No -- the slaves will not "be delegated" (as in pre-assigned address space), they will just ask the master for it as they need it. Sure, the'll do it in reasonable sized chunks, but not (2**16)/16 .... > but not keyspace/numslaves. Maybe 1/16th or something like that, and could > ask for more when their space was depleted. Periodically, perhaps when > requesting more key space, and/or when a timer pops, the slaves could report > results. Nah - results still go direct pro tem. > What I mean is that every so often they'd report even if they didn't need > more keyspace yet, iff they had any new stats to report. Sure. > The nice thing here is that the work of the master and of the slaves is > almost the same.i You got it ! > The slaves don't have to do the initial assignment of slave, (slave -> slaves I assume) > and the master doesn't have to report results, but everything else > is the same. Yup -- code sharing ! > With careful design you could use the same daemon for both > with a command line argument to tell it if it was the master (-m) or the > slave (-s). Well, not even that ! The slaves don't have the config file with the key info in it ... > Of course I'm sure you see that this allows you to add as > many levels as you want to the hierarchy. Indeed. BUT .... These cache servers are asking for non trivial amounts of keyspace. As such there should not be *too* many, and then need to be "managed" ... If one crashes, the logs need to be scanned to see how to restart it (so that it starts by doling out the segments that it had no sub-doled to its clients). > A slave doesn't care whether a slave or a brute talks to it. Indeed -- that's how it was designed ... However, note that with big cache servers (as opposed to Local CPU Farm servers where all clients are the same "ID") reports of sub-allocation have to be passed back to the root :-( > You could make the slave software available as well, and a site with many > machines could have only the slave contact the master to get assigned a > slave to talk to, and could configure all of their brutes to talk to > their own slave. Indeed -- the Local CPU Farm cache server is just about ready for ALPHA testers > Software like this is easy to write, (and fun), and we should go for it:) Done ... > Of course I do everything like this in C++, but I suppose perl would be the > most portable. It's a shame it's so aethestically displeasing to the eye. Yeah -- but being based on C, C++ didn't stand much chance ... > perl's never a pleasant read. ... but better than C++ -- sure. PS1: PERL gurus: Anyone know how to test whether there is input waiting on a file handle ? I know about seeing if there is data waiting for the next sysread type read, but not on the next type read. Ideas ? PS2: PERL gurus: I fixed the SGI Challenge problem by HACKing it -- as I thought it was a probleb with stdio in and out on the same socket. The perl mand page warns: If your stdio requires an seek or eof between reads and writes on a particular stream, so does perl. (This doesn't apply to sysread() and syswrite().) so I change the one "print SERVE" line to a "syswrite(SERVE" and that fixed it. However, does anyone know the "correct" way to use stdio for I/O? PS3: I'd like to get the raw date in brloop (a sh script). In perl I'd just use "time", and I can't see a way to get "date +" to yield the raw time. I could use "date=`perl -e 'print time'`" but that seems OTT, and perl may not be on teh users PATH. Any suggestions ? From Damien.Doligez at inria.fr Mon Aug 28 11:45:07 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Mon, 28 Aug 95 11:45:07 PDT Subject: SSL trouble Message-ID: <9508281844.AA22408@couchey.inria.fr> >From: Christian Wettergren >What I wonder is wheter the server congestion really showed that >the protocol is flawed. I never meant to say that the protocol was flawed in any way. I'm sorry if I gave this impression. (I used pretty much the same protocol on Hal1) Since I'm not the one who's writing the code, I will not try to tell you how it should be written, of course. My point was only that the central server approach does not scale. When we reach its limit (and it seems we have not reached it yet), we can use a hierarchical approach, and it is faster than the random one. But the random algorithm does have its strong points and we should not dismiss it out of hand. Maybe I got a little carried away in my advocating of the random algorithm. (another topic:) As for the updates to the client software, let me point out that I did 10 different versions of my own client when working on Hal1. Some machines worked for one week with version 1, while others needed many updates, due to different network and OS conditions. This is the main advantage of a well-defined (and stateless) protocol: it allows the server and clients to be all updated independently while the computation is running. -- Damien From ab411 at detroit.freenet.org Mon Aug 28 11:53:07 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Mon, 28 Aug 95 11:53:07 PDT Subject: SSL trouble Message-ID: <199508281852.OAA22478@detroit.freenet.org> -----BEGIN PGP SIGNED MESSAGE----- Patrick Horgan writes: >I did a distributed scheme for something else that had two levels, a master >and a group of slaves. Only the slaves talked to the master. For this >effort I think a variation of the idea would be better. Have all of the >brutes contact the master, who will, in the first transaction assign them >to the next slave in a round-robin fashion. Why not just have the brutes pick a slave at random? Of course, you need to give them a complete list of slaves to choose from. But then the only difference between the master and the slaves will be that the master doesn't get any keyspace (it's got it all to begin with) and doesn't report any results upward. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEIKkhEcrOJethBVAQHjVQP/RGGxRkUp2WB1/yWngAIrGG3m7Xo6CG17 2sODkkDDGJYmGV+wDBLWObc7VS30MHrPfMLT7Cp7yI/AgYgDJrZ/1SRKw2OuVFqI kgL8hICRxqe76IvmlFAa/pFXVgYiu+WHsMlSEKYlpLa7T424HUdAD21Rc2Dvqioi zMqmhgdn22I= =QAi2 -----END PGP SIGNATURE----- -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From ab411 at detroit.freenet.org Mon Aug 28 11:55:00 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Mon, 28 Aug 95 11:55:00 PDT Subject: Pre-allocating key segments Message-ID: <199508281854.OAA23029@detroit.freenet.org> -----BEGIN PGP SIGNED MESSAGE----- Piete Brooks writes: >I wrote: >> Not only that, but the client ought to allocate some keyspace before it >> needs it, as I think one other cpunk suggested. > >I'd prefer to keep the number of segments "lost" if a brloop ceases. Keep down, I guess you meant. Regarding the local farm software: >... if any keys were allocated to machines which failed to ask for another >segment -- you should assume that that segment was not searched. I agree that is the best policy -- it fails safe -- but I still think the prefetching of some more segments would be useful. The goal is to suck up as many idle cycles as is practical. >> For instance, if it has >> four segments allocated and it's done three of them, it should fork a >> process to begin requesting four more segments *while* it is scanning >> the last segment, rather than waiting until after it is done and leaving >> the machine idle until it can alloc more keys. > >That means that if it crashes, 8 segments are left unACKed :-( And if it had grabbed 8 segments to begin with and crashed, it still would have been 8 segments left unACKed. Plus, it's only 8 segments unACKed if it crashes before it finished that last segment, since it will start trying to ACK the first four segments when it finishes the fourth -- at the same time starting on the next four segments. Would you see it any differently if I had said, "For instance, if it has two segments allocated and it is halfway through the second segment, it should request two more segments *while* it is scanning the last segment"? Keeping in mind that it will still ACK the first bunch of segments when it finishes them. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEIOnBEcrOJethBVAQHUfQP+OUA+iC7sTp2CVCZ5YqtM7ouNykhyx7Nm agcTHN6FFZUOxDmAogiY/Op/SLBZbgtmACC3RSG0cEHwzCQJZ6jeUrTe9g3qU/Vm jHRn8PurOUYE188QnZSGEj0qcZbeoYJoLE4qOcrd7SbizIcZoWk/WVA4STZwEHuH wHHusza6Un4= =UOqi -----END PGP SIGNATURE----- -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From patrick at Verity.COM Mon Aug 28 11:58:08 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Mon, 28 Aug 95 11:58:08 PDT Subject: SSL trouble Message-ID: <9508281854.AA20060@cantina.verity.com> > From: Piete Brooks > > One of the things that the latest brloop does is make a call to the master > server asking for a list of servers to contact :-)) > > Note that it is a list, and it tries them in order (all A RRs). Wouldn't this result in the slaves higher in the list being hammered? Perhaps you want to do something simular to what the later releases of bind do with machines with multiple names, and round robin the list. If you had a list with hosts A, B, and C, the first request would get ABC, the next BCA, the next CAB, and the next back to ABC. That would distrubute the work between the slaves a bit better. > > > Then all of the transactions from that point would take place between the > > brute and the slave:) > > Currently just all the "allocate" transactions -- I haven't written my > ACK reflector yet, so all ACKs go direct th the ACK master. > > > The slaves would each be delegated large chunks of the keyspace, > > No -- the slaves will not "be delegated" (as in pre-assigned address space), > they will just ask the master for it as they need it. > Sure, the'll do it in reasonable sized chunks, but not (2**16)/16 .... Actually this is what I meant, that they would ask for it. My idea would be that when a slave is asked for keyspace, if they don't have enough they'd ask for the next large chunk. That way the central server doesn't ever have to deal with small requests. > > > but not keyspace/numslaves. Maybe 1/16th or something like that, and could > > ask for more when their space was depleted. Periodically, perhaps when > > requesting more key space, and/or when a timer pops, the slaves could report > > results. > > Nah - results still go direct pro tem. You might consider it:) > > > What I mean is that every so often they'd report even if they didn't need > > more keyspace yet, iff they had any new stats to report. > > Sure. > > > The nice thing here is that the work of the master and of the slaves is > > almost the same.i > > You got it ! > > > The slaves don't have to do the initial assignment of slave, > (slave -> slaves I assume) > > > and the master doesn't have to report results, but everything else > > is the same. > > Yup -- code sharing ! > > > With careful design you could use the same daemon for both > > with a command line argument to tell it if it was the master (-m) or the > > slave (-s). > > Well, not even that ! > > The slaves don't have the config file with the key info in it ... > > > Of course I'm sure you see that this allows you to add as > > many levels as you want to the hierarchy. > > Indeed. > > BUT .... > > These cache servers are asking for non trivial amounts of keyspace. > As such there should not be *too* many, and then need to be "managed" ... > If one crashes, the logs need to be scanned to see how to restart it (so that > it starts by doling out the segments that it had no sub-doled to its clients). Quite right. I'd assume that the first level list of slaves would be controlled by you. If you're careful enough a slave should be able to go down and come back up without losing any state at all. All brutes/slaves talking to it should be able to continue on with no loss of information. I would put an exponential backoff on the time between retries for the brutes talking to the slaves as well as the slaves talking to the master. (With a limit for the amount of backoff of course.) If you can't talk to someone you might sleep for 8 seconds and retry, if you still couldn't back off to 16, the 32, then 64, then 128, etc...the maximum might be somewhere around ten or fifteen minutes, so that within ten or fifteen minutes of crashing and being restarted everything would be humming along with no manual intervention required on any of the lower levels. > > > A slave doesn't care whether a slave or a brute talks to it. > > Indeed -- that's how it was designed ... > > However, note that with big cache servers (as opposed to Local CPU Farm servers > where all clients are the same "ID") reports of sub-allocation have to be > passed back to the root :-( That's a good point. If you want to keep track of who has what, it all has to get back to the root eventually. If you use my idea of having the slaves cache the information until the next time they'd be contacting the root anyway, (or whenever the timer elapses,) then you greatly cut down on the number of small packets seen by the root, (and each level of slaves when their's a hierarchy). > > > You could make the slave software available as well, and a site with many > > machines could have only the slave contact the master to get assigned a > > slave to talk to, and could configure all of their brutes to talk to > > their own slave. > > Indeed -- the Local CPU Farm cache server is just about ready for ALPHA testers > > > Software like this is easy to write, (and fun), and we should go for it:) > > Done ... > > > Of course I do everything like this in C++, but I suppose perl would be the > > most portable. It's a shame it's so aethestically displeasing to the eye. > > Yeah -- but being based on C, C++ didn't stand much chance ... > > > perl's never a pleasant read. > > ... but better than C++ -- sure. Sound like we could have a religious war if we wanted, but this isn't the right list for it:) (sigh;) Maybe we should move this portion of the discussion to alt.my.favorite.language.rules.and.yours.of.course.sucks. I'm not really a snob about it...I still think cobol's great for some purposes, I just prefer coding in C++. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From jprickett at lightlink.satcom.net Mon Aug 28 12:43:10 1995 From: jprickett at lightlink.satcom.net (Jim Prickett) Date: Mon, 28 Aug 95 12:43:10 PDT Subject: GOST ?? Message-ID: Does anyone know what the legal status of the Russian cypher "GOST" is ? Is it public domain, patented, proprietary or what ? It looks like it would be more efficient than DES when implemented on a microprocessor or microcontroller. Also the DDJ article mentioned that like DES, there are good and bad S-boxes for GOST. Does anyone know how to choose a strong S-box for GOST ? Jim Prickett From Piete.Brooks at cl.cam.ac.uk Mon Aug 28 12:51:56 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Mon, 28 Aug 95 12:51:56 PDT Subject: Pre-allocating key segments In-Reply-To: <199508281854.OAA23029@detroit.freenet.org> Message-ID: <"swan.cl.cam.:251330:950828195006"@cl.cam.ac.uk> >> I'd prefer to keep the number of segments "lost" if a brloop ceases. > Keep down, I guess you meant. Indeed -- Ta. >> ... if any keys were allocated to machines which failed to ask for another >> segment -- you should assume that that segment was not searched. > I agree that is the best policy -- it fails safe -- but I still think the > prefetching of some more segments would be useful. I'm seeing calls from calpoly.edu and albany.net taking less than a second. Are you **REALLY** worried about wasting that sort of time, when even a single segment usually takes a quarter of an hour even on the faster machines ? > The goal is to suck up as many idle cycles as is practical. I don't think a second's overhead (practical with local cache) is significant. >> That means that if it crashes, 8 segments are left unACKed :-( > And if it had grabbed 8 segments to begin with and crashed, it still > would have been 8 segments left unACKed. Sure, but I'd prefer you allocate single segments ..... > Plus, it's only 8 segments unACKed if it crashes before it finished that > last segment, since it will start trying to ACK the first four segments > when it finishes the fourth -- at the same time starting on the next > four segments. Sure. [ Getting down to the implementation details 1) it would be hard for brloop to know that brutessl is 3/4s done. 2) I can't think how to do prefetching in a safe way, and without disc use ] > Would you see it any differently if I had said, "For instance, if it has > two segments allocated and it is halfway through the second segment, it > should request two more segments *while* it is scanning the last segment"? No. If you gave me code which would guess how long the request for the next segment will take, and then know when brutessl is that many milliseconds from completion, and can tell that brloop isn't going to die within that time, sure :-)) If someone supplies info for my "PS3:", I can generate central stats on what %age of Hal3 was wasted waiting on the server. Otherwise, brloop users will have to scan their own logs (if enabled) and work it out (latest brloop happens to log when brutessl starts and finishes). From patrick at Verity.COM Mon Aug 28 13:12:48 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Mon, 28 Aug 95 13:12:48 PDT Subject: SSL trouble Message-ID: <9508282009.AA20089@cantina.verity.com> David Conrad wrote, quite well: > > Patrick Horgan writes: > >I did a distributed scheme for something else that had two levels, a master > >and a group of slaves. Only the slaves talked to the master. For this > >effort I think a variation of the idea would be better. Have all of the > >brutes contact the master, who will, in the first transaction assign them > >to the next slave in a round-robin fashion. > > Why not just have the brutes pick a slave at random? Of course, you need > to give them a complete list of slaves to choose from. But then the only > difference between the master and the slaves will be that the master > doesn't get any keyspace (it's got it all to begin with) and doesn't > report any results upward. > I think that this is a quite good idea with one caveat. That we use a good random algorithm. As people on this list are quite aware, many algorithms that ship in libraries of commercial OSs are flawed in one way or another. Perhaps a combination of the two: give the whole list rotated in a round-robin fashion, and let the client do with it as they will. There are enough coders on this list that we'll soon see independently developed versions of the client software, (although a published protocol for talking with the slaves would be nice), and some might like to draw the first from the list, another randomly choose one, etc... Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From sjb at austin.ibm.com Mon Aug 28 13:14:43 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Mon, 28 Aug 95 13:14:43 PDT Subject: SSL trouble In-Reply-To: <199508262332.TAA26817@interport.net> Message-ID: <9508282013.AA15087@ozymandias.austin.ibm.com> Will French writes >>> Please don't do anything like this. This will prevent >>> people like me who prefer the "random" method from >>> participating. > >> You can't use the random method if the CRACK is using a >> sequential search. It just doesn't fit! > > Hehe... I've always been a bit of a misfit. > >> You can't ACK something which has not been allocated to you. > > But I could announce it on the list. Then what do you care about the group's procedures? It doesn't "prevent you from participating" --- you *aren't* participating. You're attempting to solve the problem on your own. Statistically, the "random" methods are no different than everyone just working independently at solving the problem. I, too, don't recall my statistics well enough, but let me take a shot at it, and anyone who wants to, please check me... The probability of having failed to search a particular segment (the one with the key) after selecting k of n segments at random with replacement is (1-1/n)^k, whereas in a sequential search from a random starting point, (or, equivalently, random without replacement) the probability is k/n. Assume the segments are farmed out in 2^24 segments of 2^16 keys each (I don't recall what the current programs use). In the sequential case, it's even money you'll find the key after searching 8,388,609 segments. In the random case, it's not even money until 11,629,080 segments --- 39% longer. It's when you're "unlucky" that the random case gets *much* worse. To search 90% of the keyspace takes 15,099,495 sequential searches, but 38,630,967 --- a 156% difference. Here's the table: % k-space random sequential percent searched method method difference -------- ---------- --------- ---- 10 1767657 1677722 5 25 4826505 4194305 15 50 11629080 8388609 39 75 23258160 12582913 85 90 38630967 15099495 156 99 77261933 16609444 365 99.9 115892899 16760439 591 Changing the segment size doesn't affect the results very much, as a table for 10 bit segments shows: 50 744261117 536870912 37 90 2472381916 966367641 156 The random method is a little more than 1/3 worse in the typical case, but *lots* worse in the worst cases. From Piete.Brooks at cl.cam.ac.uk Mon Aug 28 13:28:20 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Mon, 28 Aug 95 13:28:20 PDT Subject: SSL trouble In-Reply-To: <9508281854.AA20060@cantina.verity.com> Message-ID: <"swan.cl.cam.:264930:950828202725"@cl.cam.ac.uk> >> Note that it is a list, and it tries them in order (all A RRs). > Wouldn't this result in the slaves higher in the list being hammered? There is not "a" list ... The list returned will be "tailored" for the calling host. Thus an EU host will have EU sites near the front, AU hosts will have AU servers, etc ... (Well, maybe they'll just be returned in a random order !). By having multiple A RRs for a name, the DNS will do the pseudo load balancing. > Perhaps you want to do something simular to what the later releases of > bind do with machines with multiple names, and round robin the list. Indeed -- as above: 1) optimise the list so that "near" servers are used. 2) cycle the servers 3) leave it to the DNS to SHUFFLE. > If you had a list with hosts A, B, and C, the first request would get > ABC, the next BCA, the next CAB, and the next back to ABC. That would > distrubute the work between the slaves a bit better. Yup -- but if it's just "random", I'd probably use a single name ... > Actually this is what I meant, that they would ask for it. My idea would > be that when a slave is asked for keyspace, if they don't have enough > they'd ask for the next large chunk. That way the central server doesn't > ever have to deal with small requests. Well, the current implementation will give what it has left, then on restarting the main loop it notices that it has no keys left, so asks the main server for more, so if the clients aren't all bunched up, it'll pre-fetch more segments, so there's a fair chance the client won't have to wait :-)) >> Nah - results still go direct pro tem. > You might consider it:) I can always add some more A RRs to sksp-ack to load balance ... >> These cache servers are asking for non trivial amounts of keyspace. >> As such there should not be *too* many, and then need to be "managed" ... >> If one crashes, the logs need to be scanned to see how to restart it (so that >> it starts by doling out the segments that it had no sub-doled to its clients) > Quite right. I'd assume that the first level list of slaves would be > controlled by you. Possible .... I've had various offers to host a server ... > If you're careful enough a slave should be able to go down and come > back up without losing any state at all. At a cost .... Either it has to save state in a form that's easy to reload later, or save state in a way that it can spend some time before it starts to work out what it has to do [[Hmm -- I might write a script to do that]] > All brutes/slaves talking to it should be able to continue on with no loss > of information. Loss of what info ? Running brutessl's will call brclient to report the ACK. They will report back the data as normal -- nothing to do with the Allocate Slave -- even if it were, it would auto fallback to another server. brloop's will ask for another keyspace, and on finding that the first server on its list doesn't respond, it'll try the next server on its list, and if none respond, it'll wait a bit and start asking again ... > I would put an exponential backoff on the time between retries for the > brutes talking to the slaves as well as the slaves talking to the master. Well, I use a multiplicative backoff within limits .... > (With a limit for the amount of backoff of course.) Indeed -- how long ? > If you can't talk to someone you might sleep for 8 seconds and retry, > if you still couldn't back off to 16, the 32, then 64, then 128, etc... Well, 60, 120, 180, 240, 300, 300, 300, ... > the maximum might be somewhere around ten or fifteen minutes, so that within > ten or fifteen minutes of crashing and being restarted everything would be > humming along with no manual intervention required on any of the lower levels. Well, 5 mins ... < 1/3 or a segment ... >> However, note that with big cache servers (as opposed to Local CPU Farm >> servers where all clients are the same "ID") reports of sub-allocation have >> to be passed back to the root :-( > That's a good point. If you want to keep track of who has what, it all has > to get back to the root eventually. Yes -- I do -- so that it's possible to tie up requests and ACKs. > If you use my idea of having the slaves cache the information until the next > time they'd be contacting the root anyway, (or whenever the timer elapses,) > then you greatly cut down on the number of small packets seen by the root, > (and each level of slaves when their's a hierarchy). Yup -- that's what an ACK reflector will do. Note that Allocation and ACKs are separate .... > Sound like we could have a religious war if we wanted, I was agreeing with you ! You said: >>> Of course I do everything like this in C++, but I suppose perl would be the >>> most portable. It's a shame it's so aethestically displeasing to the eye. or is the "it" in "shame it's so" not the preceding direct noun, i.e. C++? :-))) From stripes at va.pubnix.com Mon Aug 28 14:07:52 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Mon, 28 Aug 95 14:07:52 PDT Subject: SSL trouble In-Reply-To: <"swan.cl.cam.:216660:950828181616"@cl.cam.ac.uk> Message-ID: In message <"swan.cl.cam.:216660:950828181616"@cl.cam.ac.uk>, Piete Brooks writ [...] >PS1: PERL gurus: Anyone know how to test whether there is input waiting on a > file handle ? I know about seeing if there is data waiting for the next > sysread type read, but not on the next type read. Ideas ? I don't think there is one. I would just use select() on FD, and then a subrutine much like this: sub syswrite { local($FH, $buf) = @_; local($len, $offset, $wlen) = (length($buf), 0, 0); while($len) { $wlen = syswrite($FH, $buf, $len, $offset); die "Bad write $FH: $!" if (!defined($FH)); $offset += $len; $len -= $wlen; } } Actually if you can use perl5 for the server (I assume this is the server code you are worrying about) I have code that deals with I/O from multiple sockets at once and drives an independant state machine for each socket. >PS2: PERL gurus: I fixed the SGI Challenge problem by HACKing it -- as I > thought it was a probleb with stdio in and out on the same socket. > The perl mand page warns: > If your stdio requires an seek or eof between reads and > writes on a particular stream, so does perl. (This > doesn't apply to sysread() and syswrite().) > so I change the one "print SERVE" line to a "syswrite(SERVE" and that > fixed it. However, does anyone know the "correct" way to use stdio for I/ >O? For bi-directional pipes I tend to use sysread/syswrite anyway, but you could just sprinkle "seek(SERVE, 0, 1)" liberally through the code. >PS3: I'd like to get the raw date in brloop (a sh script). In perl I'd just > use "time", and I can't see a way to get "date +" to yield the raw time. > I could use "date=`perl -e 'print time'`" but that seems OTT, and perl > may not be on teh users PATH. Any suggestions ? "date '+%s'" does it under BSDI, but I'm not sure how portable it is. From stripes at va.pubnix.com Mon Aug 28 14:29:36 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Mon, 28 Aug 95 14:29:36 PDT Subject: SSL trouble In-Reply-To: Message-ID: In message , "Josh M. Osborne" wri tes: [...] >sub syswrite { [...] So sorry. I gave out the wrong code. Let me try again: sub sysreadln { local($FH) = @_; local($len, $line, $offset) = (0, "", 0); while("\n" ne substr($line, $offset-1, 1)) { $len = sysread($FH, $line, 1, $offset); die "Bad read from $FH: $!" if (!defined($len)); $offset += $len; } return $line; } There. That should help. (yes, this is slow since it asks the OS for a single byte at a time, but in practice it isn't too bad - I use it for small tasks and my multi-stream state-machine monster for the rest) From stewarts at ix.netcom.com Mon Aug 28 14:33:05 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 28 Aug 95 14:33:05 PDT Subject: SSL trouble Message-ID: <199508282130.OAA17500@ix5.ix.netcom.com> Several people have suggested random keyspace selection instead of servers. The problem is that there's a high probability that the search will fail to find the correct key. If you split the keyspace into n segments, and randomly select k of them, the probability of failure p = ((n-1)/n)**k ; for k=n, p approaches 1/e (.367) as n becomes large, and 10 is close enough to large that you don't gain much by having independent groups that agree not to overlap in their own 10% of the keyspace. For k=2n (random-searching the space about twice), the probability of failure is still e**-2, about 13%. You need a coordinated search. >Why not just have the brutes pick a slave at random? >Of course, you need to give them a complete list of slaves to choose from. That more or less works, assuming you can distribute the list of slaves along with the code; you still hit the slaves' DNS servers unless you also distribute IP addresses for the slaves to use (which is probably fine as long as people get the addresses beforehand.) You could get fancy and have a DNS server hand out slave addresses round-robin for a dummy address slave.cracker.org. The main failure mode seems to have been misconfigured clients grabbing the single-threaded server for a long time; it may be worth using a multi-threaded server, or alternatively a single-threaded server that has a fast timeout for how long it will talk to a client. I gather there was some protection in the code against dishonest clients, but a malicious attack would be to falsely ACK large portions of the search space (especially the portion containing the real answer, if the attacker knows it). #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Mon Aug 28 14:33:23 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 28 Aug 95 14:33:23 PDT Subject: improving the distributed computation Message-ID: <199508282130.OAA17520@ix5.ix.netcom.com> At 07:43 AM 8/25/95 -0400, you wrote: >1) Abandon the central command way of doing things. Little if any >communication is required for this computation, it should be >self-distributing to and between volenteer sites. That makes it ideal >for implementation as a safe virus. Doling out keyspace _does_ require central coordination, though the job can be delegated to _trusted_ volunteers, or delegated with redundancy to semi-trusted ones. As far as safe viruses go, I've had more free lunches than safe viruses, though I've been offered both out of "charity". Some of the lunches were good, and charitable; the viruses have been, at best, mostly harmless. Perhaps under Safe-Tele-Java-Script it will be possible to send self-modifying self-reproducing scripts around a network to unsuspecting machines, but I doubt it. >2) Give these computations a defined and limited lifetime. The problem >you have with old versions is because they don't die automatically or >even check to see if they are up-to-date and update themselves. Yeah. In this case, the lifetime of the versions was less than the expected lifetime of some of the searches. Automated version-checking would help, but the version changes made it difficult to communicate even simple requests like "Give me a number". Perhaps it would make sense for version upgrading to include changing the server's TCP port so the old versions don't hose the servers for the new versions. >3) Use randomness to break up the search space and redundantly perform >the computation. This should eliminate the problems with malicious >key-space requests, etc. Randomness doesn't help much, since it's hard to be sure you sweep the whole keyspace. Redundancy does help, but it's still tough to protect against sufficiently malicious attackers. >4) Use feedback in the form of selective survival/replication to >optimize the search and allocate search space. If a processor goes >quickly, give it more to do - if it goes slowly, give it less. This >will produce an overall system that adapts with time to the cahges in >network and system usage so as to optimize overall performance as a >function of time. You could do that. But simply asking for more numbers after you've finished the previous batch accomplishes much the same thing; special tuning may be more useful for folks with MasPars than 486s, where redundantly giving out unacked search space can do more. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From unicorn at access.digex.net Mon Aug 28 14:50:24 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 28 Aug 95 14:50:24 PDT Subject: No Subject Message-ID: It's been far too long since I cleaned up the namespace clutter on alpha.c2.org. So I have deleted all reply blocks which point to remailer at jpunix.com, remailer at tower.techwood.org, usura at replay.com, myriad, wmono, desert, nately, and all the other dead remailers I could think of. I did this with a grep/awk script, so I hope it didn't maul any valid addresses. There are probably still a lot more dead addresses, but hopefully this cleans up the namespace somewhat. [...] THE FOLLOWING HAVE BEEN DELETED: abdul alexr alice an34267 anna avatar beaver blacknet ^^^^^^^^ bolt_thrower Uh oh! :) --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From droelke at rdxsunhost.aud.alcatel.com Mon Aug 28 16:04:04 1995 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Mon, 28 Aug 95 16:04:04 PDT Subject: SSL trouble Message-ID: <9508282302.AA12759@spirit.aud.alcatel.com> > > >PS3: I'd like to get the raw date in brloop (a sh script). In perl I'd just > > use "time", and I can't see a way to get "date +" to yield the raw time. > > I could use "date=`perl -e 'print time'`" but that seems OTT, and perl > > may not be on teh users PATH. Any suggestions ? > > "date '+%s'" does it under BSDI, but I'm not sure how portable it is. > This is what I got from SunOS 4.1.x $ date +%s date: bad format character - s Sounds like something my parents might have said ;-) Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From ghio at c2.org Mon Aug 28 16:06:31 1995 From: ghio at c2.org (Matthew Ghio) Date: Mon, 28 Aug 95 16:06:31 PDT Subject: Encrypted TCP, telnet, etc In-Reply-To: <199508280514.XAA00277@wero> Message-ID: root wrote: >But I missed where this comes from, and I doubt I'd be able to >drop it into my Linux in anything resembling a plug-and-play >style. Anybody tried this? I am using it. It works fine on Linux and was very easy to set up. Just -DLINUX in the makefile and build it. Then put it in your inetd or start the server standalone. I use % cryptod 49374 & to put it on port 49374 (Look at it in hex ;-) My biggest gripe with it is that it doesn't like Sparcs too much. I finally did get it to compile but it still seems to occasionally crash during key-exchange for no apparent reason. :( Which is weird because it never crashes under Linux. oh well. I'm using v0.9, which I got from utopia. Is there a newer version? From droelke at rdxsunhost.aud.alcatel.com Mon Aug 28 16:23:45 1995 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Mon, 28 Aug 95 16:23:45 PDT Subject: SSL trouble Message-ID: <9508282322.AA12838@spirit.aud.alcatel.com> > >PS3: I'd like to get the raw date in brloop (a sh script). In perl I'd just > > use "time", and I can't see a way to get "date +" to yield the raw time. > > I could use "date=`perl -e 'print time'`" but that seems OTT, and perl > > may not be on teh users PATH. Any suggestions ? > > "date '+%s'" does it under BSDI, but I'm not sure how portable it is. > That doesn't work under SunOS 4.1.x, but this does: date "+%S %M 60 * + %H 3600 * + %j 86400 * + %y 31536000 * + p" | dc This assumes 365 days/year, so if you jump from a leap year to a non-leap year it won't work right. Hey - a 1/1460 failure rate is better than most Windoze programs I've used ;-) It also isn't the "absolute" time, (as given by time()), but gives a number of seconds that constantly increases. With a little more work you should be able to adjust this to be close to time() functionality. Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From mark at lochard.com.au Mon Aug 28 16:57:28 1995 From: mark at lochard.com.au (Mark) Date: Mon, 28 Aug 95 16:57:28 PDT Subject: Florida Drivers Permits In-Reply-To: Message-ID: <199508282255.AA46059@junkers.lochard.com.au> >>Better would be to figure out the encoding scheme and post it here. > >I like this, myself. It'd be nice to be able to have the picture of my >choosing instead of a digitized thumbprint... I think the officer arresting you would frown if your license dumped a nudie picture of Cindy Crawford instead of your identification details. Sounds like a great way to smuggle nuclear secrets out of a country tho :) Mark The above opinions are rumoured to be mine From mark at lochard.com.au Mon Aug 28 17:25:13 1995 From: mark at lochard.com.au (Mark) Date: Mon, 28 Aug 95 17:25:13 PDT Subject: SSL trouble In-Reply-To: <199508281852.OAA22478@detroit.freenet.org> Message-ID: <199508282326.AA32757@junkers.lochard.com.au> >Patrick Horgan writes: >>I did a distributed scheme for something else that had two levels, a master >>and a group of slaves. Only the slaves talked to the master. For this >>effort I think a variation of the idea would be better. Have all of the >>brutes contact the master, who will, in the first transaction assign them >>to the next slave in a round-robin fashion. > >Why not just have the brutes pick a slave at random? Of course, you need >to give them a complete list of slaves to choose from. But then the only >difference between the master and the slaves will be that the master >doesn't get any keyspace (it's got it all to begin with) and doesn't >report any results upward. Better to include in the clients a list of all slaves and have the initial contact to a slave random, maybe weighted by network proximity, and either have the clients cycle to each slave with each ACK, or have the slave TELL the clients what server to ACK to next, based on slave to slave balancing. Slaves could tune their pointers to faster slaves and transparently handle crashed slaves The idea is to have all the slaves working evenly, assuming they are on equal nets and equal machines. If not then you can have the slaves tell clients to only point to a weaker slave once in a while. I dont think advertising the master is a good idea, better to have the slaves talking to it only. A backup mirror master would be worthwhile too. Web people would most likely have to communicate with the one central http server as you have to Keep It Simple for them. Comments? Mark From stewarts at ix.netcom.com Mon Aug 28 17:38:36 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 28 Aug 95 17:38:36 PDT Subject: Florida Drivers Permits Message-ID: <199508290035.RAA08342@ix3.ix.netcom.com> At 09:55 AM 8/29/95 +1000, you wrote: >>>Better would be to figure out the encoding scheme and post it here. >>I like this, myself. It'd be nice to be able to have the picture of my >>choosing instead of a digitized thumbprint... > >I think the officer arresting you would frown if your license dumped a nudie >picture of Cindy Crawford instead of your identification details. Yeah, but your basic thumb-shaped black smudge might look believable... #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From JonathanZ at consensus.com Mon Aug 28 17:48:03 1995 From: JonathanZ at consensus.com (Jonathan Zamick) Date: Mon, 28 Aug 95 17:48:03 PDT Subject: Florida Drivers Permits and a Hello Message-ID: At 3:55 PM 8/28/95, Mark wrote: >>>Better would be to figure out the encoding scheme and post it here. >> >>I like this, myself. It'd be nice to be able to have the picture of my >>choosing instead of a digitized thumbprint... > >I think the officer arresting you would frown if your license dumped a nudie >picture of Cindy Crawford instead of your identification details. > >Sounds like a great way to smuggle nuclear secrets out of a country tho :) What is the capacity of the mag strips. Do they carry much more than some ID code for computer reference? It seems unlikely that there is enough storage for a thumbprint. Some vitals perhaps, but again it would most likely simply be a speedier way of referencing the card holder's supposed True Name. (After all they'd have to be checking driving record information as well.) Still decrypting the cards would be amusing, just to aggravate those who become to used to the convienience. 'Oh.. sorry Governor Wilson... my but you look different up close'. Being in California, I've avoided getting a Cali license due in large part to the use of thumbprints. Perhaps I'm being silly, but I find it difficult to give up such vitals. Its the sheeplike way the majority of the population happily gives up its remnants and shreds of privacy which makes this such an important area. As for the Hello mentioned in the subject line... A few of you may know me already. I work for Consensus Development. We're going to be able to license out RSARef commercial use quite soon. Some of the people I've talked to have asked me to jump on Cypherpunks, so I've been going over the archives on the Cypherpunk list, and while rather large, I'm quite pleased to see the high content/noise ratio here. Anyway, my task is to get in gear as the Knowledge Officer for RSARef, and I am currently putting together the new RSARef discussion lists. Since I don't have the constitution (or obligation) to be a salesperson I'll leave the RSARef stuff at that. If you do have questions, or want to be put on the RSARef announcement list, drop me an email. Jonathan Zamick (Off to play with PGPFone.... how happy am I? :) ------------------------------------------------------------------------ ..Jonathan Zamick Consensus Development Corporation.. .. 1563 Solano Ave, #355.. .. Berkeley, CA 94707-2116.. .. o510/559-1500 f510/559-1505.. ..Mosaic/WWW Home Page: .. .. Consensus Home Page .. From usura at replay.com Mon Aug 28 17:50:19 1995 From: usura at replay.com (Alex de Joode) Date: Mon, 28 Aug 95 17:50:19 PDT Subject: Bet e$ on how long it will take for PGPFone to make it overseas! Message-ID: <199508290050.AA11863@xs1.xs4all.nl> Censored Girls Anonymous sez: : I thought I saw a version over at ftp.hacktic.nl already. : I tawt I taw a puddy tat. I did, I did taw a puddy tat! : And it's been in the incoming directory for all weekend too! It's now relocated to ftp.hacktic.nl:/pub/pgp/pgpfone Also aussie SSL and SSLapps have been made available at /pub/crypto/SSL /pub/crypto/SSLapps A dir has been added for Crypto Libraries (Wei Dei, RSAREF and DES) /pub/crypto/LIBS Also a dir has been added for Crypto apps (CFS, SSH CTCP etc) /pub/crypto/CRYPTOapps Enjoy ! -- Alex de Joode Replay Communication and Internet Services usura at replay.com Inet Consulting, Web Authoring, Trademark http://www.replay.com and Copyright Consultancy. From wfrench at interport.net Mon Aug 28 20:44:28 1995 From: wfrench at interport.net (Will French) Date: Mon, 28 Aug 95 20:44:28 PDT Subject: SSL trouble Message-ID: <199508290338.XAA24000@interport.net> Scott Brickner writes: > Then what do you care about the group's procedures? It > doesn't "prevent you from participating" --- you *aren't* > participating. You're attempting to solve the problem on your > own. This distinction is valid in the current series of academic exercises. However, if we were actually trying to break something important, anything that might accelerate the crack would be a form of participation. And as Nathan Loofbourrow has pointed out, the random method is much more secure against real-world retaliation. It's also the only method that will work for me; I use a shell account, and I never know in advance when I will get time on the computers at work (which aren't on the net at all). I _don't_ care about the procedures, as long as I can get the information I need to go my own way. Will French From don at cs.byu.edu Tue Aug 29 00:33:25 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Tue, 29 Aug 95 00:33:25 PDT Subject: Sendmail Bugs Message-ID: <199508290733.BAA01311@wero> -----BEGIN PGP SIGNED MESSAGE----- This has nothing to do with crypto, and is only remotely related to remailers. However, I thought I'd send it along to demonstrate to our conspiracypunks friends how to shorten the length of an off-topic post. There is a document on alt.security which describes exploitable sendmail bugs. The reference is <809544856snz at hacknet.demon.co.uk> I saved a copy in case anyone would like one. SEE! Now wasn't that easy! Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMELCW8La+QKZS485AQGWMQL8DycUwDwZ9ACaLo27o6fUrqoz3KAXJB4C fz6FHp6LLBbTDpPQoSgYfhcYtpySs7IuXvr5ja+/qNFi6Jq6M98WBvFMuLug8HsR 8IFvu+KVF1VSJ8EOAcdQ9MEAs3m+Zbk0 =YZjS -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From rah at shipwright.com Tue Aug 29 04:41:53 1995 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 29 Aug 95 04:41:53 PDT Subject: e$: A CALL FOR FOUNDERS: The Boston Society for Digital Commerce Message-ID: A CALL FOR FOUNDERS The Boston Society for Digital Commerce A few weeks ago, before my San Francisco trip, I had a great lunch with Peter Cassidy, a contract writer and industrial analyst. Cassidy writes stuff on digital commerce and other net.things for the Economist, Wired and a number of other drier trade rags and authors the occassional market research piece for industrial research firms around Boston. As disparate our backgrounds and life experiences may be, our luncheon was reminiscent of the original AA meeting. We gibbered at each other for two hours about strong crytography and the enormous potential of Web-mediated commerce and the effects of both on life, the universe, and everything. It was marvelous for two informed parties to share thoughts on the substance of the revolution at hand, undistracted by hype and hyperbole that too often haunts these subjects. I went on to hang out that night with a couple of pals from my school days at Chicago and they had *no* idea what I was talking about, though they could tell it had me pretty animated. Both Peter and I figured we needed to have a regular fix of this, and we both figured that there are others in Boston who would benefit from the same experience. People in Boston who have someunderstanding of the financial markets, the internet, strong cryptography and the consequences of mixing the three: digital certificates, the potential for absolute anonymity, and geodesic markets for everything from financial instruments to software to professional services. People in Boston who would like to meet once a month or so in a function room somewhere downtown, have lunch, and listen to a speaker or see a net.demo, or just hang out and gab on some aspect of digital commerce. So, to quote Andy Hardy, "I've got a barn! Let's have a show!". I've made some calls, and I can get a meeting room for a couple of hours and a nice lunch for 20 people in downtown Boston for about $25 a head as a starting point, subject to demand and scalability. I figure the agenda of the first meeting will be an introduction of everybody, and organizing some kind of structure for further meetings: programming and anything else we need to do to get the next meeting(s) organized, including picking a name. The imposing name "Boston Society for Digital Commerce" is just prima facie, subject to change at the first meeting. At the moment, I'm looking at a meeting date of Tuesday, October 3rd, and at a location to be named later for lunch, say from 12:00 to 2. I'll give you a hint: it's a 30th floor room overlooking the Charles from downtown , and, yes, you need a coat and tie. I figure I'll collect checks payable to the place where we have lunch, with, say, a registration cutoff of 2 days prior to the event, so I can get the room paid for in advance, and so we can bootstrap this financially until we come up with a better method for doing things. How to Sign Up: Reply to this message if you're interested in helping this get started, or if you just want have lunch and talk shop with people who'll actually understand what you're saying, and I'll give you all the details. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From dmandl at panix.com Tue Aug 29 06:46:16 1995 From: dmandl at panix.com (dmandl at panix.com) Date: Tue, 29 Aug 95 06:46:16 PDT Subject: Decoder ring Message-ID: High-Tech Company Goes Back to the Future with Decoder Rings The Stuff of Cereal Box-Tops Becomes Real Repository of Data and Computer ID By Carlos Tejeda Staff Reporter of the Wall Street Journal Once, the only way to get a decoder ring was to carve up cereal box-tops or comic-book covers. Now Dallas Semiconductor Corp. is creating its own high-tech version of the "decoder" ring. Although this one doesn't break any codes, it can unlock some doors of information. It consists of a 64000-bit microchip, embedded in a silver ring made by class-rings titan Jostens Inc., of Minneapolis. The rings can be implanted with a replica of a driver's license, credit-card numbers and even a digitized photograph. Company officials say they hope the ring's data-carrying capability will help bring personal information literally to one's fingertips. "My wallet's stuffed with a dozen different plastic cards," said Hal Kurkowski, Dallas Semiconductor's group manager for auto-identification products. "It's an awful mess. You could put all that and more into the ring and not have a four-inch-thick wallet." The ring is triggered when the metal piece at the head of the ring comes in contact with a data reader. To prevent theft, the ring can be formated so that it only can be used in conjunc tion with a password, Mr. Kurkowski said. The technology already is being used at Dallas Semiconductor's headquarters, as something of a company ID card, said Syd Coppersmith, director of public relations. "I use it to get into my office, and it records who I am and when I went in," she said. "There's a reader on my PC, and I use it to get into my files." The rings cost about $60 each, while readers that can be plugged into a computer can be purchased for about $80. Ms. Coppersmith said several security companies already have the technology to install such readers for their clients. She said the system also has been tested commercially at a warehoiuse, where employees used the ring to record inventory changes. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From WOOD at VAX2.ROCKHURST.EDU Tue Aug 29 10:20:21 1995 From: WOOD at VAX2.ROCKHURST.EDU (WOOD at VAX2.ROCKHURST.EDU) Date: Tue, 29 Aug 95 10:20:21 PDT Subject: Joel's RSA-t's Message-ID: <01HUN7RYOMZM003M4J@VAX2.ROCKHURST.EDU> > > On Josh Osborne's RSA-perl T-shirt venture, > > I don't know about the rest of you, but I didn't realise from Joel's > last post to the list that he was taking orders for then. I guess > that's as close to an announcement as he's going to make. I just > checked his netstuff web page, and he's taking orders now! > > Check out: > > http://www.danger.com/ad-perl.html > > (this is referenced from Joel's netstuff page under currently > available items: > > http://www.danger.com/netstuff.html > ) > > From the Joel's web page: > > > DEADLINE TO ORDER: All orders for these shirts must be postmarked by > > June 1, 1995. > > Also my page on perl-rsa is: > > http://dcs.ex.ac.uk/~aba/perl-rsa.html > > I'll be away from my mail for the rest of this week, so maybe someone > can post this info to all the crypto groups... > > Adam > -- > > HAVE *YOU* EXPORTED A CRYPTO SYSTEM TODAY? --> http://dcs.ex.ac.uk/~aba/x.html > --rsa--------------------------------8<------------------------------------- > #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL > ($k,$n)=@ARGV;$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2% > Sa2/d0 ,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die"$0 [-d] k n\n")&~1)/2) > -------------------------------------8<------------------------------------- > TRY: echo squeamish ossifrage | rsa -e 3 7537d365 | rsa -d 4e243e33 7537d365 > Has anyone received a shirt from Joel? Or is he ripping people off? Many thanks, ------------------------------------------- | "Computers are boring and slow." | | | | David Wood | | Information Systems Specialist? | | wood at vax2.rockhurst.edu | ------------------------------------------- From Ted_Anderson at transarc.com Tue Aug 29 10:20:46 1995 From: Ted_Anderson at transarc.com (Ted_Anderson at transarc.com) Date: Tue, 29 Aug 95 10:20:46 PDT Subject: Cryptanalysis of S-1 In-Reply-To: <41l6u3$852@cnn.Princeton.EDU> Message-ID: I find this very interesting. You have made two related points here which highlight some important principles of cipher design: (1) more rounds do not always help and (2) the key schedule can be a limiting factor in a cipher's strength. In some sense these are "obvious", but it helps a lot to have a specific example of these points to think about. After the early looks at S-1 and after reading Blaze & Schneier's paper on MacGuffin (ftp://research.att.com/dist/mab/mcg.ps) I was thinking that any half-assed Feistel network could be made secure by adding more rounds. So I was thinking about quantifying the systemic cost of adding more rounds and thereby reducing performance. It seems that there has been insufficient analysis of the performance vs. security trade-off. In some sense this is understandable given the lack of quantification of security, but when it comes to engineering a system for real world use, you have to make a choice and it would be nice to have something to go on. Consider for example the use of Blowfish instead of IDEA in PGPfone; according to Paul Rubin [in "Re: IDEA with PGPFone?", 28-Aug-1995, sci.crypt] this was at least partly due to the performance difference. But here we have a clear limit. In S-1 the key schedule effectively limits the number of rounds that contribute to security at about five. Further we have a concrete design principle: the per-round sub-keys should not repeat. Probably a stronger statement could be made. Excerpts from netnews.sci.crypt: 16-Aug-95 Re: S1 cipher P. Hallam-Baker at w3.org (3569*) > I would like to suggest some hypotheses :- Maybe this type of cryptanalysis is old hat but it seemed new to me. It made me think of another hypothesis for the S-1 release: - It is a training exercise. Consider that the primary reason given for keeping Skipjack secret is that the algorithm would reveal valuable hints about cryptanalysis and cipher design. It also seems obvious that the NSA would have a College of Cyptanalysis to educate new generations of crypto experts. I could easily imagine it including a series of exercises, of progressively increasing difficulty, where attacking each cipher illustrates one or more cryptographic principles. Possibly an crypto-anarchist NSA mole decided it would be safer to leak page from NSA's workbook than Skipjack itself; an infraction less likely to be persued if nothing else. If this seems unlikely, consider that the NSA has been getting beaucoup bucks for many years now. With the fall of the "Evil Empire" and all, perhaps things are getting a bit soft at the core. Maybe some NSA strategist figured that a little cross-fertilization between the academic and national-security crypto communities would enliven both groups. So the question is: Will another exercise appear? Or perhaps there is more to learn from this one. Ted Anderson From sjb at austin.ibm.com Tue Aug 29 10:22:16 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Tue, 29 Aug 95 10:22:16 PDT Subject: SSL trouble In-Reply-To: <199508290338.XAA24000@interport.net> Message-ID: <9508291647.AA13894@ozymandias.austin.ibm.com> Will French writes >Scott Brickner writes: >> Then what do you care about the group's procedures? It >> doesn't "prevent you from participating" --- you *aren't* >> participating. You're attempting to solve the problem on your >> own. > This distinction is valid in the current series of academic >exercises. However, if we were actually trying to break >something important, anything that might accelerate the crack >would be a form of participation. And as Nathan Loofbourrow has >pointed out, the random method is much more secure against >real-world retaliation. It's also the only method that will >work for me; I use a shell account, and I never know in advance >when I will get time on the computers at work (which aren't on >the net at all). We've identified several forms of "real-world retaliation:" 1) "Result hoarding" - failure to report a found key 2) "Segment hoarding" - requesting more segments than one can hope to search 3) Denial of service - preventing access to the server The "random search" method eliminates all three of these at about 37% higher cost in search time, on the average. I submit that if we *really* were trying to break something important, we could design a system which eliminated the first two and adequately limited the third, but at *much* less cost. The problems in the current system were to be expected of a first attempt. In the future: Only the server assigns segments, only the assignee may report the status of a segment, and after all segments are NAKed we know condition 1 has occurred, at which time we start over, but never assign the same segment to the same searcher. Limit the number of segments which may be outstanding with one searcher at one time as a function of work rate. Deploy redundant servers. As to whether the distinction is valid, I'd still say the only difference between working on your own and working "with" the group, but using an uncoordinated, random search method is one of intent --- that is, it's all in your mind. > I _don't_ care about the procedures, as long as I can get the >information I need to go my own way. So what information wouldn't you be getting? To "go your own way", you need exactly the same information that the client workstations use to test one key. The difference in your code and the clients exists solely in how they determine the next key to try. You're not "participating" when you go your own way. You're working on cracking the cipher, but you're not adding your efforts to the group effort, you're working independently. I'm not saying this is "wrong". You're supposedly a free person, do what you think is right. From paul at poboy.b17c.ingr.com Tue Aug 29 10:25:57 1995 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Tue, 29 Aug 95 10:25:57 PDT Subject: [NOISE] Austin cpunks? Message-ID: <199508291532.AA15521@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- If you live in the metro Austin area, please drop me a line. To the rest of you, sorry for the noise. - -- Paul Robichaux, KD4JZG | Do you support free speech? Even when perobich at ingr.com | you don't like what's being said? Be a cryptography user. Ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEMy6afb4pLe9tolAQEXrwP/dPhTNVeuzNYA78Aow2B9ruINvBO324tG sRa2HYdT8bpZGh8DBXx7hS9zIFNMF5qw6GeoVpK8aqwmRhdbbnNoVq8x5Cps/APQ lQRu3AqPvtu46fZK6/faBHdzElqSNRIvQxG1O3o1kZhLmZctxdlyu00wJgH7tj/Z +jMhQ7kaWgQ= =VmEL -----END PGP SIGNATURE----- From ddt at lsd.com Tue Aug 29 10:26:50 1995 From: ddt at lsd.com (Dave Del Torto) Date: Tue, 29 Aug 95 10:26:50 PDT Subject: TLA Menu! Message-ID: Time to use your imagination, because... It's the TLA Phone Menu! pair-o-dee by [ A french horn version of "The Lion King" fades in quickly, and a ] [ smarmy male voice reminiscent of that 415.777.FILM guy comes on... ] "Welcome to the Three Letter Agency's Help Line! - If you're calling to report a threat to National Security, please press "1" now... - If you're calling to threaten the life of the President of the United States, please have your manifesto ready to fax and press "2"... - If you're calling to report a bomb that's been left somewhere at a TLA complex, please have your five-digit terrorist group identification code ready and press "3" now... - If you're calling to report an imminent nuclear emergency within the territorial borders of the United States, please press "4" now... - If you're calling to find out what "Squeamish Ossifrage" means, please press "5" now... - If you're calling to inform on Phil Zimmermann, please press "6" now... - If you're calling to report an Internet security problem that may affect our ability to packet-filter your local network, please press "7" now... - If you're calling to donate money to Senator Exon's re-election campaign, please press "8" now... - If you're a member of any State Militia or paramilitary group needing assistance with plans to overthrow a state government, please have your copy of the US Constitution ready and press "9" now... - If you're submitting a new encryption algorithm challenge, please visit our website at http://www.tla.gov/cray-this, or press "0" now... - If you're calling to report any unauthorized use of cryptography by pornographers, drug dealers, terrorists and/or religious cults, please press the "star" key now, or stay on the line, and a National Security Analyst will be with you in a moment..." [ Naturally, we press the "star" key... a few mournful moments pass ] [ as, in the background, a valiant attempt is made by 40 melancholy ] [ strings and an antic saxophonist to produce a Musak rendition of ] [ Rockwell's "(I Always Feel Like) Somebody's Watching Me," when ] [ suddenly the Musak fades back... ] "...Thank you for your patience. All of our jack-(and jill!-) booted agents are busy cracking other citizens' shopping-lists or reverse-tracing your phone number at this time, but your call _is_ important to us, so please remain on the line, and a National Security Analyst will be with you momentarily..." From Gerstein at scsud.ctstateu.edu Tue Aug 29 10:30:16 1995 From: Gerstein at scsud.ctstateu.edu (Adam J. Gerstein) Date: Tue, 29 Aug 95 10:30:16 PDT Subject: Florida Drivers Permits Message-ID: At 1:54 AM on 8/29/95, Jonathan Zamick is believed to have said: >>>>Better would be to figure out the encoding scheme and post it here. >>> >>>I like this, myself. It'd be nice to be able to have the picture of my >>>choosing instead of a digitized thumbprint... >> >>I think the officer arresting you would frown if your license dumped a nudie >>picture of Cindy Crawford instead of your identification details. >> >>Sounds like a great way to smuggle nuclear secrets out of a country tho :) > >What is the capacity of the mag strips. Do they carry much more than some >ID code for computer reference? It seems unlikely that there is enough >storage >for a thumbprint. Some vitals perhaps, but again it would most likely simply >be a speedier way of referencing the card holder's supposed True Name. (After >all they'd have to be checking driving record information as well.) Still >decrypting the cards would be amusing, just to aggravate those who become to >used to the convienience. 'Oh.. sorry Governor Wilson... my but you look >different up close'. Back in CT they have mag strips and holograms on the drivers license, but they aren't taking full advantage last I checked (about 8 months ago, when I was last in CT). Anyway, once an enterprising c'punk cracks the code, whats to stop people from putting more interesting info on the strips? Or possibly a virus? Is it conceivable? And if there is enough room on there for personal info, why not wipe the data that's there and put your PGPKey there. And when Officer Opie asks "What happened to your info and why's it all scrambled?" an innocent "I dunno" would have to suffice.... Just my 0.02�... adam "Practice safe HEX - always use a keyboard condom" - anon PGP Key available by finger or mail with the sub: PGPKEY +-------------------------------------------------------+ |(e)Mail me: | MacGeek at eWorld.com | | Gerstein at scsu.ctstateu.edu | AGerstein at aol.com | +-------------------------------+-----------------------+ EWWWWW! - Betsy Shop smart! Shop S-Mart! - Ash From andrew_loewenstern at il.us.swissbank.com Tue Aug 29 10:31:12 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 29 Aug 95 10:31:12 PDT Subject: SSL trouble Message-ID: <9508291427.AA00854@ch1d157nwk> Bill Stewart writes: > The main failure mode seems to have been misconfigured clients > grabbing the single-threaded server for a long time; it may be > worth using a multi-threaded server, or alternatively a > single-threaded server that has a fast timeout for how long it will > talk to a client. Single-user is just plain silly. With a fast timeout you still have problems with misconfigured clients hogging the server and legitimate clients that are running a little slow will also have problems. The server in the second challenge did have a fast timeout (it was too fast to easily query the server by hand, for instance) and it still wasn't adequate. I can't imagine making the timeout smaller. multi-user is the only way to go... andrew From Damien.Doligez at inria.fr Tue Aug 29 10:38:03 1995 From: Damien.Doligez at inria.fr (Damien Doligez) Date: Tue, 29 Aug 95 10:38:03 PDT Subject: Probability calculations Message-ID: <9508291203.AA24840@couchey.inria.fr> >From: Scott Brickner >% k-space random sequential percent >searched method method difference [...] >99.9 115892899 16760439 591 But you fail to take into account the probability that the search will have to go that far. This is how I compute the expected cost of the random search. The probability of finding the key upon searching the k-th segment is: k-1 p(k) = (1 - 1/n) . 1/n The expected cost is the sum of all possible costs, weighted by their probability: ___ ___ \ \ i-1 e = > i p(i) = 1/n > i (1 - 1/n) /__ /__ i = 1..oo i = 1..oo ___ ___ \ \ i-1 = 1/n > > (1 - 1/n) /__ /__ i = 1..oo j = 1..i ___ \ i-1 = 1/n > (1 - 1/n) /__ {(i,j) | 1 <= j <= i} ___ ___ \ \ i-1 = 1/n > > (1 - 1/n) /__ /__ j = 1..oo i = j..oo ___ ___ \ j-1 \ i = 1/n > (1 - 1/n) . > (1 - 1/n) /__ /__ j = 1..oo i = 0..oo \_______________/ \_______________/ n n e = n This means that if you do many random searches (with a good RNG), the average cost of one search must be n. Any errors in the above ? -- Damien From A.Back at exeter.ac.uk Tue Aug 29 11:33:19 1995 From: A.Back at exeter.ac.uk (A.Back at exeter.ac.uk) Date: Tue, 29 Aug 95 11:33:19 PDT Subject: Joel's RSA-t's In-Reply-To: <01HUN7RYOMZM003M4J@VAX2.ROCKHURST.EDU> Message-ID: <25850.199508291832@olib> David Wood writes: > I wrote (quite some time ago now, ~4 months?): > > that's as close to an announcement as he's going to make. I just > > checked his netstuff web page, and he's taking orders now! > > > > Check out: > > > > http://www.danger.com/ad-perl.html > > > > (this is referenced from Joel's netstuff page under currently > > available items: > > > > http://www.danger.com/netstuff.html > > ) > > > > From the Joel's web page: > > > > > DEADLINE TO ORDER: All orders for these shirts must be postmarked by > > June 1, 1995. > > Has anyone received a shirt from Joel? He made an announce on the netstuff mailing list a couple of weeks ago, and also made a statement about the reasons for delays on the group alt.fan.joel-furr, here's what he said ... (darn it's expired from news spool), what he said was that he hoped to get the all of the shirts shipped by the end of this month I think. Don't quote me on that cos it's from memory. But basically his printer moved, causing 1.5 months delay, and he got more orders than anticipated 1500 would you believe! Ah... there's more on his current netstuff page: http://www.danger.com/netstuff-current.html > o Perl/RSA T-Shirts -- Second Batch. Note: The first batch should be > done very soon and all 1,500 shirts will be shipped as fast as > possible. Some one-time delays took place that could not be avoided > and all the shirts should be shipped by the end of August unless > something awful happens. Should answer your question, A: RSN. Adam -- HAVE *YOU* EXPORTED RSA TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ --rsa--------------------------8<------------------------------- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 >What is the capacity of the mag strips. Do they carry much more than some >ID code for computer reference? It seems unlikely that there is enough >storage >for a thumbprint. Some vitals perhaps, but again it would most likely simply >be a speedier way of referencing the card holder's supposed True Name. (After >all they'd have to be checking driving record information as well.) Still >decrypting the cards would be amusing, just to aggravate those who become to >used to the convienience. 'Oh.. sorry Governor Wilson... my but you look >different up close'. They would not have to include an entire thumbprint. The actual code used to verify fingerprints is not very large. All that would be needed is enough information to ID into the "official" records and enough checksum type information to prevent alteration/counterfitting. Using magnetic media for this is a bit foolish as it can be changed/destroyed with the stroke of a magnet. I will not say by what means I would think should suit as a better encoding scheme because: 1) They are not using it and 2) I do not want to give them any ideas. | Visualize whirled keys! | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites | Disclaimer: | |all mankind free in one-key-stenography-privacy!"| Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From tcmay at got.net Tue Aug 29 11:38:43 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 29 Aug 95 11:38:43 PDT Subject: Claiming chunks of keyspace... Message-ID: Looking at it from the outside, I thought the latest SSL challenge experiences were highly instructive. Nothing to be ashamed of. An interesting question: Is it a valid approach for J. Random User to "claim" some chunk of keyspace to search? If the "reward" of finding the gold buried in the keyspace (a key that meets the challenge) is high and the cost of claiming the keyspace is low (or nil), then game theory tells us that some folks will be tempted to claim a bigger chunk of keyspace than they can possibly process. What can be done to reduce this effect? On the negative side, ostracize or punish those who bite off more than they can chew. This approach is fraught with dangers. On the positive side, let everyone simply attack the keyspace as they see fit, picking random parts to attack. This should not be "worse" than a factor of several from a "perfectly coordinated" attack. (I haven't spent time calculating this, but my intuition is that a random attack, with overlapping keyspace, is not a lot less efficiently attacked than attempting to arrange for no overlaps...just based on my mental picture of dropping line segments randomly on some interval and figuring coverage of the line segment.) In between, market systems where itermediate agents subcontract out chunks of keyspace. Mechanisms for this are lacking. -Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Tue Aug 29 11:41:32 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 29 Aug 95 11:41:32 PDT Subject: "Citizen-Unit Identification" a Red Herring Message-ID: All this paranoid talk about the dangers of thumbprints on ID cards, about driver's licenses, and about magstripes got me to thinking. So, I accessed my NLETS (National Law Enforcement Telecommunications System) and downloaded my own record: Citizen-Unit ASCII Name: "Timothy Christopher May" NLETS Actual Name: G0Yj34C1qm92H7u Known Aliases: "Klaus! von Future Prime," "Lance," "Nick Szabo" Residence: 427 Allan Lane, Corralitos, CA 95075 Driver's License: N4197484 SSN: 227-80-5823 Passport Number: H673qop90 Race: Aryan Origin: Europe Hair: Brown Eyes: Blue Weight: 210 pounds (10/94, recorded at SFO) Known associations: Anarchist Alliance, Young Students for Discordianism, Vernor Vinge Fan Club, Information Liberation Front Magazines Subscribed To: Newsweek, Playboy, The Economist, MacWeek, Anarchy Today, Liberty, FertilizerWorld, Reason, MacUser, NewtonGazette, Bay Aryan Events, Information Week Consumer Preferences: beer (+++), wine (+), cigarettes (-) Electricity Patterns: consistent with either marijuana cultivation or heavy Net usage, or both Threat level: Class 3 Security Threat I don't see what the big deal is. The NLETS record implies I'm some kind of security threat, but also correctly notes that I'm an Aryan, so I guess I'm safe. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Tue Aug 29 11:42:01 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 29 Aug 95 11:42:01 PDT Subject: A glance at the future of missing child identification Message-ID: At 4:48 PM 8/28/95, Jason L Tibbitts III wrote: >>>>>> "TCM" == Timothy C May writes: > >TCM> At 8:52 PM 8/20/95, Hadmut Danisch wrote: >>> These transponders are already used for many year. They inject them in >>> pigs and cows to identify them. And some car manufacturers put the into >>> the ignition keys as theft protections. > >TCM> There has so far been no known uses of this on humans, at least as a >TCM> matter of routine. Possibly some developers have tried injecting >TCM> themselves, for the usual reasons. > >Believe it or not, something like this is being used (or is being prepared >for use) in breast implants. An article in the Houston (silicone city) >Chronicle about a month ago (sorry, I can't produce a more exact reference) >stated that new soybean oil breast implants are being manufactured to >accept an identification device to track information on the patient and the >implanting doctor. > >It's not exactly big brother (bigger sister?) but it's the first >human-implanted ID device that I've heard of. I don't know if any have >actually been implanted. Big Brother? Big Sister? Naw, it's "Big Tits." It's a way for we males to scan the females at the bar to see if they're naturally well-endowed or silicone-enhanced. Part of the "truth in advertising" laws recently passed. ... Seriously, I'm awfully skeptical that any kind of remote sensing device is to be placed in the breasts of women seeking enhancement. The technology just does not currently support small devices, though I suppose some of the 55GG strippers could support an active transmitter (or, "transtitter"). Conceivably, when the women go down to their local doctors to have their tits inflated there can be some kind of "taggants" added, a la the taggants added to some explosives, but this is a far cry from an electronic identificaton device. Some boob must've come up with this one. --Tim ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From ab411 at detroit.freenet.org Tue Aug 29 11:42:31 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Tue, 29 Aug 95 11:42:31 PDT Subject: SSL trouble Message-ID: <199508290435.AAA11757@detroit.freenet.org> -----BEGIN PGP SIGNED MESSAGE----- "Daniel R. Oelke" writes: >someone, probably either patrick at Verity.COM or hallam at w3.org, writes: >>Piete.Brooks at cl.cam.ac.uk, stripes at va.pubnix.com writes: >> >>> I'd like to get the raw date in brloop (a sh script). In perl I'd just >>> use "time", and I can't see a way to get "date +" to yield the raw time. >>> I could use "date=`perl -e 'print time'`" but that seems OTT, and perl >>> may not be on teh users PATH. Any suggestions ? >> >>"date '+%s'" does it under BSDI, but I'm not sure how portable it is. >> > >That doesn't work under SunOS 4.1.x, but this does: > > date "+%S %M 60 * + %H 3600 * + %j 86400 * + %y 31536000 * + p" | dc > >This assumes 365 days/year, so if you jump from a leap year to a non-leap >year it won't work right. Hey - a 1/1460 failure rate is better >than most Windoze programs I've used ;-) > >It also isn't the "absolute" time, (as given by time()), but >gives a number of seconds that constantly increases. > >With a little more work you should be able to adjust this to be close >to time() functionality. This was, of course, originally one long line: date +"%S %M 60 * + %H 3600 * + %j 1 - 86400 * + %y 70 - 31536000 * + %y 69 - 4 / 86400 * + 3600 4 * + p" |dc Differences: %j 1 -, because days of the year are numbered from 1, not zero, and we don't want to count 86400 seconds for today before today has finished. %y 70 -, because 1970 is the epoch, of course. %y 69 - 4 / 86400 * +, takes into account all leap days in all leap years up through last year. Why? Left as an exercise for the reader. ;-) 3600 4 * +, this is a bit of ugliness. date +%s returns GMT for me. I'm in EDT, so that's four hours away from GMT. So this is necessary to make this return the same number as date +%s. But if you're in another time zone, you need to change that 4 above appropriately. If this whole section is deleted we are left with: date +"%S %M 60 * + %H 3600 * + %j 1 - 86400 * + %y 70 - 31536000 * + %y 69 - 4 / 86400 * + p" |dc which returns local time, which is probably what you wanted anyway. By the way, date --version, on my system, returns "GNU shellutils 1.9.4", just in case you were wondering what date I'm using. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEKT+REcrOJethBVAQEXgAQAx9HLiR+LPvclEYRFrliqOugj9cbzGwLD HCWOC8/MfrXuS3MPLQj1HugA18LH/LGy3BTp7cSnSNXDoL2/7UkLeAspGejRrEG4 WgQ8HIC2weVDP66PqioFD6lAELatRWk4Xl/mLgVrxluBrKtRnADtCX/VdHPw1ZiU YDfiWBtKRGU= =i1Di -----END PGP SIGNATURE----- -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From unicorn at access.digex.net Tue Aug 29 11:43:22 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 29 Aug 95 11:43:22 PDT Subject: Florida Drivers Permits In-Reply-To: <199508290035.RAA08342@ix3.ix.netcom.com> Message-ID: > > At 09:55 AM 8/29/95 +1000, Mark wrote: > >>>Better would be to figure out the encoding scheme and post it here. > >>I like this, myself. It'd be nice to be able to have the picture of my > >>choosing instead of a digitized thumbprint... > > > >I think the officer arresting you would frown if your license dumped a nudie > >picture of Cindy Crawford instead of your identification details. Or of Mel Gibson. 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From tibbs at sina.hpc.uh.edu Tue Aug 29 11:45:02 1995 From: tibbs at sina.hpc.uh.edu (Jason L Tibbitts III) Date: Tue, 29 Aug 95 11:45:02 PDT Subject: A glance at the future of missing child identification In-Reply-To: Message-ID: <9508290348.AA14292@hpc.uh.edu> >>>>> "TCM" == Timothy C May writes: TCM> At 8:52 PM 8/20/95, Hadmut Danisch wrote: >> These transponders are already used for many year. They inject them in >> pigs and cows to identify them. And some car manufacturers put the into >> the ignition keys as theft protections. TCM> There has so far been no known uses of this on humans, at least as a TCM> matter of routine. Possibly some developers have tried injecting TCM> themselves, for the usual reasons. Believe it or not, something like this is being used (or is being prepared for use) in breast implants. An article in the Houston (silicone city) Chronicle about a month ago (sorry, I can't produce a more exact reference) stated that new soybean oil breast implants are being manufactured to accept an identification device to track information on the patient and the implanting doctor. It's not exactly big brother (bigger sister?) but it's the first human-implanted ID device that I've heard of. I don't know if any have actually been implanted. --- Jason L. Tibbitts III - tibbs at uh.edu - 713/743-8687 - 221SR1 System Manager: Texas Center for Advanced Molecular Computation 1994 PC800 "Kuroneko" DoD# 1723 From sjb at austin.ibm.com Tue Aug 29 11:48:20 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Tue, 29 Aug 95 11:48:20 PDT Subject: Florida Drivers Permits and a Hello In-Reply-To: <199508290556.WAA12070@desiree.teleport.com> Message-ID: <9508291847.AA12145@ozymandias.austin.ibm.com> Alan Olsen writes >They would not have to include an entire thumbprint. The actual code used >to verify fingerprints is not very large. All that would be needed is >enough information to ID into the "official" records and enough checksum >type information to prevent alteration/counterfitting. Using magnetic media >for this is a bit foolish as it can be changed/destroyed with the stroke of >a magnet. I will not say by what means I would think should suit as a >better encoding scheme because: 1) They are not using it and 2) I do not >want to give them any ideas. What possible value could the LEAs get by having your thumbprint digitally encoded on your driver's license? It's not like the average cop-on-the-beat is qualified to lift a fingerprint and compare it. Even if he was, how does it benefit that the fingerprint is on the license? This seems silly. From tcmay at got.net Tue Aug 29 11:49:45 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 29 Aug 95 11:49:45 PDT Subject: "Virtuosity" -- A New Movie Message-ID: I make no apologies for this not being "on topic," where "on topic" is defined as "coding in C." If you don't like my comments to our community, you know how to filter out my messages. I saw "Virtuosity" today, not expecting much. It's been called "a stinker" by at least one reviewer. But I enjoyed it. It had fairly impressive effects and fairly accurate treatments of: -- "microlocators" (implantable localizers) (The technology of which, in the real world, Bob Fleming and Cherie Kushner described at the "Cypherpunks Santa Cruz" meeting/party at my place on Saturday. By the way, the meeting was well-attended, with 22 attendees, including Greg Broiles from Eugene, Oregon, Jeff Simmons from San Luis Obispo, and a bunch of folks from the Santa Cruz area and Bay Area.) -- nanotechnology...well done -- genetic algorithms and evolving programs...very, very well done! -- virtual reality...less well done, especially as it's been done before There were a few disconnects, such as that the time for the movie seemed only a few years in the future, and yet certain technologies were very far advanced. I was impressed, much more so than with "The Net" or other recent high-tech movies. (I can' t wait for "Pulp Science Fiction"!) For those who think this off-topic, "Man does not live by coding alone." --Tim ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Tue Aug 29 11:51:28 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 29 Aug 95 11:51:28 PDT Subject: R.I.P. John Brunner Message-ID: At 6:03 PM 8/28/95, Alan Bostick wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >Science fiction writer John Brunner died last Friday, August 25, from >a massive stroke, while attending the World Science Fiction Convention >in Glasgow, Scotland. > >Among several other notable works, Brunner was the author of THE SHOCKWAVE >RIDER, a groundbreaking vision of the information age that inspired and >forsaw much that was pertinent to the Internet in general and the >Cypherpunks in particular. > >Let us pause a moment to note his passing and honor his life and >contributions. I am saddened to learn this. And, yes, this has a lot to do with Cypherpunks. I read "Stand on Zanzibar" with rapt attention in 1969 or so, and it had a big influence on me. Ditto for "The Shockwave Rider," one of the very first explications of how identities would be changed, how the State would insist on computerized identities. (Indeed, "1984" came first, and is an even more important work, by any standards, but Brunner still nailed the effects of computers in a way that Orwell could not possibly have.) Christ, what an imagination he had! --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From gate at id.WING.NET Tue Aug 29 11:58:05 1995 From: gate at id.WING.NET (The Gate) Date: Tue, 29 Aug 95 11:58:05 PDT Subject: Searchnet Message-ID: Some time ago, I posted a reply to an allegation that the Spotlight was a Klan paper. Of course, it is more Liberty Lobby/CIA, with Bo Gritz on the Board. The point of this post is that those who want to know what is up with the Spotlight need to subscribe to Searchnet, which covers all the information of like sort. There was also a wonderful post recently hailing hackers as the ones who are most likely to prevent government sponsored crypto-terror censorship. Those who would like the post, speak up. Those who want to subscribe to Searchnet, likewise. Hope this does not get in the way of PGP implementation. Onwards, Lee ____________________________|||||||||||||||||||||______________________________ R. Leland Lehrman at The Gate, New Haven, CT. http://id.wing.net/~gate/gate.html God, Art, Technology and Ecology Research and Development >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Do you love the Mother?>>>>>>>>>>>>>>>>>>>>>>>> From alano at teleport.com Tue Aug 29 12:05:44 1995 From: alano at teleport.com (Alan Olsen) Date: Tue, 29 Aug 95 12:05:44 PDT Subject: Florida Drivers Permits and a Hello Message-ID: <199508291905.MAA04950@desiree.teleport.com> At 01:47 PM 8/29/95 -0500, you wrote: >Alan Olsen writes >>They would not have to include an entire thumbprint. The actual code used >>to verify fingerprints is not very large. All that would be needed is >>enough information to ID into the "official" records and enough checksum >>type information to prevent alteration/counterfitting. Using magnetic media >>for this is a bit foolish as it can be changed/destroyed with the stroke of >>a magnet. I will not say by what means I would think should suit as a >>better encoding scheme because: 1) They are not using it and 2) I do not >>want to give them any ideas. > >What possible value could the LEAs get by having your thumbprint digitally >encoded on your driver's license? It's not like the average cop-on-the-beat >is qualified to lift a fingerprint and compare it. Even if he was, how >does it benefit that the fingerprint is on the license? > >This seems silly. I was pointing out that it was possible. I was not trying to make the point that there was any *USE* for such a thing. (Evidently some ID cards now carry such prints. California does, if memory serves me correctly.) Just because something is silly does not mean it will not be tried by someone in law enforcement. In fact, there seems to be a corelation between silly acts and law enforcement... (Or at least those making the rules about law enforcement.) And if you think it cannot get any worse, Pete "I want to seal the borders" Wilson has announced he is running for president. We will be getting a large number of silly laws and pronouncements if the American people are stupid enough to elect him to high office. > > | Visualize whirled keys! | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites | Disclaimer: | |all mankind free in one-key-stenography-privacy!"| Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From perry at piermont.com Tue Aug 29 12:28:05 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 29 Aug 95 12:28:05 PDT Subject: Florida Drivers Permits and a Hello In-Reply-To: <199508291905.MAA04950@desiree.teleport.com> Message-ID: <199508291927.PAA20067@frankenstein.piermont.com> The Florida drivers license conversation has gotten a bit afield of cryptography. .pm From d-jones at ix.netcom.com Tue Aug 29 12:35:40 1995 From: d-jones at ix.netcom.com (Dave) Date: Tue, 29 Aug 95 12:35:40 PDT Subject: Florida Drivers Permits and a Hello Message-ID: <199508291933.MAA22876@ix3.ix.netcom.com> >What possible value could the LEAs get by having your thumbprint digitally >encoded on your driver's license? It's not like the average cop-on-the-beat >is qualified to lift a fingerprint and compare it. Even if he was, how >does it benefit that the fingerprint is on the license? > >This seems silly. There are device that will electronicly read fingerprints available now. So with such a device, the LEO would know instantly if you were who you said that you were. From vznuri at netcom.com Tue Aug 29 12:42:52 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 29 Aug 95 12:42:52 PDT Subject: SSL keyspace etc. Message-ID: <199508291940.MAA22969@netcom6.netcom.com> regarding SSL challenge, I am not following this close enough to understand completely, but I thought I would offer a few suggestions for tweaking the code: -- the issue of grabbing keyspace has been raised. what if someone malicious just yanked huge areas of keyspace and didn't search them? it seems that the clients need to return to the server some evidence that they have searched their keyspace in question. the server could verify this evidence. for those that don't return the "evidence", that keyspace could be reallocated to other comers. the simple approach to all this, if you don't have "evidence", is to just have the server keep reallocating the same space over and over to different crackers. hopefully eventually every part of the keyspace would be allocated to a "legitimate" worker. -- the issue of efficiency is very fascinating for this project. essentially the server has no idea what the block size of key blocks it should dole out. obviously the server would want to try to dole out equal *processing chunks* such that the remote machine reports back in a certain amount of time, no matter what architecture. the problem of course is that remote machines all have different efficiency. two possibilities: a sort of "bogomip" calculation is done in the client, and its processor speed is reported to the server. the server uses this in a calculation to determine how much to dole out. it could try to derive a best fit linear relationship between space covered and processor spead, or build up a table of results and interpolate for new requests. note that the efficiency issue also ties into "what if people take keys they don't solve". if the server knows roughly how long a client should take to report back, and it never reports back, it could then reallocate that key space. -- another problem of efficiency is that the server is clearly a bottleneck for servicing requests. the question arises: suppose that the server could determine the precise interval between which machines would go back to it for new keys. what is the optimum interval over the whole project? in other words, give the number of machines participating, and their processor speeds, what size of key space should be parceled out to the next request so that the bottleneck at the server is minimized? this optimum interval must be very hard to derive, because it depends on the contention based on many incoming connections. it would involve some probabilistic approximations of the likelihood of collisions. to model it, you might consider a request as taking [n] seconds of time, and consider that if any two requests are in contention, a retry happens after [m] seconds. you could build up models that would try to minimize the time based on empirical simulations. however I would be exceedingly impressed if someone could derive a formula for this, or give it from some textbook. -- adaptive algorithms for all these situations are possible. the server could use a "hypothesis" in the sense of partitioning out a starting size of keyspace, and then watch how long it took the client machine to respond, and then assume a linear relationship or something to compute the size of the next keyspace to hand out to the machine. the server could continually watch how closely its "hypothesis" (i.e. its estimations of how long a given machine will take) match the actual returns. -- more on the idea of evidence: we are working with a hashing algorithm, right? as evidence the client machines could return checksums of all the hashes of all the keyspace it searched. it could break up its own search space into blocks and return the checksums on the hashes for each block. the server, if it wanted to, could verify these blocks running its own computations. if it ever found a client was "unreliable", it could then diminish the keys sent to the unreliable client, or even send it areas of search space it didn't care about anymore (i.e. areas that have already been confirmed searched by a more "reliable" client). -- in fact all this reminds me of the process of intelligence gathering by an agency, which could be formalized as follows: suppose that the agency wishes to identify "quality information". it has a set of sources, A,B,C,D.... now, it can send questions out to these sources and get information from them. some of them however would be "unreliable". the agency must devise some means by which it can weed out the unreliable sources. note that this may even involve sending them bogus instructions to keep them busy so they do not themselves suspect they have been "discovered" and then change their defective plans. obviously, one of the most important intelligence tools in this matter is that of *correlation*. you have to determine "truth" (or "quality information") via the correlation between answers that the different sources give you. also important to correlation is *redundancy*. you sometimes have to ask more than one source the same question, and test the answer. in this model, if A and B give different answers, you know that one of A or B is "unreliable". what is very interesting in our case of cracking keys is that the server can verify the information on its own. in other words, it has a *control* that it knows is correct that it can judge against the answers "out there". unfortunately, in contrast, real intelligence agencies are not always privy to this kind of certain "control" and in fact have to determine "truth" entirely from a set of sources, any of which might be unreliable. in this case one has to have a hypothesis about what is the "truth" and test it to see if it holds up consistently with all information. the approaches of attackers are obvious. the most obvious is that of collusion and infiltration. but I will save the rest for some NSA spook to elaborate. there are certainly enough colluding and infiltrating on this list -- one of the reasons all this interests me is that it really reminds me of some projects I have worked on in the past. in high school I wrote a network mandelbrot set program (client/host). the issue of contention arose and it appeared to me to look like an upside-down parabola after I plotted some points (curving up, that is). i.e. the optimum was at the pit of the parabola, and when too few or too many requests happened, the speed over the overall simulation was increased above the optimum. some very ingenious readers may actually be able to locate this code, which I put in the public domain over 5 years ago. -- another thing I worked on was trying to find the optimal block size of communications protocols such as Zmodem, which generally instead just pick arbitrary block sizes 2^n. I actually was able to attack this problem analytically through the observations of the properties of infinite series and calculus techniques. it is a similar problem but the idea of contention really complicates this issue. (for what I studied, there was only one client and one server, so to speak). I still have this paper in Latex format and if anyone is interested I would be happy to send it to you. it's a really nice example, IMHO, of how if you use your brain and some mathematics, you can really get a far more elegant approach than brute force, and know with much greater certainty that what you are doing makes sense mathematically. an awful lot of programmer just tend to bang on the keyboard with out thinking of the theoretical implications of their work. this is understandable given that the theoretical implications of even trivial programs (such as the SSL client/server interactions) can be mathematically extremely daunting, requiring even differential equations to model fairly simple pieces of code. -- well, that is my contribution of the moment into the cypherpunk annals. one never knows what a little combination of boredom and inspiration can lead to. --V.Z.Nuri From mhw at wittsend.com Tue Aug 29 12:50:15 1995 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue, 29 Aug 95 12:50:15 PDT Subject: Joel's RSA-t's In-Reply-To: <01HUN7RYOMZM003M4J@VAX2.ROCKHURST.EDU> Message-ID: WOOD at VAX2.ROCKHURST.EDU enscribed thusly: > > > > > On Josh Osborne's RSA-perl T-shirt venture, > > > > I don't know about the rest of you, but I didn't realise from Joel's > > last post to the list that he was taking orders for then. I guess > > that's as close to an announcement as he's going to make. I just > > checked his netstuff web page, and he's taking orders now! > > > > Check out: > > > > http://www.danger.com/ad-perl.html > > > > (this is referenced from Joel's netstuff page under currently > > available items: > > > > http://www.danger.com/netstuff.html > > ) > > > > From the Joel's web page: > > > > > DEADLINE TO ORDER: All orders for these shirts must be postmarked by > > > June 1, 1995. > > > > Also my page on perl-rsa is: > > > > http://dcs.ex.ac.uk/~aba/perl-rsa.html > > > > I'll be away from my mail for the rest of this week, so maybe someone > > can post this info to all the crypto groups... > Has anyone received a shirt from Joel? Or is he ripping people off? > Many thanks, Don't know about Joel. Might have heard one complaint over on alt.security.pgp a month or so ago. I just got 7 perl-rsa T-Shirts from "wepinsto" (http://colossus.net/wepinsto/). These were for myself, my youngest son (16), my brother, and four friends who asked me to order for them. They look great! Almost as great as the looks you GET when people see them wondering "what the *&*r!". I just have one problem though... If these things are classified as a "munition" aka a "weapon" by da fed's how does that affect us down here in good old Georgia where our legislature has passed a law making it a crime to be in posession of a weapon anywhere within a hundred yards or so of school property. This is rather relevant for my teenager! The school councilers looked real confused and said "Dah... We don't know!" I'm suppose to talk to the man "in charge of discipline" for an opinion on this. As I told someone else on another mailing list, this sounds REAL stupid but all it takes is one idiot (and we have a plentiful supply of idiots down here in Georgia) with a wild hair and students get expelled for silverware sitting on a car seat, tools such as tire irons (no they weren't threating someone with one), or cultural and cerimonial artifacts. Mike -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From tcmay at got.net Tue Aug 29 12:54:10 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 29 Aug 95 12:54:10 PDT Subject: Poisson numbers for random keyspace assignment Message-ID: At 12:03 PM 8/29/95, Damien Doligez wrote: ... >But you fail to take into account the probability that the search will >have to go that far. > > >This is how I compute the expected cost of the random search. > >The probability of finding the key upon searching the k-th segment is: > > k-1 > p(k) = (1 - 1/n) . 1/n > >The expected cost is the sum of all possible costs, weighted by their >probability: > ___ ___ > \ \ i-1 >e = > i p(i) = 1/n > i (1 - 1/n) > /__ /__ > i = 1..oo i = 1..oo ... I haven't checked Damien's notation and confirmed the results, but I have another way of looking at it, which I think produces the same results. Last night (but it didn't arrive at my site until moments ago, for some reason) I wrote: >On the positive side, let everyone simply attack the keyspace as they see >fit, picking random parts to attack. This should not be "worse" than a >factor of several from a "perfectly coordinated" attack. (I haven't spent >time calculating this, but my intuition is that a random attack, with >overlapping keyspace, is not a lot less efficiently attacked than >attempting to arrange for no overlaps...just based on my mental picture of >dropping line segments randomly on some interval and figuring coverage of >the line segment.) Here's what I meant, in more detail: Imagine the overall keyspace to be searched as a line segment of some length: [------------------------------------------------] Now imagine various people randomly picking starting points and doing some segment, depending on their compute power: [---] [--] [--------] [------] [-] [--------] ...and so on, with the various line segments scattered randomly. Some will overlap, meaning the same keyspace segment is being searched by two or more people. If the total length (summation) of these line segments is the same as the "brute force exhaustion" of the keyspace, we can do some interesting calculations. For example, the "expected" number of hits per point is "1". But some points will be hit 0 times, others will be once, twice, three times, etc. (This is in the nature of random processes, as each line segment is random and "independent" of what other people may have independently picked.) The Poisson distribution fits this situation exactly, with the _actual_ number of hits computed by: P(s;m) = (e ^ -m) (m ^ s) / s! where s is the actual number of hits and m is the expected number. P(s;m) is the probability of seeing s hits when m are expected. s m P(s;m) 0 1 1/e, or .368 1 1 1/e, or .368 2 1 .184 etc. That is, with the "total exhaustion" amount of computation there will be 36.8% of the keyspace left unsearched, simply because nobody's random segments landed on this fraction of the overall segment. If twice, three times, four times, etc. as much effort is put into it (enough to brute force the search space twice, using nonrandom assignment), then s m P(s;m) 0 2 .135 0 3 .0498 0 4 .0183 For s = 0, P(s;m) = e ^ -m Several conclusions can be drawn. Here's what I conclude: * For opportunistic attacks on keys in challenges, the odds are 95% that a key will be found with only twice the total effort (or time) using a totally random method of picking up keyspace to search. * This is probably good enough. (And if one only wants to be 90% sure of finding the key, even less effort is needed.) * And this affects several of the "denial of service" attacks mentioned here by others, including finding the key but not reporting it (for whatever reasons), claiming too much keyspace, etc. This is because some of the same regions are actually being searched two or more times. * This of course gets rid of the assignment problems. * If the intent is to show that keys can opportunistically be found, the random assignment method works pretty well and is "good enough." If, for some reason, a key _had_ to found, then a more careful, nonrandom assignment method would be best. As assignment methods get better, a crossover will occur, and the random assignment method will lose its advantages. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From shamrock at netcom.com Tue Aug 29 12:55:59 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 29 Aug 95 12:55:59 PDT Subject: A glance at the future of missing child identification Message-ID: At 21:56 8/28/95, Timothy C. May wrote: >Seriously, I'm awfully skeptical that any kind of remote sensing device is >to be placed in the breasts of women seeking enhancement. The technology >just does not currently support small devices, though I suppose some of the >55GG strippers could support an active transmitter (or, "transtitter"). The homepage of the horse tracking devices that I recently posted states that the devices are 11 mm long and can be injected with a 12 gauge needle. Even has an acctual size picture of the device. Small enough to fit into a breast implant. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Aug 29 12:57:06 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 29 Aug 95 12:57:06 PDT Subject: Florida Drivers Permits and a Hello Message-ID: At 22:57 8/28/95, Alan Olsen wrote: >They would not have to include an entire thumbprint. The actual code used >to verify fingerprints is not very large. This is true. While waiting for the local US Post Office clerk to process a passport application, I browsed through their book of FBI's Most Wanted (available at every Post Office, just ask for it). Each person's fingerprints were specified with an alphanumeric code that took up less than half a line. -- Lucky Green PGP encrypted mail preferred. From tcmay at got.net Tue Aug 29 13:13:01 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 29 Aug 95 13:13:01 PDT Subject: Florida Drivers Permits and a Hello Message-ID: This thread has more crypto relevance than some might think.... At 7:39 PM 8/29/95, Dave wrote: >>What possible value could the LEAs get by having your thumbprint digitally >>encoded on your driver's license? It's not like the average cop-on-the-beat >>is qualified to lift a fingerprint and compare it. Even if he was, how >>does it benefit that the fingerprint is on the license? >> >>This seems silly. > >There are device that will electronicly read fingerprints available now. So >with such a device, the LEO would know instantly if you were who you said >that you were. And it is possible with today's technology to do the following: -- take a fingerprint -- scan it, either linearly across some reference line (marked on the license), or in a full 2D scan -- have the issuing agency encrypt the resulting waveform (scan), using its private key -- print the resulting number on the license Then, the validity of the license could be verified by: -- the local checking agent (cop) takes the number printed on the license -- runs it through the _public key_ of the issuing agency -- gets back an analog waveform (scan) -- can compare it directly to the actual fingerprint This is the same scheme used by the once-extant company "Light Signatures" as a means of foiling counterfeiters. (A diagram makes all this much clearer...) The scan can be done for digitized photos as easily as for fingerprints. The point is simple: an analog signal of some sort can be "signed" by the credential-issuing authority such that the signature can be easily checked in the field, but not easily duplicated or forged. Note that lottery tickets use a similar scheme. The winning number is hashed or otherwise encrypted with a private key known only (so the theory goes...) to the ticket-issuing agencies. This hash is also printed (at least in some jurisdictions) on the ticket (usually in very small letters). The winning number, which is announced and posted, cannot be used to print up a "winning ticket" because the hash/encryption function is not known to the counterfeiters. A major player in this market, Scientific Games, has a printing facility nearby my home. I don't know if any driver's licenses have anything like this, but the technology certainly exists, and should be coming pretty soon to all sorts of documents. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From rishab at dxm.org Tue Aug 29 13:55:08 1995 From: rishab at dxm.org (Rishab Aiyer Ghosh) Date: Tue, 29 Aug 95 13:55:08 PDT Subject: Reputation currency Message-ID: <199508292049.NAA28906@infinity.c2.org> >From my column... -Rishab --====(C) Copyright 1995 Rishab Aiyer Ghosh. ALL RIGHTS RESERVED====-- Electric Dreams Weekly column for The Asian Age by Rishab Aiyer Ghosh #70, 21/August/1995: Implicit transactions need money you can give away Information is often given away at no loss to its owners, while recipients gain, because it can be duplicated. For some purposes, it could be paid for in money that behaved in the same way - adding to the recipient's wealth, while not reducing that of the donor. This money would have to be quite unusual; but so is the commodity being traded. Buying and selling knowledge is full of implicit transactions. One doesn't stop to write a cheque every time one hears industry gossip, however useful, in the corridor. More importantly, one doesn't even need to think about doing so. So much of the knowledge traded in the 'real world' could only be done so informally. Trade is no less valuable for this - the world runs on the chats with senior colleagues, the friendly advice over lunch, the learning and experience gained from working with a client. Formalizing it all would kill it. That's as far as we can get with knowledge outside the distance-eliminating domain of cyberspace. The most promising aspects of a world with fewer geographical impediments in the flow of information include the translation of the gossip in a corridor to an electronic mailing-list, the ability to be advised by friends never seen over a virtual lunch, or to chat with a senior colleague across continents. But the limitations of geography had advantages. People now begin to wonder whether they're not being cheated, when the corridor-mailing-list can have thousands of people. The narrow confines of office buildings provide a sense of community, and an assurance that the consumers of the knowledge traded there are worthy of it, being likely producers too. But restricting access to electronic corridors will negate their advantages, of connecting more minds across space. The main option being considered these days is not just overtly tied to economics - it must be, as that's what the knowledge trade is about - but also tangled with hard cash, with dollars. This is not only unnecessary, much of the time, but also harmful. With the safe assumption of secure international digital cash transactions in the near future, the hard-currency solution to the electronic corridor problem would be to charge every consumer a small amount for everything - a cent a word, say. This may work with traders in diversity, the indexers of the world to whom you pay for anything you need to find. It works rather less well for the traders in consistency, to whom you would pay much more than a cent a word for continuous, reliable content. But for those who lurk in the electronic corridors of the infosphere - and all the implicit cooperatives that form between individual contributors to cyberspace's live, people resources - the hard cash model is useless. Among others, there is the question of who takes the money. The Department of Corridors? The Treasurer of Electronic Mailing Lists? It certainly wouldn't be fair to pay just the individual author of the particular piece you read and found useful, as it built upon the unpaid work of others. After all, the informal nature of these gatherings of minds is for a reason. They, or at least the active participants, contribute not for cash but in return for the contributions of others. They only take exception to the one-way consumption by stray, if numerous, visitors. The alternative to hard cash in these implicit transactions in cyberspace is the equally implicit currency of the real world. The currency that is used almost solely in the trading of knowledge and which, like knowledge, extracts no direct cost to the buyer at the seller's gain. A currency that can be paid equally to corridors full of industry gossip as to colleagues who throng there. Indeed, a currency that is, and is traded like, information itself: reputation. Reputation may not, at first glance, resemble money. But it is the implicit reward of good products, and their producers. It certainly adds to - or subtracts from - the worth of those who receive it. And it is the ultimate free market currency. Traded as a commodity like other data, reputation is based on, and influences in turn, the average of 'prices' set by individual consumers - what individuals think of a producer. Reputation encourages improved production as much as, or more than, cash does - at least in the informal knowledge trade. And reputation will be a very important aspect of the knowledge economy, with the increasing anomie of cyberspace as e-mail replaces firm handshakes. There are, of course, problems with transporting the informal reputations outside cyberspace to reputation systems within it. But work does continue on the necessary technologies. This progresses at a slower pace than that on automatic cent-a-word payment systems, because developers don't realize the importance of informality in the information age. This will have to change - the knowledge economy is actually a people economy, and its most common currency should reflect that. Rishab Aiyer Ghosh (rishab at dxm.org) is the editor and publisher of The Indian Techonomist. --====(C) Copyright 1995 Rishab Aiyer Ghosh. ALL RIGHTS RESERVED====-- This article may be redistributed in electronic form only, PROVIDED THAT THE ARTICLE AND THIS NOTICE REMAIN INTACT. This article MAY NOT UNDER ANY CIRCUMSTANCES be redistributed in any non-electronic form, or redistributed in any form for compensation of any kind, WITHOUT PRIOR WRITTEN PERMISSION from Rishab Aiyer Ghosh (rishab at arbornet.org) --==================================================================-- ---------------------------------------------------------------------- The Indian Techonomist - newsletter on India's information industry http://dxm.org/techonomist/ rishab at dxm.org Editor and publisher: Rishab Aiyer Ghosh rishab at arbornet.org Vox +91 11 6853410; 3760335; H 34 C Saket, New Delhi 110017, INDIA From don at cs.byu.edu Tue Aug 29 14:01:35 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Tue, 29 Aug 95 14:01:35 PDT Subject: SSL search attacks Message-ID: <199508292102.PAA01897@wero> -----BEGIN PGP SIGNED MESSAGE----- From: Scott Brickner >We've identified several forms of "real-world retaliation:" > >1) "Result hoarding" - failure to report a found key >2) "Segment hoarding" - requesting more segments than one can hope to search >3) Denial of service - preventing access to the server >The "random search" method eliminates all three of these at about 37% >higher cost in search time, on the average. I submit that if we >*really* were trying to break something important, we could design a >system which eliminated the first two and adequately limited the third, >but at *much* less cost. > >The problems in the current system were to be expected of a first >attempt. In the future: Only the server assigns segments, only the >assignee may report the status of a segment, and after all segments are >NAKed we know condition 1 has occurred, at which time we start over, >but never assign the same segment to the same searcher. Limit the >number of segments which may be outstanding with one searcher at one >time as a function of work rate. Deploy redundant servers. BEAAAT STATE! Push 'em back.. WAAAAAAY BAAAACK. (relevant comments follow) From: tcmay at got.net (Timothy C. May) >An interesting question: Is it a valid approach for J. Random User to >"claim" some chunk of keyspace to search? > >If the "reward" of finding the gold buried in the keyspace (a key that >meets the challenge) is high and the cost of claiming the keyspace is low >(or nil), then game theory tells us that some folks will be tempted to >claim a bigger chunk of keyspace than they can possibly process. > >What can be done to reduce this effect? In regard to both messages, I think that with sequentially allocated keyspace an attacker who knows the real key would have trouble getting the right segment unless s/he grabbed a big enough piece. If the search is restarted, we know something's up. Ensuring that nobody gets to search keyspace they searched before would be one improvement. A random (instead of sequential) allocation _by the keyserver_ (out of unallocated piecemeal segments) would also take some work to implement. >On the negative side, ostracize or punish those who bite off more than they >can chew. This approach is fraught with dangers. If the search wraps around to catch the UNACK'ed pieces, this type of oversight will only slow down the actual discovery of the key. Failure to report a found key, though, is a bit different. I would not be opposed to having my program report possible hits, with the server being what discovers if I've found it or not. >On the positive side, let everyone simply attack the keyspace as they see >fit, picking random parts to attack. This should not be "worse" than a >factor of several from a "perfectly coordinated" attack. (I haven't spent >time calculating this, but my intuition is that a random attack, with >overlapping keyspace, is not a lot less efficiently attacked than >attempting to arrange for no overlaps...just based on my mental picture of >dropping line segments randomly on some interval and figuring coverage of >the line segment.) Why not have a random backup-mode, in case someone does mount a denial of service attack. Or imploy a combination of the two modes. The machines running brloop can search sequentially (out of the middle 50%?) and the machines not connected search randomly (out of the outside 50%?). Or, venturing further into the I-wonder-who's-gonna-code-this world, log the random searches for possible conversion to an exhaustive search later. It would be nice to be able to hit the emergency button and switch to random mode, but currently I don't think there's a need to actually use it. Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMEN/U8La+QKZS485AQHNcgL+ItlNLYcsIjjlQPQJBxgts66GXPMs3ijb QIcqiAbrg4cq7F9xWNRvZa9LTvw75UUM1+PmItGkSUuqOqvJ9VkzaUp8/Sf5zuDs 5XTlJLVhYa7qQzY4Ov4a3k0ora0SPvKh =wyzo -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From bdolan at use.usit.net Tue Aug 29 14:01:51 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Tue, 29 Aug 95 14:01:51 PDT Subject: Florida Drivers Permits and a Hello In-Reply-To: <199508291933.MAA22876@ix3.ix.netcom.com> Message-ID: And somebody, Science Applications International Corp. I think, is designing an in-car fingerprint reader / database query-er for cops. So they can check your bona fides on the road sides. bd On Tue, 29 Aug 1995, Dave wrote: > > >What possible value could the LEAs get by having your thumbprint digitally > >encoded on your driver's license? It's not like the average cop-on-the-beat > >is qualified to lift a fingerprint and compare it. Even if he was, how > >does it benefit that the fingerprint is on the license? > > > >This seems silly. > > There are device that will electronicly read fingerprints available now. So > with such a device, the LEO would know instantly if you were who you said > that you were. > > From adwestro at ouray.cudenver.edu Tue Aug 29 14:14:35 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Tue, 29 Aug 95 14:14:35 PDT Subject: A glance at the future of missing child identification In-Reply-To: Message-ID: On Mon, 28 Aug 1995, tcmay at got.net (Timothy C. May) wrote: > At 4:48 PM 8/28/95, Jason L Tibbitts III wrote: > >Believe it or not, something like this is being used (or is being prepared > >for use) in breast implants. An article in the Houston (silicone city) > >Chronicle about a month ago (sorry, I can't produce a more exact reference) > >stated that new soybean oil breast implants are being manufactured to > >accept an identification device to track information on the patient and the > >implanting doctor. > Big Brother? Big Sister? Naw, it's "Big Tits." Or "Twin PKCS." This may explain Anne Taylor Fleming's apparent confusion on a recent MacNeil/Lehrer segment -- she repeatedly referred to Cliff Stoll's latest excoriation of cyberspace as _Silicone Snake Oil_, remember? Maybe she's heard rumors about the Justice Dept. investigating an impending Microsoft-DuPont merger to corner the market... Sorry, but it's slow with so many folks in Aspen or Santa Barbara. Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 From starrd at iia2.org Tue Aug 29 14:56:18 1995 From: starrd at iia2.org (starrd) Date: Tue, 29 Aug 95 14:56:18 PDT Subject: Sendmail Bugs In-Reply-To: <199508290733.BAA01311@wero> Message-ID: On Tue, 29 Aug 1995 don at cs.byu.edu wrote: > There is a document on alt.security which describes exploitable sendmail > bugs. The reference is <809544856snz at hacknet.demon.co.uk> > I saved a copy in case anyone would like one. Would you please email me a copy of that doc-file? I would find it very interesting... :-^) ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From dmandl at panix.com Tue Aug 29 16:18:07 1995 From: dmandl at panix.com (dmandl at panix.com) Date: Tue, 29 Aug 95 16:18:07 PDT Subject: Searchnet In-Reply-To: Message-ID: On Tue, 29 Aug 1995, The Gate wrote: > > Some time ago, I posted a reply to an allegation that the > Spotlight was a Klan paper. > > Of course, it is more Liberty Lobby/CIA Oh boy, my two favorites: (1) racist, anti-semitic scum and (2) international mass-murderer-trainers and baby-torturers. --Dave. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From mark at lochard.com.au Tue Aug 29 17:24:53 1995 From: mark at lochard.com.au (Mark) Date: Tue, 29 Aug 95 17:24:53 PDT Subject: Florida Drivers Permits and a Hello In-Reply-To: <9508291847.AA12145@ozymandias.austin.ibm.com> Message-ID: <199508292315.AA20208@junkers.lochard.com.au> >What possible value could the LEAs get by having your thumbprint digitally >encoded on your driver's license? It's not like the average cop-on-the-beat >is qualified to lift a fingerprint and compare it. Even if he was, how >does it benefit that the fingerprint is on the license? Here it is possible to walk into a suitably equipped police station, put your fingertips on a sensor pad and a few seconds, if records exist, have the appear on the computer screen. Extrapolating this it isnt a big step for a patrol car, already equipped with a packet radio link to HQ and a data terminal, scan in your fingerprint and check it. If the system was offline they could easily take your rpint and compare it to that on your license. It's just a little more proof that the license is linked to you. Mark mark at lochard.com.au The above opinions are rumoured to be mine. From loofbour at cis.ohio-state.edu Tue Aug 29 17:26:32 1995 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Tue, 29 Aug 95 17:26:32 PDT Subject: Decoder ring In-Reply-To: Message-ID: <199508300026.UAA28443@colon.cis.ohio-state.edu> dmandl at panix.com writes: > High-Tech Company Goes Back to the Future with Decoder Rings > The Stuff of Cereal Box-Tops Becomes Real Repository of Data and Computer ID There's a press release at the DalSemi site that describes the technology in more detail. They embed Touch Memory chips in other items too, as you'll see if you follow the links. http://www.dalsemi.com/News_Center/Press_Releases/1995/ring.html The various chips they supply are as interesting as the carriers: simple serial numbers in ROM, or the 64k NVRAM mentioned in the article, or write-once PROMs, or versions that require passwords (using unspecified decryption), or versions that block access after a certain date, time, or number of accesses have been achieved. Fascinating bit of technology. It even has crypto relevance! nathan From ab411 at detroit.freenet.org Tue Aug 29 17:39:40 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Tue, 29 Aug 95 17:39:40 PDT Subject: Pre-allocating key segments Message-ID: <199508300039.UAA07603@detroit.freenet.org> This was supposed to go out yesterday, but I mistyped the address. -----BEGIN PGP SIGNED MESSAGE----- Piete Brooks writes: >I wrote: >> ... but I still think the >> prefetching of some more segments would be useful. > >I'm seeing calls from calpoly.edu and albany.net taking less than a second. >Are you **REALLY** worried about wasting that sort of time, when even a single >segment usually takes a quarter of an hour even on the faster machines ? Wow, I knew it had been sped up, but I didn't realize... You've convinced me. :-) >[ Getting down to the implementation details > 1) it would be hard for brloop to know that brutessl is 3/4s done. > 2) I can't think how to do prefetching in a safe way, and without disc use >] Good points. Never mind the pre-allocation. Abashed, -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEKVMREcrOJethBVAQENBQP5AeM1crT8+fqAkWKtFPQHi+ljbP2cwnIy 36jcC4WCQVdKtor5hZZu+0yfyENAirGI6SKFesJFrRi9avMHmOYTo2QTvnhZQYy/ patw2wRXDwrfWY6ndklmssROM59pLhZmngkMlIzEd1QVrmy2YGbKnJOvzIrUwaYL rGzztIzvLVo= =UAte -----END PGP SIGNATURE----- -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From ab411 at detroit.freenet.org Tue Aug 29 17:41:16 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Tue, 29 Aug 95 17:41:16 PDT Subject: Florida Drivers Permits and a Hello Message-ID: <199508300041.UAA08060@detroit.freenet.org> -----BEGIN PGP SIGNED MESSAGE----- Scott Brickner writes: >What possible value could the LEAs get by having your thumbprint digitally >encoded on your driver's license? It's not like the average cop-on-the-beat >is qualified to lift a fingerprint and compare it. Even if he was, how >does it benefit that the fingerprint is on the license? One benefit to law enforcement, quite apart from the ability to verify a license, would be the accumulation of a database of thumbprints of all citizens, or at least all those who drive. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEOxbBEcrOJethBVAQGnjAP/dPUwWKt+c5+wbg4O4aqoOSQrVjyXiM1j Vh/devoIQmLuVnTD8AAoUFahLtUmEByyKa/uz2hnJgIu1+y0OJevbALrjFdex6Wm xqGr70d6ShN65DMOcMVeRvg9MtbhHAt1ktk4+92vUt7AttgqQ5DKsFoAyBVs0SRL gAQ12b71Hfs= =AMKA -----END PGP SIGNATURE----- -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From JonathanZ at consensus.com Tue Aug 29 17:46:25 1995 From: JonathanZ at consensus.com (Jonathan Zamick) Date: Tue, 29 Aug 95 17:46:25 PDT Subject: Florida Drivers Permits and a Hello Message-ID: At 4:15 PM 8/29/95, Mark wrote: >>What possible value could the LEAs get by having your thumbprint digitally >>encoded on your driver's license? It's not like the average cop-on-the-beat >>is qualified to lift a fingerprint and compare it. Even if he was, how >>does it benefit that the fingerprint is on the license? > >Here it is possible to walk into a suitably equipped police station, put your >fingertips on a sensor pad and a few seconds, if records exist, have the appear >on the computer screen. Extrapolating this it isnt a big step for a patrol >car, already equipped with a packet radio link to HQ and a data terminal, >scan in your fingerprint and check it. If the system was offline they could >easily take your rpint and compare it to that on your license. It's just a >little more proof that the license is linked to you. > My only question though is why help them create more records about the average citizen? Jonathan ------------------------------------------------------------------------ ..Jonathan Zamick Consensus Development Corporation.. .. 1563 Solano Ave, #355.. .. Berkeley, CA 94707-2116.. .. o510/559-1500 f510/559-1505.. ..Mosaic/WWW Home Page: .. .. Consensus Home Page .. From plear at pimlico.ekrl.com Tue Aug 29 17:49:10 1995 From: plear at pimlico.ekrl.com (Patrick Lear) Date: Tue, 29 Aug 95 17:49:10 PDT Subject: Announcing SecureDrive 2.4 (fwd) Message-ID: Does anyone have any experience with the SecureDrive program and if so can you make any comments about it? I've been looking for something like this for a while and I'd also like to know which other programs compare / are better / are worse if any. Thanks for any input ... Patrick Lear, Sui Juris From plear at pimlico.ekrl.com Tue Aug 29 17:51:56 1995 From: plear at pimlico.ekrl.com (Patrick Lear) Date: Tue, 29 Aug 95 17:51:56 PDT Subject: Locked out of Quicken - HELP! Message-ID: I recently created a new file in Quicken and used a password to protect it from prying eyes (I know ... it isn't very strong encryption ... and I hope it isn't) but now I can't remember the @#$%^!!@#$#@$% password. Does anyone have any suggestions regarding how to break in? Thanks, Patrick Lear, Sui Juris From sjb at austin.ibm.com Tue Aug 29 18:01:35 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Tue, 29 Aug 95 18:01:35 PDT Subject: SSL search attacks In-Reply-To: <199508292102.PAA01897@wero> Message-ID: <9508300101.AA11637@ozymandias.austin.ibm.com> don at cs.byu.edu writes >From: Scott Brickner > >>The problems in the current system were to be expected of a first >>attempt. In the future: Only the server assigns segments, only the >>assignee may report the status of a segment, and after all segments are >>NAKed we know condition 1 has occurred, at which time we start over, >>but never assign the same segment to the same searcher. Limit the >>number of segments which may be outstanding with one searcher at one >>time as a function of work rate. Deploy redundant servers. > >BEAAAT STATE! Push 'em back.. WAAAAAAY BAAAACK. >(relevant comments follow) I suppose this does seem like a "statist" protocol, but let's look at the purpose. The whole idea of the central server was to permit a *coordinated* attack on the key. We've established that there is a 1/e cost factor in removing the central server. I just threw out these items as specific changes which could defend against the identified attack modes *without* losing the benefit of the central coordination. In order for the coordinator to be successful, there must be a mechanism to ensure that someone who knows the key can't break the system by just reporting "I searched this segment and didn't find it." This means that the server should consider such statements as irrelevant, unless it was the *server* who suggested that the user search the space. This makes the likelihood of the key's segment being assigned to a "bad guy" pretty low. The server *could* take unsolicited NAKs "under advisement", and hand them out at a slower rate than unACKed segments, but this still allows the "result hoarder" to slow down the attack. >In regard to both messages, I think that with sequentially allocated >keyspace an attacker who knows the real key would have trouble getting the >right segment unless s/he grabbed a big enough piece. If the search is >restarted, we know something's up. Ensuring that nobody gets to search >keyspace they searched before would be one improvement. Hence the prohibition against (as Tim put it) "J. Random User claiming keyspace". >A random (instead >of sequential) allocation _by the keyserver_ (out of unallocated >piecemeal segments) would also take some work to implement. I don't think it would really be that hard, if one were willing to go with less than "cryptographic" strength in the PRNG, which I don't think is really necessary here. The problem is that it's irrelevant to the problem. Random allocation at the server is equivalent to simply "shuffling" the segments before assignment, which doesn't affect the rate at which the space is searched. >From: tcmay at got.net (Timothy C. May) >>On the negative side, ostracize or punish those who bite off more than they >>can chew. This approach is fraught with dangers. > >If the search wraps around to catch the UNACK'ed pieces, this type of >oversight will only slow down the actual discovery of the key. Failure >to report a found key, though, is a bit different. I would not be opposed >to having my program report possible hits, with the server being what >discovers if I've found it or not. I'm not sure I follow you, here. The search wraps around on the unACKed segments because the work was assigned, but not (as far as the server knows) completed. This doesn't slow down the discovery of the key, it just reflects the *real* composite key testing rate as opposed to the *apparent* rate (which is based on the rate at which the segments are assigned). The server doesn't consider a segement "done" until it gets an ACK or NAK. >>On the positive side, let everyone simply attack the keyspace as they see >>fit, picking random parts to attack. This should not be "worse" than a >>factor of several from a "perfectly coordinated" attack. (I haven't spent >>time calculating this, but my intuition is that a random attack, with >>overlapping keyspace, is not a lot less efficiently attacked than >>attempting to arrange for no overlaps...just based on my mental picture of >>dropping line segments randomly on some interval and figuring coverage of >>the line segment.) NB: Elsewhere, Tim provides an argument showing the efficiency of the random attack to be 1/e worse than the coordinated attack (about 37%). >Why not have a random backup-mode, in case someone does mount a denial of >service attack. Or imploy a combination of the two modes. The machines >running brloop can search sequentially (out of the middle 50%?) and the >machines not connected search randomly (out of the outside 50%?). Or, >venturing further into the I-wonder-who's-gonna-code-this world, log the >random searches for possible conversion to an exhaustive search later. > >It would be nice to be able to hit the emergency button and switch to >random mode, but currently I don't think there's a need to actually >use it. I still don't see how the server can use unsolicited NAKs as anything other than a nominal reduction in the probability that the key is in the NAKed segment. Perhaps this does give an idea of a server strategy to do *just* that, though. The server maintains a list of the unique users who have reported an unsolicited NAK for each segment. Requests for work are filled by randomly selecting segments, with the highest weight going to the segments with the fewest unsolicited NAKs, but only segments with *solicited* NAKs and those assigned, but with no response, are not considered. If the weight were inversely proportional to the square of the number of unsolicited NAKs (plus one), then segments which have a lot of NAKs won't likely be assigned until the end of the jobs. When a segment with unsolicited NAKs is assigned, further weight might be given to unsolicited NAKs from those users in the future, reflecting an improvement in their reputation. The biggest problem with this scenario is that it requires a potentially *huge* amount of storage on the server. Another alternative that comes to mind is to hand out segments with unsolicited NAKs to some of the slower machines. Since their contribution to the overall search rate is small, there's less of a hit taken by assigning them potentially redundant work. As they provide verification of the data reported as unsolicited NAKs, the server's reputation data is improved, and the search can concentrate even more on the unACKed segments. From frissell at panix.com Tue Aug 29 18:42:56 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 29 Aug 95 18:42:56 PDT Subject: Florida Drivers Permits and a Hello In-Reply-To: Message-ID: On Tue, 29 Aug 1995, Brad Dolan wrote: > And somebody, Science Applications International Corp. I think, is > designing an in-car fingerprint reader / database query-er for cops. So > they can check your bona fides on the road sides. > > bd It's too bad for law enforcement that the Chadian driver's license I use doesn't have any fingerpints on it and was obtained without requiring the surrender of any "finger images." DCF "Yes Virginia, heroic Chad fighters equipped with French shoulder-launched missles and Toyota Pickups did, in fact, defeat an Libyan armored invasion force." From mpj at csn.net Tue Aug 29 19:20:12 1995 From: mpj at csn.net (Michael Johnson) Date: Tue, 29 Aug 95 19:20:12 PDT Subject: Colorado Catacombs BBS: 303-772-1062 Message-ID: Please note that the correct number for the Colorado Catacombs BBS is 303-772-1062. I have been getting a lot of people calling my home voice phone number with a modem, and this is not fun, especially with those who do so at wierd times and without their speaker engaged. Also, note that the old number for the Colorado Catacombs, 303-938-9654, has been disconnected due to lack of funds for the BBS. Sorry about that, but in true cypherpunk style, I want to keep the BBS up and running with free service for fellow cypherpunks, so I rely on donations instead of subscriptions. Colorado Catacombs BBS - 303-772-1062 (2 lines, same number) 8 data bits, 1 stop bit, no parity, up to 28,800 bps (one modem is 28,800, the other is 14,400), ANSI terminal emulation. Access for all crypto files is free (in the USA and Canada), and you may use a psuedonym to log in if you like. (I do ask for your real name, but that is for my own reference in evaluating uploads). By the way, web lovers try http://www.csn.net/~mpj for pgp info. Enjoy! ___________________________________________________________ | | |\ /| | | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 | | \/ |o| | PO Box 1151, Longmont CO 80502-1151 USA Jesus is alive! | | | | / _ | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org | | |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 | | |||\ ( | ftp://ftp.netcom.com/pub/mp/mpj/README -. --- ----- .... | | ||| \ \_/ | PGPprint=F2 5E A1 C1 A6 CF EF 71 12 1F 91 92 6A ED AE A9 | |___________________________________________________________| From gene at ilsi.com Tue Aug 29 19:48:21 1995 From: gene at ilsi.com (ILSI) Date: Tue, 29 Aug 95 19:48:21 PDT Subject: (no subject) Message-ID: <9508300248.AA02999@toad.com> We would like to ask you to place a link from your site to our homepage. Please check out our homepage and let us know what you think. We have created a database to assist people that want to advertise on the internet. Using this database, people with homepages will now be able to easily find appropriate sites for links to their homepage. We are Internet List Services Inc. and we would appreciate your help. Please visit us at: http://www.ilsi.com/ilsi5.html Thank you, Gene From ponder at wane-leon-mail.scri.fsu.edu Tue Aug 29 20:53:27 1995 From: ponder at wane-leon-mail.scri.fsu.edu (P.J. Ponder) Date: Tue, 29 Aug 95 20:53:27 PDT Subject: SSL brute/ng Message-ID: If anyone is putting together a wish list of features for the next iteration of the distributed brute would they like to consider some sort of mirroring approach for the server (at least on stats or updates/ software ) so that some of that traffic could be reduced? I'm afraid I am one of the guilty trying to log on to check on the stats at least once and I probably contributed to choking it just by doing that. If a local server could have been updated, it would save bandwidth on the server doing real work. Could a trusted group of segemnt dolers be put together? I like the idea of running a benchmark type of program so that I could multiply keys/sec times the amount of time I had to donate, and only get a reasonable for me number of segments. I would hope that statistics be gathered on the number of keys tested, elapsed time, etc. so that we all got some more or less real world insight into key lengths and strengths, effort required to break, that we have all heard so many projections about... especially as the doling gets more sophisticated and the number of participants/cycle pool increases. Will there be Hal3? Just to ask a really dumb question, how do you know when you get the key? Is there some plaintext header string you're looking for? --pjp From wfrench at interport.net Tue Aug 29 21:00:00 1995 From: wfrench at interport.net (Will French) Date: Tue, 29 Aug 95 21:00:00 PDT Subject: SSL trouble Message-ID: <199508300356.XAA09408@interport.net> Scott Brickner writes: > We've identified several forms of "real-world retaliation:" > 1) "Result hoarding" - failure to report a found key > 2) "Segment hoarding" - requesting more segments than one can hope to search > 3) Denial of service - preventing access to the server Perhaps I wasn't clear... by real-world retaliation, I'm referring to being sued, thrown in jail, belabored about the head with blunt objects, etc. The three basic defenses I have are: (a) not getting people angry, (b) not letting them know who to be angry at, or (c) the threat of counter-retaliation. The "random" method is of type (b). I think you are focusing a bit too much on theoretical efficiency and not enough on bottom-line practicality. A 37% waste factor is better than staying in bed and wasting it all. >> I _don't_ care about the procedures, as long as I can get >> the information I need to go my own way. > So what information wouldn't you be getting? To "go your own > way", you need exactly the same information that the client > workstations use to test one key. The difference in your code > and the clients exists solely in how they determine the next > key to try. Yes, this is currently true, but there was a suggestion of witholding part of the challenge in order to keep people honest, or something like that. I didn't quite understand it, but I didn't like it. Will French From roy at cybrspc.mn.org Tue Aug 29 22:11:34 1995 From: roy at cybrspc.mn.org (Roy M. Silvernail) Date: Tue, 29 Aug 95 22:11:34 PDT Subject: Florida Drivers Permits and a Hello In-Reply-To: Message-ID: <950829.180249.8r3.rnr.w165w@cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, bdolan at use.usit.net writes: > And somebody, Science Applications International Corp. I think, is > designing an in-car fingerprint reader / database query-er for cops. So > they can check your bona fides on the road sides. The company I know definitely is on this is Digital Biometrics, Inc, located in Minnetonka, Minnesota. Their device is called a SQUID (and no, I don't know what the acronym stands for). About 8" long and roughly 2.5" squarish, it has a lens in front where the subject's thumb is placed, and scans the lens with a laser. It's not quite in production yet, although prototypes are under construction. I happen to work for the company doing the machining work. - -- Roy M. Silvernail [ ] roy at cybrspc.mn.org PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at cybrspc.mn.org -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBMEOdVhvikii9febJAQEu+QQAlDHh+rt+iyJ3Yi41B1InvtECalLA2spR Kl15Z/Fr2/WciRX7/VjHb2WQYxJ98psZlL37QeAWYDZ/PmfaCaknGd6rTgSyl3Vl itMSdfxB6eMpEAcJUQMPzB083i2MXDqdzAMBjWaw6FrYBKJ9+Rx12SZXz7UAFEz9 8nU5IBZ0Im0= =B9lj -----END PGP SIGNATURE----- From iagoldbe at csclub.uwaterloo.ca Tue Aug 29 22:13:04 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Tue, 29 Aug 95 22:13:04 PDT Subject: Netscape's RNG Message-ID: <199508300512.BAA23185@calum.csclub.uwaterloo.ca> Someone on the list (sorry, I forget who), suggested that Netscape's RNG be looked at to see if the secret part of the SSL RC4/40 master key could be determined more directly. I used gdb on the Solaris version. SSL_GenerateRandomBytes() is called when random bytes are needed. It initializes the RNG, if necessary, and then calls RNG_GenerateRandomBytes. When I run "netscape https://banking.wellsfargo.com/", SSL_GenerateRandomBytes() is called 3 times; the first time, 32 bytes are produced (I don't know what they're for); the second time, 16 bytes are produced (the Challenge data); the third time, 64 bytes are produced, the first 16 of which are the master key (the first 11 of which are sent in the clear, and the next 5 are our goal). Here's my own hand-reverse-assembly of RNG_GenerateRandomBytes: (Correctness not actually guaranteed in any way...) -----8<-----8<----- struct RNG { unsigned char md5bytes[0x10]; unsigned char randbytes[0x10]; int size; void *md5data; }; RNG_GenerateRandomBytes(struct RNG *i0, char *i1, int i2) { char buf[0x20]; int o1,o2; while (i2 > i0->size) { memcpy(i1, &(i0->randbytes)+0x10-i0->size, i0->size); i1 += i0->size; i2 -= io->size; if (err = MD5_Begin(i0->md5data)) return err; if (err = MD5_Update(i0->md5data, &(i0->md5bytes), 0x10)) return err; if (err = MD5_End(i0->md5data, &(i0->randbytes), buf, 0x10)) return err; i0->size = 0x10; o2 = 0; o1 = &(i0->md5bytes[0x0f]); do { if ((*o1)++) break; --o1; } while (++o2 <= 0x0f); } /* i2 <= i0->size */ memcpy(i1, &(i0->randbytes)+0x10-i0->size, i2); i0->size -= i2; return 0; } -----8<-----8<----- It looks like that Compilers course came in handy... So it's not linear congruential. I guess the next step is to figure out how it's seeded, but that not for me to do (at least not tonight...). Here's another question about a more direct method: The 5 secret bytes are encrypted with the server's public (RSA?) key. Does the server use the same public key every time? How do you read the public key, given the Certificate Data (what's the format of the certificate)? Is it feasible to try to attack the public key with a massively parallel (Internet) factoring program (a la RSA-129)? Assuming that the modulus is _big_, it still is worthy to note that, unlike cracking individual challenges, cracking the public key will compromise _all_ communications with that server (until they catch on and pay $$$ for another key (I think?)). Just some thoughts, - Ian "it's only 10pm _here_, but it's 2am in Nova Scotia!" From remailer at flame.alias.net Tue Aug 29 22:51:38 1995 From: remailer at flame.alias.net (Flame Remailer) Date: Tue, 29 Aug 95 22:51:38 PDT Subject: NIST Key Escrow meeting Message-ID: <199508300551.HAA17047@utopia.hacktic.nl> Subject: NIST Key Escrow Meeting Discussion Papers Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #1 Issues -- Export of Software Key Escrowed Encryption On August 17, 1995, the Administration announced its proposal to permit the ready export of software encryption provided that the products use algorithms with key space that does not exceed 64 bits and the key(s) required to decrypt messages/files are escrowed with approved escrow agents. Under the proposal, products will be reviewed to verify that they satisfy the criteria and, if so, they will be transferred to the Commodity Control List administered by the Department of Commerce where the products can be exported under a general license (in much the same way that 40-bit RC2/RC4 encryption is licensed today). We are working toward creating broadly stated criteria that are in the nature of performance specifications. To meet these criteria, encryption products will need to implement key escrow mechanisms that cannot be readily altered or bypassed so as to defeat the purposes of key escrowing. The criteria, when finalized and published, will state the objectives, but not the exact technical method(s), by which those objectives are satisfied. This is to provide software publishers the flexibility to design methods for meeting our stated objectives in a manner that is compatible with the design of their products. There are, therefore, a number of questions we must work together to answer in order to draft effective criteria. These questions are: * Avoiding multiple encryption -- How can the product be designed so as to prevent doubling (or tripling, etc.) the key space of the algorithm? * Disabling the key escrow mechanism -- How can products be made resistant to alteration that would disable or circumvent the key escrow mechanism? How can the "static patch" problem be avoided? How can this be tested? * Access to escrow information -- What mechanisms must be designed into encryption products to allow authorized access to escrowed keys? This likely includes the identity of the key escrow agent(s) and a serial number for the key escrow agent to use to identify the key(s)/component(s) necessary to decrypt the message. What other information will be necessary to be provided to the escrow agent to identify the necessary key(s)/component(s)? Are there other comparable viable approaches? * Non-escrowed use -- How can products be made so that they do not function with non-escrowed products (or tampered escrowed products)? How can this be tested? * Limiting surveillance -- How can products be designed so that information both sent and received by the user can be decrypted without release of keys of other users? * Practical Key Access -- How can mechanisms be designed so that repeated involvement of escrow agents is not required for decryption for multiple files/messages during the specified access period? * Assurance that keys are escrowed -- How can it be assured that key escrow products are indeed satisfactorily escrowed? For example, products could be required to be escrowed at time of manufacture or be made inoperable until properly escrowed. * Ability to re-escrow keys -- How can products be designed so that new keys can be escrowed at the user's discretion with a U.S. Government approved escrow agent? * Certified escrow agents -- Can products be designed so that only escrow agents certified by the U.S. government (domestic, or under suitable arrangements, foreign) are utilized? What should be the criteria for an acceptable U.S. escrow agent? -------------- With your input, we are hopeful that this effort will lead to definitive criteria, which will facilitate the development of exportable products and help minimize the time required to obtain export licenses. The Administration seeks to finalize such criteria and make formal conforming modifications to the export regulations before the end of 1995. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e- mail: carlton at micf.nist.gov. 8/25/94 ----------------------------- Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #2 Discussion Issues: Desirable Characteristics for Key Escrow Agents In the government's recent announcement of its intent to allow the export of 64-bit software key escrow encryption products, one stipulation was that the keys would be escrowed with an approved key escrow agent.(*1) Exactly what qualifications/considerations are appropriate for approval as a key escrow agent have not been defined. Some of the issues which need to be discussed and resolved include the following: * What kinds of organizations should be excluded from consideration as approved key escrow agents? * What sort of legal agreement between the government and the key escrow agent is necessary to stipulate the responsibilities of the agent? Should this include the terms and conditions under which release of a key is required? * How will liability for unauthorized release of key be handled? * Should, for example, intentionally misreleasing or destroying a key be criminalized? Should this include other actions? * How can the government's needs for confidentiality of key release be handled? * Should approval of key escrow agents be tied to a public key infrastructure (for digital signatures and other purposes)? * What procedures need to be developed for the storage and safeguarding of keys? * What are the acceptable performance criteria (e.g., around- the-clock availability, accessibility, reliability, etc.) for approved key escrow agents? * Under what circumstances will key escrow agents in foreign countries be approved? * What process will be used to approve escrow agents? Costs/who pays? --------- (*1) "Approved," for the purposes of this discussion, means that the government (or its agent) has formally granted permission for an organization to hold keys for exportable encryption products. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov. From cwe at it.kth.se Tue Aug 29 22:54:33 1995 From: cwe at it.kth.se (Christian Wettergren) Date: Tue, 29 Aug 95 22:54:33 PDT Subject: The illegal markets of cyberspace Message-ID: <199508300554.HAA01155@piraya.electrum.kth.se> I guess I'll get a bunch of cypherpunkers on me now, even though I have the disclaimers/clarifications there. I am not opposed to anonymous services at all, ok? The inital idea behind this note, my main conclusion, is that NSA and others wont be able to estimate the amount of free computing power available "out there". The note outlines what I consider a probable scenario that will invalidate their estimates with a few orders of magnitude. If that is not enough, one can always bring out the big jack hammer: An combiner Internet Worm/SSL Bruter kidnaping the net for a number of hours. /Christian ---- To: Risks Digest This is a short note I wrote the other day. It points out a potential future risk, and also show existing problems with the FSP "proto-market". Also note that I am not opposed to anonymous services per se, I am only pointing out possible misuses of the technology. There are just as big risks in not deploying encryption and anonymous services, in going forward with a world without privacy and private spaces. /Christian THE ILLEGAL MARKETS OF CYBERSPACE by Christian Wettergren, cwe at it.kth.se Given the recent Brute-SSL efforts, together with the BlackNets and an eventual ecash exchange, there is a quite interesting situation emerging. The future markets of Cyberspace will be trading computing power, storage capacity and communications bandwidth, in addition to the more usually mentioned goods. This market for computing capabilities can be used for legitimate purposes as well as for illegal ones. I will here concentrate on the illegal uses, since they will prove to be a challenge to control. Computing power can yield pay-off in actual money, as the bruteSSL effort has quite convincingly shown. This can create a market for hiring computing power for illegal purposes. The actors on such a market can be quite safe, given the anonymity of the BlackNet and the tracelessness of ecash (DigiCash). There are other goods on the market as well; storage capacity and communication bandwidth. How would such a market be operated? The supply of "goods" for the market could be created by hackers breaking in to other's systems and hiring out the stolen capacity. The intruder could install a backdoor into a foreign system that would accept issued cryptographic access codes that would expire after a certain amount of time or usage. This makes it possible for the intruder to operate the business without having to go near the "scene of the crime". There is of course a certain risk that the intruder might lose the system to the hiring party, but that isn't such a big deal, since first of all its not his system, and second of all he may have booby-trapped the system for this case. The intruder would break into computers en masse, and install the backdoors as indicated above. They would then offer the stolen merchandise onto a BlackNet-like arrangement. Potential buyers would express their interests, and the broker of the BlackNet would connect the two together. The buyer and seller would agree on a price. The buyer would deposit the access codes, the seller the anonymous ecash by the broker, and the broker would effect the deal, taking a share of the profit. The buyer can then exchange his ecash for real money, or do whatever he wants with it. The seller brutes away onto whatever he wants, why not the SWIFT international banking system? The usage of stolen CPU cycles must of course be done in a careful way. The intruder would probably install some safeguards against excessive use, in his own interest. These safeguards could feature; * only using spare cycles, * monitoring superuser and sysadm activities, * hiding the process from system utilities like ps, * backing off during daytime hours etc. Other merchandise Storage capacity can be traded in a similar way, by setting up backdoor file server processes that listenes for the proper access codes. This kind of capacity could be used as anonymous post boxes, where you store secrets that you don't want to store at home, even if they are encrypted. It could also be used for bulk storage if it is cheaper than buying a new harddrive. Since this storage isn't offered by the proper owner, he can easily be very competetive. :-) There are of course a number of catches trading with stolen disk capacity, but they can quite easily be circumvented. To counter the privacy issue, all stored files will be encrypted by the submitter. This also eliminates potential evidence, if the proper owner discovers the illegal use of his resources. There is also a certain risk of losing the files if the area is discovered. This can be countered by storing the files in several locations. There is a third risk of traffic analysis of the file server. This analysis can be complicated by having a system of file servers that exchange files with each other, moving them around. In this scheme a buyer can submit a file in one location, and it can be stored in a totally different location. It will take a concerted action by several system owners to track down all their unwanted guests, so it is more likely they will only shut down the file server on their own system. Underground bases Trading communication bandwidth is somewhat more involved than the two previous ones, and cannot be traded without a portion of disk and cycles. It can however be worth a great deal to a potential buyer. Buyers of communication bandwidth is most likely setting up a service that is sold for profit. This service can probably not tolerate day-light and accountability, and hence needs to be anonymous. A good example of such a service is the emerging FSP-server black market, which has been souring during the last year and a half. (There have been lists circulating with several hundreds of FSP servers.) An FSP server is an anonymous file server where the users can freely upload and download files. These "black markets" of file exchanges has been used to trade porn, pirated music and pirated software. A site in Sweden recently caught students that had started such a server. 3 Gb/day went out through the server, and an estimated worth of $2 million in pirated PC programs were exchanged over it during it's three weeks of operation. The high volumes in the server was mainly due to the large amounts of available bandwidth out from the site. The example is not entirely good, since there is no money or ecash exchange in this case. The thing traded currently in the FSP buisness is instead the mere existance of a server, trading one piece of server access info for another. This is mainly because of lack of features in the FSP code, and not a fundamental feature of any such market. Communication bandwidth/service space rental is traded in a similar way as the other merchandise over the BlackNet system, with ecash exchange. The service provider will probably keep on using the site until the proper owner discovers it, since it is a hassle to move the service while running. What is the size of this potential market? I consider the estimates below conservative. Any illegal market would probably be much bigger, and constantly try to expand. Internet now has well over 3 million reachable computers. Lets assume 1 percent of them could be broken into at any one time, i.e 30.000 computers. Each computer is probably good for 5-10 MIPS, but assume we can use on average 1 MIPS without risk for discoverage. (We can probably use more during non-office hours, but maybe nothing during the day.) You can certainly use 10 Mb of ddisk storage on each computer without problems. This adds up to a constant 30 GIPS in computing power, and 300 Gb's of storage. And I believe this is a very conservative estimate, as I said. Conclusions I think it is quite likely that markets similar to those described above will emerge in a few years. There is already one primitive example of such a market in the FSP buisness, and we will most likely see more elaborate forms soon. The developement will accelerate once there is targets which will yield interesting pay-offs. Another conclusion is that all current estimates on available privately available CPU power for bruteforcing is likely to be _wrong_ in the face of such markets. The net has now shown several cases of doing the supposedly impossible; RSA-129, SSL1, SSL2, RC40 etc. The SSL2 effort, although impressive, I believe has only revealed a miniscule piece of what is possible to do. Observe that the current effort has all used volounteers, has not used any of the easily accessible super computers on the net, nor has used any intrusion techniques to round up CPU. The ultimate technique would be to have a well-writen worm raid the Net for CPU power, maybe only being active for a few hours. The worm could penetrate a substantial fraction of the Internet, if fed the right database of possible attacks on different vendors. The last, and most obvious conclusion perhaps, is that all sites should be concerned about their security. There is more to steal in your system than your supposedly worthless information, and I would say that the laws are quite unclear on the issue of liability in any of the above situations. At least if you haven't taken proper precautions. By the way, the above mechanisms can be used to create perfectly legit and proper markets as well. Don't confuse the phenomenas with the techniques. [BlackNet is a creation of Tim May , and possibly other cypherpunkers. A black market broker announces a public key widely on Internet, stating the market's existance. Potential buyers and sellers encrypt their requests and offers with the public key and posts the encrypted info in a newsgroup somewhere. The broker can then match up buyers and sellers. Ecash can be used to transfer funds, and the broker will get his share of the deal. This scheme is close to impossible to traffic analyse.] From cwe at Csli.Stanford.EDU Tue Aug 29 23:04:26 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Tue, 29 Aug 95 23:04:26 PDT Subject: SSL and MIPS... Message-ID: <199508300604.XAA10663@Csli.Stanford.EDU> Hi! How much computing power did we actually use, in terms of MIPS/FLOPS*hours? An unloaded SS10 that didn't swap went at approximately 16400 keys/s. How many MIPS is an SS10 approximately? How does different algoritms compare? DES, RC40, RSA512 etc? Or if I pose the question differently, what can you do with 30 GIPS for a day? /Christian From don at cs.byu.edu Tue Aug 29 23:23:01 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Tue, 29 Aug 95 23:23:01 PDT Subject: CFS and Securedrive Message-ID: <199508300622.AAA02022@wero> -----BEGIN PGP SIGNED MESSAGE----- From: Patrick Lear >Does anyone have any experience with the SecureDrive program and if so >can you make any comments about it? I found it very easy to use and very well designed. My only complaint was that it prints out a * every time you enter a character of your passphrase. Other than that, it's a very good product. Too bad Wollersheim didn't have it for his client list... Unfortunately, I switched to linux shortly afterwards. I have yet to get CFS compiled. (Oh, Matt, by the way, is that README.linux supposed to be current, because it's a little...errr...cryptic.) For those of you who would like to see CFS, the unix encryption system, some dastardly felon exported it and it's on utopia.hacktic.nl. (I did a diff against it with my copy, by the way, and it _hasn't_ been tampered with) Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMEQDU8La+QKZS485AQEVewMAxN56v4mUZoe5AJSt64ZLRS+KwPiyG/WU 3PxTFGNjxL7l36Z4o2BMN6Bc195gYcxSUfjzvnfegN7gQU2/96IiNLd5b2QTsWJA WW56L92yJkxWYeYoQRRhRP1+Emj2fqaX =aU+M -----END PGP SIGNATURE----- From dave at esi.COM.AU Tue Aug 29 23:35:38 1995 From: dave at esi.COM.AU (Dave Horsfall) Date: Tue, 29 Aug 95 23:35:38 PDT Subject: Florida Drivers Permits In-Reply-To: <199508282255.AA46059@junkers.lochard.com.au> Message-ID: On Tue, 29 Aug 1995, Mark wrote: > I think the officer arresting you would frown if your license dumped a nudie > picture of Cindy Crawford instead of your identification details. "I have no idea how that happened, Officer - you know these things can't be forged!" Nothing like sowing the seeds of doubt amongst those whose job it is to enforce it... -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2DAA.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | D8 15 71 F9 26 C8 63 40 5E 63 5C 65 FC A0 22 99 From don at cs.byu.edu Tue Aug 29 23:54:30 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Tue, 29 Aug 95 23:54:30 PDT Subject: SSL stuff Message-ID: <199508300653.AAA02079@wero> -----BEGIN PGP SIGNED MESSAGE----- Piete: please read the PS at the bottom From: Scott Brickner >>A random (instead >>of sequential) allocation _by the keyserver_ (out of unallocated >>piecemeal segments) would also take some work to implement. [snip] >The problem is that it's irrelevant to the problem. Random allocation >at the server is equivalent to simply "shuffling" the segments before >assignment, which doesn't affect the rate at which the space is searched. no, but it keeps someone from knowing where the key is at from grabbing it for themselves. If the segments were shuffled, the only way to ensure "getting" the keyspace with the key is to grab HUGE chunks. And grabbing 50,000 segments didn't go over well last time, did it... >I'm not sure I follow you, here. The search wraps around on the unACKed >segments because the work was assigned, but not (as far as the server >knows) completed. This doesn't slow down the discovery of the key, If the segment with the real key is the first assigned and the last ACKed (reporting key found), the search went on 30 hours extra. But that doesn't cause as much problems as a (false) ACK of no key found. >>It would be nice to be able to hit the emergency button and switch to >>random mode, but currently I don't think there's a need to actually >>use it. >I still don't see how the server can use unsolicited NAKs as anything >other than a nominal reduction in the probability that the key is in >the NAKed segment. Perhaps this does give an idea of a server strategy >to do *just* that, though. I mean a setup where if the key server is shut down by a D.O.S. attack, or congestion, or whatever, that the users, if they so desire, can shift into random mode and end their dependance on the server. I don't see a need for all of us to be doing random searches right now just because someone _might_ launch a D.O.S. attack. Another benefit of random mode being implemented, but secondary, is that all of the people who previously had to manually get keyspace by WWW and report it back by hand - they can just put it in random mode and fire-and-forget, just like everyone with brloop does. Don PS: Piete: What's the current status of the server? I've got by brloop working apparently, and I calculate I'm able to search 800 segments a day, and I'm anxious to see if it works. It's stopped giving me only sleep orders, and now appears to give me a keyspace, but it reports a checksum error and sleeps for a few minutes. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMEQKzsLa+QKZS485AQEjjgL/X2jQ0J0k+0gc4GUOzNQrKKtRHvqy4dlq FmxaGDsdnBI+eO8DSu8C6jmRdw+VpcRiFQGDiTMklSmKNEwEqwq0QIvL0Dh4mz7k vTsYXbUdlGwf9KUJv5PtwNojP+nQl9Pe =tTkz -----END PGP SIGNATURE----- From sameer at c2.org Tue Aug 29 23:56:59 1995 From: sameer at c2.org (sameer) Date: Tue, 29 Aug 95 23:56:59 PDT Subject: FYI: c2.org now has reasonable net Message-ID: <199508300652.XAA10601@infinity.c2.org> Community ConneXion finally has reasonable net. If you thought about getting an account here in order to take advantage of privacy services but thought that the lag was too great for it to be useful, you may want to try again now, as our network line was just upgraded today. Check out http://www.c2.org -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From tibbs at sina.hpc.uh.edu Wed Aug 30 00:21:04 1995 From: tibbs at sina.hpc.uh.edu (Jason L Tibbitts III) Date: Wed, 30 Aug 95 00:21:04 PDT Subject: Mondex and currency exchange (Was: An article for Wired magazine) In-Reply-To: <950814205254_74774.3663_EHL102-1@CompuServe.COM> Message-ID: <9508300711.AA14904@hpc.uh.edu> Pardon me for being behind; I'm catching up with 1500 cypherpunks articles... I was skimming and came upon the following: >>>>> "JM" == Jon Matonis <74774.3663 at compuserve.com> writes: JM> Mondex in the UK currently has official government units of account JM> digitally represented for their Mondex card trial in Swindon. They JM> have also announced that in the future this card will hold up to five JM> "official" currencies. I'm not sure how Mondex works, but if currency conversion is made easy doesn't this have an interesting effect on the currency markets? If I can have my machine follow micro changes in the markets and convert my money around instantaneously without going through a middle-man then things could get interesting. Then again, I'm really nieve when it comes to currency exchange. Please show me the flaw here. --- Jason L. Tibbitts III - tibbs at uh.edu - 713/743-8687 - 221SR1 System Manager: Texas Center for Advanced Molecular Computation 1994 PC800 "Kuroneko" DoD# 1723 From carolann at censored.org Wed Aug 30 00:51:44 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Wed, 30 Aug 95 00:51:44 PDT Subject: The illegal markets of cyberspace Message-ID: <199508300751.AAA03910@mailhost.primenet.com> Thank you for the easy to understand concepts. Now where was that nobody at nobody.org key again? Love Always, Carol Anne....wondering if the Undernet was as good as the Blacknet? -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From goedel at tezcat.com Wed Aug 30 01:13:33 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Wed, 30 Aug 95 01:13:33 PDT Subject: SSL Suggestions Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Many people have suggested improvements to the techinical side of brutessl. I don't think anyone has looked at the user interface side of things. A simple configure script, and a few more reasonable defaults would bring quite a few more volunteers. I know of at least a handful of people who did not contribute because they were overwhelmed by the unfriendly scripts. While a rough user interface could serve as a basic intelligence test, I don't think that this sort of exclusion is necessary, given the nature of the task. DJK -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBgAwUBMEQrvHIf3YegbdiBAQE1pAJYnoXhffJeTrfiEm8R1fDGMuuZCpATw9gL M+A+LawHiPFeoHtcHp3ZBkhzOqEFS6MfMJ1wjbt9e3ILSJkVGC71OrkpiNcDBMKY 0G9G =3NIJ -----END PGP SIGNATURE----- Dietrich J. Kappe | Red Planet http://www.redweb.com/ Red Planet, L.L.C.| "Chess Space" /chess 1-800-RED 0 WEB | "MS Access Products" /cobre Web Publishing | PGP Public Key /goedel/key.txt From asb at nexor.co.uk Wed Aug 30 02:37:00 1995 From: asb at nexor.co.uk (Andy Brown) Date: Wed, 30 Aug 95 02:37:00 PDT Subject: Subject: ANNOUNCE: 2nd SSL challenge - we need your compute! In-Reply-To: <199508241543.LAA07735@panix.com> Message-ID: On Thu, 24 Aug 1995, Duncan Frissell wrote: > The 32-bit Windows version does *not* work with my old Windows 3.11 even > with the latest Microsoft 32-bit add in. The Win32 client is multi-threaded. Win32s doesn't support multi threading and has a whole host of other things missing too. Win95 claims to support threads, although I heard "not many". - Andy +-------------------------------------------------------------------------+ | Andrew Brown Internet Telephone +44 115 952 0585 | | PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A C0 1F 9F 66 64 02 4C 88 | +-------------------------------------------------------------------------+ From asb at nexor.co.uk Wed Aug 30 02:46:21 1995 From: asb at nexor.co.uk (Andy Brown) Date: Wed, 30 Aug 95 02:46:21 PDT Subject: SSL CHALLENGE: Can't search with Win32 client! In-Reply-To: Message-ID: On Thu, 24 Aug 1995, Joe Thomas wrote: > I've got some keyspace, from various projects and test projects on the > server, but no matter what key range I select, I can't get the Search > button to be active (not greyed out). The project must be of type "ssl" (look at the properties box to make sure). ssl is the only search engine currently built in to the client, more will be added as challenges are planned. Piete: I notice that you've renamed the original challenge to "sslold" and the test to "sslck" which causes the client to not recognise them! Any chance you can put them back to "ssl" so folks can test their clients? Regards, - Andy +-------------------------------------------------------------------------+ | Andrew Brown Internet Telephone +44 115 952 0585 | | PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A C0 1F 9F 66 64 02 4C 88 | +-------------------------------------------------------------------------+ From skapp at cix.compulink.co.uk Wed Aug 30 03:50:36 1995 From: skapp at cix.compulink.co.uk (Stephen Kapp) Date: Wed, 30 Aug 95 03:50:36 PDT Subject: Netscape's RNG Message-ID: In-Reply-To: <199508300512.BAA23185 at calum.csclub.uwaterloo.ca> > -----8<-----8<----- > struct RNG > { > unsigned char md5bytes[0x10]; > unsigned char randbytes[0x10]; > int size; > void *md5data; > }; > > RNG_GenerateRandomBytes(struct RNG *i0, char *i1, int i2) > { > char buf[0x20]; > int o1,o2; > > while (i2 > i0->size) > { > memcpy(i1, &(i0->randbytes)+0x10-i0->size, i0->size); > i1 += i0->size; > i2 -= io->size; > if (err = MD5_Begin(i0->md5data)) return err; > if (err = MD5_Update(i0->md5data, &(i0->md5bytes), 0x10)) return err; > if (err = MD5_End(i0->md5data, &(i0->randbytes), buf, 0x10)) return err; > i0->size = 0x10; > o2 = 0; > o1 = &(i0->md5bytes[0x0f]); > do > { > if ((*o1)++) break; > --o1; > } while (++o2 <= 0x0f); > } > > /* i2 <= i0->size */ > memcpy(i1, &(i0->randbytes)+0x10-i0->size, i2); > i0->size -= i2; > return 0; > } > -----8<-----8<----- > This looks very much like the RSAREF random number code, there are a few minor differences, but it still looks very similar. -------------------------------------------------------------------------- - E-mail: skapp at cix.compulink.co.uk, skapp at sourcery.demon.co.uk PGP fingerprint: 78 1C CD F4 A4 44 D2 CB DD A5 CF EF F1 DD D8 6A -------------------------------------------------------------------------- - RSAEURO: rsaeuro at sourcery.demon.co.uk From ab411 at detroit.freenet.org Wed Aug 30 03:56:52 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Wed, 30 Aug 95 03:56:52 PDT Subject: SSL search attacks Message-ID: <199508301056.GAA26657@detroit.freenet.org> -----BEGIN PGP SIGNED MESSAGE----- Scott Brickner writes: >don at cs.byu.edu writes >>A random (instead >>of sequential) allocation _by the keyserver_ (out of unallocated >>piecemeal segments) would also take some work to implement. > >The problem is that it's irrelevant to the problem. Random allocation >at the server is equivalent to simply "shuffling" the segments before >assignment, which doesn't affect the rate at which the space is searched. The point is that if J. Random Badguy knows that the key lies in segment 0x1bad and wants to get this segment and send a false NAK for it, he can watch as key segments are doled out (perhaps with clients running on a number of machines) and when 0x1bad gets close, say, when 0x1b0b comes out, he can instruct all his clients to start hammering the server for all they're worth in an attempt to get the key segment assigned to one of his clients. If the segments are shuffled before they are handed out then this attack becomes impossible, since the attacker has no way of knowing when segment 0x1bad will be handed out. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMERDPxEcrOJethBVAQG60gP9HsuCd+jID0nyESfXDCNtSwwRuRZ39rkg SIEpltxzwMfHMQ/RD8CD5UmAHIm1EdvsztjbB5M5KnqjPKCMfw42leKhhcBBxUma FCKN3vm4MBs+5vgM8SDeHLbn84rYxn5xijbktRdi+G/MzfAJdjmo5nUPQiWWhLn/ JyWa9rpNHxQ= =9tcN -----END PGP SIGNATURE----- -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From frissell at panix.com Wed Aug 30 05:01:58 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 30 Aug 95 05:01:58 PDT Subject: Netsurfer Focus on Cryptography Message-ID: Netsurfer publishes free HTML "periodicals" delivered by email -- filled with the links the short articles refer to. The latest one just hit my mailbox (with tags removed): ---------- Forwarded message ---------- Date: Tue, 29 Aug 95 17:45:39 PDT From: editor-bounce at netsurf.com Subject: Netsurfer Focus: Vol. 01, #03 (HTML) Netsurfer Focus on Cryptography and Privacy Wednesday, August 21, 1995 - Volume 01, Issue 03 TABLE OF CONTENTS Intro to Cryptography Cracking the Code In ? We Trust Key Certification Postcards from Cyberspace E-mail Issues Digital Envelopes Secure E-mail The Pen is Mightier than the Electron Export Issues Hiding In Plain View Steganography Money Makes the World Go Round Cash and E-money No Names, Please Anonymous Remailers Big Iron, Big Brother Database Drilling and Surveillance It's B-a-a-ck! Clipper and Digital Telephony 'Bots, Agents, and Wizards Trusting Software Information at Your Fingertips Additional Resources Inky Fingers Print Resources ********************************** Netsurfer Focus is currently a periodic supplement to Netsurfer Digest and Netsurfer Tools. Netsurfer Focus Home Page: http://www.netsurf.com/nsf/index.html http://www.netsurf.com/nsf/index.html Back Issues: If you would like to obtain copies of back issues or resource files (in HTML format only) via e-mail, send mail to info-focus at netsurf.com with "send crypto-index" in the body of the message. To subscribe to Netsurfer Digest or Netsurfer Tools: By WWW form: http://www.netsurf.com/nsd/subscribe.html By e-mail: nsdigest-request at netsurf.com Body: subscribe nsdigest-text subscribe nsdigest-html From ab411 at detroit.freenet.org Wed Aug 30 05:02:00 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Wed, 30 Aug 95 05:02:00 PDT Subject: SSL trouble Message-ID: <199508300040.UAA07776@detroit.freenet.org> -----BEGIN PGP SIGNED MESSAGE----- I wrote: >"Daniel R. Oelke" writes: >> >> date "+%S %M 60 * + %H 3600 * + %j 86400 * + %y 31536000 * + p" | dc > >date +"%S %M 60 * + %H 3600 * + %j 1 - 86400 * + %y 70 - 31536000 * + %y >69 - 4 / 86400 * + 3600 4 * + p" |dc which has a bit of cruft in it to get universal time, and >date +"%S %M 60 * + %H 3600 * + %j 1 - 86400 * + %y 70 - 31536000 * + %y >69 - 4 / 86400 * + p" |dc > >which returns local time, which is probably what you wanted anyway. Well, I overlooked the obvious: You can simply add -u to the above to get universal time i.e., date -u +... etc. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEOyexEcrOJethBVAQGtFwP9GG27cR3UvJX4/gsO8SK3L3pHGv5mjNp+ 0mkRwOg+bj+cf44xAxXZ7/iFU2xaT4sAUvqwIaqbv6AfQgwnqTjAZKIR11KtlKPN 1xDkPXArU4PWSjoFal60Qsuqzacauu99wwUfsILhr8S2xWMj406JdTZPMapgZJI0 N2agSYMj6pY= =LI+M -----END PGP SIGNATURE----- -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From danisch at ira.uka.de Wed Aug 30 05:49:53 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Wed, 30 Aug 95 05:49:53 PDT Subject: CIA & Espionage Message-ID: <9508301246.AA14561@elysion.iaks.ira.uka.de> In a german weekly news magazine (Focus 34/1995, p. 178-181) I read an article about industrial espionage. It is said that the secret services have lost their main task when the east/west cold war had gone. Their new task is the industrial espionage. The russian, french, and american services were referenced in the article. It was said that Pres. Clinton had given a speech while visiting the CIA HQ in Langley/Virginia. He allegedly said in this speech that obtaining industrial informations has the highest priority and this were the new task for the spies. Can anyone confirm the quotation? Hadmut From frissell at panix.com Wed Aug 30 07:35:22 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 30 Aug 95 07:35:22 PDT Subject: More Disintermediation Message-ID: <199508301433.KAA04944@panix.com> According to Monday's USA Today, the Customs Service has come up with a plan to stop stopping international travelers arriving at US airports. Apparently they can't afford "personal" service any more. With 60 million arrivals, Customs has decided to mingle a bit in luggage claim, look for those meeting its profiles, and use drug- and food-sniffing dogs to catch smugglers. Note that international travel has doubled in the last few years. What is Customs (and La Migra) going to do when it doubles again. It is much easier for market phenomenons like this to double or triple than it is for government agencies to double or triple. Markets scale well. Governments don't. DCF "When foreigners steal 'our' jobs, our labor is freed for other tasks and total world product increases. Jobs can no more 'run out' than desire for things in general can 'run out'." From don at cs.byu.edu Wed Aug 30 08:11:50 1995 From: don at cs.byu.edu (Donald M. Kitchen) Date: Wed, 30 Aug 95 08:11:50 PDT Subject: Non-US SSL128 site Message-ID: <199508301510.JAA11086@bert.cs.byu.edu> Saw this on usenet. Figured someone might want to give it a spin... From: John Hemming - Chief Executive MarketNet Newsgroups: sci.crypt Subject: Announce>128 bit RC4 SSL available outside US Date: 30 Aug 1995 10:16:39 GMT Message-ID: <421dq7$rk4 at marble.Britain.EU.net> NNTP-Posting-Host: 193.119.26.63 We have now updated our servers to a) Use 128 bit SSL if the client allows it. b) Tell users which cipher is being used on a secure session. To experiment point your secure client at one of the following: https://193.118.187.101/ https://193.118.187.102/ https://193.118.187.105/ https://193.118.187.111/ (the main server does not run SSL to minimise PK calculations) If you do not have a client that can use 128 bit RC4 then ftp://193.119.26.70/mktnet/pub/horse.zip does to the job, but is quite flaky otherwise. From keelings at wu1.wl.aecl.ca Wed Aug 30 08:13:54 1995 From: keelings at wu1.wl.aecl.ca (S. Keeling) Date: Wed, 30 Aug 95 08:13:54 PDT Subject: SSL trouble Message-ID: <9508291415.AA02629@wu1.wl.aecl.ca> Incoming from Daniel R. Oelke: > [presumably piete brooks?]: > > >PS3: I'd like to get the raw date in brloop (a sh script). In perl I'd just > > > use "time", and I can't see a way to get "date +" to yield the raw time. > > > I could use "date=`perl -e 'print time'`" but that seems OTT, and perl > > > may not be on teh users PATH. Any suggestions ? > > [anonymous?] > > "date '+%s'" does it under BSDI, but I'm not sure how portable it is. > > This is what I got from SunOS 4.1.x > > $ date +%s > date: bad format character - s On Ultrix, I get: $_ date '+%s' s $_ and on OSF/1: $_ date '+%s' %s $_ XMan (OSF/1) says: "To display the date and time in a specified format, enter: date +"%r %d %h %y (%a)" [note the `+' outside the ""] which gives me: 08:58:39 AM 29 Aug 95 (Tue) FWIW ... -- "Remember, obsolescence (Win95) isn't an accident; it's an art form!" keelings at wu1.wl.aecl.ca s. keeling, aecl - whiteshell labs From hallam at w3.org Wed Aug 30 08:17:04 1995 From: hallam at w3.org (hallam at w3.org) Date: Wed, 30 Aug 95 08:17:04 PDT Subject: CIA & Espionage In-Reply-To: <9508301246.AA14561@elysion.iaks.ira.uka.de> Message-ID: <9508301516.AA32040@zorch.w3.org> >In a german weekly news magazine (Focus 34/1995, p. 178-181) I read an >article about industrial espionage. It is said that the secret >services have lost their main task when the east/west cold war had >gone. Their new task is the industrial espionage. The russian, french, >and american services were referenced in the article. The cold war isn't so decisive. Much of espionage has always been industrial. It is an essential component of political espionage in any case. Millitary espionge may get the headlines but the bulk of the work is trawling through trade stats and various open networks in embassies etc. In any case with the breakup of the USSR there are now more states to watch and because they are unstable more need to watch them. Phill From pcassidy at world.std.com Wed Aug 30 08:17:50 1995 From: pcassidy at world.std.com (Peter F Cassidy) Date: Wed, 30 Aug 95 08:17:50 PDT Subject: Modern Journalism (was: All about Bernstein) (fwd) Message-ID: Sorry, folks, I thought I'd cc:ed this to the list. ---------- Forwarded message ---------- Date: Sun, 27 Aug 1995 20:08:22 +0059 (EDT) From: Peter F Cassidy To: "Timothy C. May" Subject: Re: Modern Journalism (was: All about Bernstein) I agree. Some editors refuse to let actors be engaged as professionals only. My philosophy is people's stories are their own and they are in control of them to the extent they inform these stories. WIRED likes to find crusaders and campaigners for their profiles. Sometimes they're not the swashbuckling types that make for engaging personality pieces. That's why I went for the issues around ITAR and a speculation on the case's merits in relative case law and the judicial environment it will enter. DJB got eloquent where I thought it was important in terms of the technology and research running up against a law that is itself full of negotiable loopholes, quiet on everything else. Most everyone who's met him tells me he's really retiring. Which lead me to conclude the guy might have the kind of reserve and restraint required for protracted litigation with the government which is essentially becomes an endurance contest. Now, saying that, is it weird to think that people would be interested in a fellow like that? Wrong? I've written about large scale bank frauds, organized crime, charities frauds, etc. and even when I'm writing about gangsters, personal detail isn't used for "spice" as much as it is narrative coherence. Who introduced the arsonist to the drug dealer to do the condo deal? Is that gossip or an essential detail? In science writing the personal detail illuminates sometimes, not always, the actors involved in great discovery. Is it prying to learn that Maslow felt better after he married his goofy fourth cousin and came up with theory of the heirarchy of needs? No, but it makes the story of the science more resonant. That's not a bad thing. There is undoubtedly a peoplemagazinification of journalism in the states which is why I gravitate toward the analytic or investigative publications like the Economist, Covert Action Quarterly or the Texas Observer, The Progressive and good trades like CIO. Yet even in these publications, the examination of protagonists is not considered out of bounds. I think it's not in your interest to be sniffing at the press. Tell them exactly what you wrote here and take these guys for a ride. Freeh has managed to make himself out to be this tower of virtue and civil leadership - well, up until recently and, you'll remember, led a successful charge for passage of the digital telephony bill which will be the model for crypto legislation, at least in terms of lobby tactics if not language. He did this partly by force of personality and his credibility. He didn't gain these by being precious about himself or his enterprise or, finally, by being a good cop or jurist. He did it with great PR and a sense of how the press works, not by wingeing when an interview opportunity came around. - Levy, if anything, is doing all cryptodom a favor if average schmucks pick up his book and say, gosh, is *that* what is at stake here? His NYT piece was clear and straightforward - engaged the science of crypto seriously and at the level of the reader could handle - and made the protagonists and antogonists accessible. Right now, crypto is not even on the map. Creating a barricade around the people that are driving this defining technology does no one any good. In fact, when it comes down to the end-game, legislating a ban on non-escrowed crypto, the first thing the Justice department will do is characterize you guys as amoral eggheads who are building technologies to hide the crimes of terrorists, rapists, genocidists and maniacs. At that point, I should think you would like to be appreciated as scientists with principles you act on in daily life and in your work, gosh, even personal philosophies, real personal stuff like that. From Piete.Brooks at cl.cam.ac.uk Wed Aug 30 08:20:32 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Wed, 30 Aug 95 08:20:32 PDT Subject: SSL brute/ng In-Reply-To: Message-ID: <"swan.cl.cam.:068200:950830151949"@cl.cam.ac.uk> > If anyone is putting together a wish list of features for the next > iteration of the distributed brute Sure am .... > would they like to consider some sort of mirroring approach for the server > (at least on stats or updates/software) Not sure what you mean .... Currently there are many machines involved ... sksp odd & sods. sksp-ack just ACKs. sksp-key just keyspace allocation ftp just FTPs www just WWW stats are WWW only, with updates being done by ACKs machine. > so that some of that traffic could be reduced? How ? > I'm afraid I am one of the guilty trying to log on to check on the stats at > least once and I probably contributed to choking it just by doing that. Nah .... > If a local server local to whom ? Using a caching poxy ? > could have been updated, it would save bandwidth on the server doing real > work. No -- different server. > Could a trusted group of segemnt dolers be put together? As in a hierarchy ? This is being thought about ... > I like the idea of running a benchmark type of program so that I could > multiply keys/sec times the amount of time I had to donate, and only get a > reasonable for me number of segments. brloop does that for brutessl attempts ... > I would hope that statistics be gathered on the number of keys tested, > elapsed time, etc. so that we all got some more or less real world > insight into key lengths and strengths, effort required to break, that we > have all heard so many projections about... especially as the doling gets > more sophisticated and the number of participants/cycle pool increases. Let me know what stats you want ... > Will there be Hal3? Yes. From patrick at Verity.COM Wed Aug 30 08:26:43 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Wed, 30 Aug 95 08:26:43 PDT Subject: Sendmail Bugs Message-ID: <9508301523.AA22241@cantina.verity.com> > > There is a document on alt.security which describes exploitable sendmail > > bugs. The reference is <809544856snz at hacknet.demon.co.uk> > > I saved a copy in case anyone would like one. > > Would you please email me a copy of that doc-file? > > I would find it very interesting... :-^) > 8lgm has released a lot more of their exploit information to the public as well including a lot of sendmail stuff...I wouldn't be surprised if that was the source of this. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From kinney at bogart.Colorado.EDU Wed Aug 30 09:00:09 1995 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Wed, 30 Aug 95 09:00:09 PDT Subject: Non-US SSL128 site In-Reply-To: <199508301510.JAA11086@bert.cs.byu.edu> Message-ID: <199508301559.JAA05610@bogart.Colorado.EDU> > a) Use 128 bit SSL if the client allows it. > b) Tell users which cipher is being used on a secure session. Interesting. When I connect, both from my Unix box at work and my Mac at home, I'm told the connection is "40 bits RC4". I'm running Netscape 1.1. I guess this makes sense, since if freely distributed clients were 128-bit capable, then foreign users would still get 128-bit security when connecting to U.S. servers. Netscape's press release on the RC4-40 crack seems to have disappeared from their home page, but I don't remember any specific mention of 128-bit U.S.-only clients, just servers. So what's up? -- Will From patrick at Verity.COM Wed Aug 30 09:42:45 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Wed, 30 Aug 95 09:42:45 PDT Subject: SSL brute/ng Message-ID: <9508301633.AA22586@cantina.verity.com> > > > would they like to consider some sort of mirroring approach for the server > > (at least on stats or updates/software) > > Not sure what you mean .... I think he wants to http to one of several machines to get the stats, each of which contain a mirrored copy of the stats. The cgi-bin script could do a redirect to make this happen if you wanted. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From jya at pipeline.com Wed Aug 30 10:22:06 1995 From: jya at pipeline.com (John Young) Date: Wed, 30 Aug 95 10:22:06 PDT Subject: CIA & Espionage Message-ID: <199508301721.NAA10401@pipe4.nyc.pipeline.com> Responding to msg by danisch at ira.uka.de (Hadmut Danisch) on Wed, 30 Aug 2:46 PM >It was said that Pres. Clinton had given a speech while >visiting the CIA HQ in Langley/Virginia. He allegedly >said in this speech that obtaining industrial >informations has the highest priority and this were the >new task for the spies. > >Can anyone confirm the quotation? Hadmut, This is excerpted from: http://www.awpi.com/IntelWeb/IWR/Updates/2/181.html ---------- IWR Daily Update Vol. 2, No. 181 JULY 24, 1995 _________________________________________________________________ UNITED STATES - CENTRAL INTELLIGENCE AGENCY (CIA) President Clinton has ordered the CIA to make economic espionage against our trade rivals a top priority. [sources: Los Angeles Times- Washington, by James Risen, 7/23/95; Kyodo - Los Angeles, 7/23/95] From dsc at swcp.com Wed Aug 30 11:02:56 1995 From: dsc at swcp.com (Dar Scott) Date: Wed, 30 Aug 95 11:02:56 PDT Subject: CIA & Espionage Message-ID: In responding to Hadmut John Young seems to have quoted IWR Daily Update in writing, > UNITED STATES - CENTRAL INTELLIGENCE AGENCY (CIA) > > President Clinton has ordered the CIA to make economic >espionage > against our trade rivals a top priority. [sources: Los >Angeles Times- > Washington, by James Risen, 7/23/95; Kyodo - Los Angeles, >7/23/95] Are we to assume both black and white? Will the CIA have access to escrowed keys in exported software? ---Dar (list newbie) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 <--- 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html My preference for attached files are in this order: AOL, Mime, Binhex4, PGP, UUencode =========================================================== From sjb at austin.ibm.com Wed Aug 30 11:14:55 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Wed, 30 Aug 95 11:14:55 PDT Subject: SSL search attacks In-Reply-To: <199508301056.GAA26657@detroit.freenet.org> Message-ID: <9508301813.AA12150@ozymandias.austin.ibm.com> David R. Conrad writes >Scott Brickner writes: >>don at cs.byu.edu writes >>>A random (instead >>>of sequential) allocation _by the keyserver_ (out of unallocated >>>piecemeal segments) would also take some work to implement. >> >>The problem is that it's irrelevant to the problem. Random allocation >>at the server is equivalent to simply "shuffling" the segments before >>assignment, which doesn't affect the rate at which the space is searched. > >The point is that if J. Random Badguy knows that the key lies in segment >0x1bad and wants to get this segment and send a false NAK for it, he can >watch as key segments are doled out (perhaps with clients running on a >number of machines) and when 0x1bad gets close, say, when 0x1b0b comes >out, he can instruct all his clients to start hammering the server for >all they're worth in an attempt to get the key segment assigned to one >of his clients. > >If the segments are shuffled before they are handed out then this attack >becomes impossible, since the attacker has no way of knowing when >segment 0x1bad will be handed out. An excellent point. One I'd missed. I agree that a random shuffle of segments is appropriate. From JonathanZ at consensus.com Wed Aug 30 11:32:59 1995 From: JonathanZ at consensus.com (Jonathan Zamick) Date: Wed, 30 Aug 95 11:32:59 PDT Subject: CIA & Espionage Message-ID: At 10:02 AM 8/30/95, Dar Scott wrote: >In responding to Hadmut John Young seems to have quoted IWR Daily >Update in writing, >> UNITED STATES - CENTRAL INTELLIGENCE AGENCY (CIA) >> >> President Clinton has ordered the CIA to make economic >>espionage >> against our trade rivals a top priority. [sources: Los >>Angeles Times- >> Washington, by James Risen, 7/23/95; Kyodo - Los Angeles, >>7/23/95] > >Are we to assume both black and white? > >Will the CIA have access to escrowed keys in exported software? Perhaps if economic espionage is such a high priority, then we'll have to start using more secure keys in the future. After all, any international corporation limited to using limited bit encryption schemes is just asking for its rivals to start grabbing the traffic and stealing their information. Jonathan From unicorn at access.digex.net Wed Aug 30 11:56:15 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 30 Aug 95 11:56:15 PDT Subject: CIA & Espionage In-Reply-To: <9508301246.AA14561@elysion.iaks.ira.uka.de> Message-ID: On Wed, 30 Aug 1995, Hadmut Danisch wrote: > Date: Wed, 30 Aug 1995 14:46:23 +0200 > From: Hadmut Danisch > To: cypherpunks at toad.com > Subject: CIA & Espionage > > In a german weekly news magazine (Focus 34/1995, p. 178-181) I read an > article about industrial espionage. It is said that the secret > services have lost their main task when the east/west cold war had > gone. Their new task is the industrial espionage. The russian, french, > and american services were referenced in the article. > > It was said that Pres. Clinton had given a speech while visiting the > CIA HQ in Langley/Virginia. He allegedly said in this speech that obtaining > industrial informations has the highest priority and this were the new > task for the spies. > > Can anyone confirm the quotation? Yes. I've been told the same thing. Moreover, I believe the quotation, not because of the source of confirmation, but because it fits right into the direction most of the intelligence agencies have been taking since the revelation that the French had won out a multi-billion $ contract for air traffic control because the French service had, through various espionage methods, determined the U.S. bidding position and such. Sorry I can't give attributation for the confirmation. > > Hadmut > > > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From unicorn at access.digex.net Wed Aug 30 11:58:37 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 30 Aug 95 11:58:37 PDT Subject: CIA & Espionage In-Reply-To: Message-ID: On Wed, 30 Aug 1995, Dar Scott wrote: > Date: Wed, 30 Aug 1995 12:02:48 -0600 > From: Dar Scott > To: cypherpunks at toad.com > Subject: Re: CIA & Espionage > > In responding to Hadmut John Young seems to have quoted IWR Daily > Update in writing, > > UNITED STATES - CENTRAL INTELLIGENCE AGENCY (CIA) > > > > President Clinton has ordered the CIA to make economic > >espionage > > against our trade rivals a top priority. [sources: Los > >Angeles Times- > > Washington, by James Risen, 7/23/95; Kyodo - Los Angeles, > >7/23/95] > > Are we to assume both black and white? > > Will the CIA have access to escrowed keys in exported software? Duh. > > ---Dar > (list newbie) > > > =========================================================== > Dar Scott Home phone: +1 505 299 9497 > > Dar Scott Consulting Voice: +1 505 299 5790 <--- > 8637 Horacio Place NE Email: darscott at aol.com > Albuquerque, NM 87111 dsc at swcp.com > Fax: +1 505 898 6525 > http://www.swcp.com/~correspo/DSC/DarScott.html > My preference for attached files are in this order: > AOL, Mime, Binhex4, PGP, UUencode > =========================================================== > > > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From danisch at ira.uka.de Wed Aug 30 14:27:59 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Wed, 30 Aug 95 14:27:59 PDT Subject: CIA & Espionage Message-ID: <9508302127.AA00492@elysion.iaks.ira.uka.de> > because of the source of confirmation, but because it fits right into the > direction most of the intelligence agencies have been taking since the > revelation that the French had won out a multi-billion $ contract for air > traffic control because the French service had, through various espionage > methods, determined the U.S. bidding position and such. We have a similar story in Germany. Some time ago, an asian country (South Korea if I remember well) was looking for a high speed passenger train. They had to choose between the german ICE and the french TGV. Both trains have nearly the same quality from technical point of view. Korea decided to take the cheaper one. The germans gave an offer and just half an hour later the french gave an offer slightly (just a little bit) cheaper than the germans. France got the order (over 10^9 D-Mark). The german headquarter had instructed their asian office to give the offer with a certain price through unprotected fax. It is said that the fax was wiretapped by the french secret service (allegedly)... Hadmut From don at cs.byu.edu Wed Aug 30 14:49:03 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Wed, 30 Aug 95 14:49:03 PDT Subject: SSL search attack Message-ID: <199508302142.PAA00178@wero> -----BEGIN PGP SIGNED MESSAGE----- From: Scott Brickner >>If the segments are shuffled before they are handed out then this attack >>becomes impossible, since the attacker has no way of knowing when >>segment 0x1bad will be handed out. > >An excellent point. One I'd missed. I agree that a random shuffle >of segments is appropriate. Problem is, though, if *each* segment is shuffled, or shuffled in groups of 10 or 25 or 50 or what? brutessl is designed for sequential search through a block of segments. I was pulling down blocks of up to 40 segments each, for each machine I was running. Of course, with brloop running I won't be in such a bind (I have yet to see that it really works though..) but still it also represents a coding problem as to handing out sequential segments within shuffled blocks. Hey, by the way Piete, is there gonna be a ego list (rankings) like there was with the RC4? Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMETbAMLa+QKZS485AQFU7QL/WTljlZyetr0x+L9eBJnrYUNNY1BHfTJn C83wiJgPO5cpR6b/Vn8hYPnMRXnEhaxRJ062TcRitdngsUND1W+6d04Ph1gg/Qj8 US6FtoP+Yk9BhcYlYfogh3YSOxcgIvbu =UiWq -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From sjb at austin.ibm.com Wed Aug 30 15:03:32 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Wed, 30 Aug 95 15:03:32 PDT Subject: SSL search attack In-Reply-To: <199508302142.PAA00178@wero> Message-ID: <9508302203.AA16891@ozymandias.austin.ibm.com> don at cs.byu.edu writes >From: Scott Brickner >>>If the segments are shuffled before they are handed out then this attack >>>becomes impossible, since the attacker has no way of knowing when >>>segment 0x1bad will be handed out. >> >>An excellent point. One I'd missed. I agree that a random shuffle >>of segments is appropriate. > >Problem is, though, if *each* segment is shuffled, or shuffled in groups >of 10 or 25 or 50 or what? brutessl is designed for sequential search >through a block of segments. I was pulling down blocks of up to 40 segments >each, for each machine I was running. Of course, with brloop running I >won't be in such a bind (I have yet to see that it really works though..) >but still it also represents a coding problem as to handing out sequential >segments within shuffled blocks. Well, the only real issue is that the requestor *not* be able to reliably predict which segments will be assigned. The server may adopt a strategy of picking a random block of segments for each request. This introduces a certain amount of fragmentation into the process, but there are strategies to minimize this. It may be enough to break up keyspace into, say, 32 "regions", and fill requests sequentially, but from a randomly selected region. From scmayo at rschp1.anu.edu.au Wed Aug 30 17:46:55 1995 From: scmayo at rschp1.anu.edu.au (Sherry Mayo) Date: Wed, 30 Aug 95 17:46:55 PDT Subject: PGP on UK TV Message-ID: <9508310046.AA06956@toad.com> Sorry if someone has already posted this but I didn't think I had seem it on the list: Found this on Uk.misc: ========================== alecm at coyote.uk.sun.com (Alec Muffett) wrote: >> >> Sunday 3rd September. 7:00pm on Channel 4. Equinox. >> >> "Cybersecurity" - an investigation into cryptography, the >> Internet, civil rights, Phil Zimmerman, PGP (and should we be >> permitted to use it?) and so forth. >> >>I, for one, am going to be videoing it. >>Let's just hope they get it right. > >Having seen a preview trailer of the program I am glad to say that it >comes down on the _right_ side (ie right to privacy, etc). > >It also refers to cipherpunks as "rebel programmers" - I dunno but >I quite like this description of them :-) Has a sort of cult-hero status >about it. ========================== Sherry ps Can't watch it cos I'm in Oz let us know if it was any good. From patrick at Verity.COM Wed Aug 30 17:57:06 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Wed, 30 Aug 95 17:57:06 PDT Subject: Is the book Network Security any good? Message-ID: <9508310053.AA01365@cantina.verity.com> Has anyone read the book "Network Security Private Communication in a PUBLIC World" yet? It's by Charlie Kaufman, Radia Perlman, and Mike Speciner, and has a copyright date of this year. Is it good? What's the level? Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From nobody at valhalla.phoenix.net Wed Aug 30 18:13:30 1995 From: nobody at valhalla.phoenix.net (Anonymous) Date: Wed, 30 Aug 95 18:13:30 PDT Subject: Ajax Message-ID: <199508310015.TAA04710@ valhalla.phoenix.net> A source for links to the Intelligence Community: URL: http://www.interport.net/~sagal/ajax.html ---------- AJAX UNITED STATES AND INTERNATIONAL GOVERNMENT MILITARY AND INTELLIGENCE AGENCY ACCESS Last update: 16 AUG 95. All accesses verified at time of inclusion. Certain locations or sections thereof may be closed to unauthorized use. Please read access warnings, if any, and abide by them. _______________________________________________________ United States Government Intelligence and Law Enforcement Agency Servers ATF (Bureau of Alcohol, Tobacco and Firearms) BOP (Federal Bureau of Prisons) CIA (Central Intelligence Agency) COPNET FBI (Federal Bureau of Investigation) FINCEN (Federal Crimes Enforcement Network) FLETC (Federal Law Enforcement Training Center) HEROES (U.S. Department of State Diplomatic Security Service Counter-Terrorism Rewards Program) MARSHALS (U.S. Marshals Service) NLETC (National Law Enforcement Technology Center) SS (Secret Service) United States Military Branch Servers NATGUARD (Army and Air National Guards) USA (United States Army) USAF (United States Air Force) USCG (United States Coast Guard) USMC (United States Marine Corps) USN (United States Navy) United States Military & Defense Agency Servers ACC (Air Combat Command) AFIN (U.S. Air Force InterNet) AFOS1 (1st Security Police Squadron, Langley Air Force Base) CHIEFS (Joint Chiefs of Staff) DEFENSE (Defense Department) DISA (Defense Information Systems Agency) DRMS (Defense Reutilization and Marketing Service) NEW (8/16/95) DTIC (Defense Technical Information Center) NAVWAN (Naval Aviation Systems Team Wide Area Network) NAWCWPNS (Naval Air Warfare Center Weapons Division) NCS (National Communications System) NSWC (Naval Surface Warfare Center) United States Military & Defense Laboratory Servers AHPCRC (Army High Performance Computing Research Center) ARPA (Advanced Research Projects Agency) BMDO (Ballistic Missile Defense Organization Test Data Centers) LABLINK (U.S. Department of Defense Laboratory System) NRL (The Naval Research Laboratory) RL (USAF Rome Laboratory for C41 Technology) International Intelligence and Law Enforcement Agency Servers FORENSICS (The Forensic Web, Canada) UKPFW (UK Police and Forensic Web) RSB (Home Office Research and Statistics Department, UK) UNCPCJ (United Nations Crime Prevention & Criminal Justice) NATO and International Military Agency Servers DRA (Defence Research Agency, United Kingdom) DREO (Defense Research Establishment, Ottawa, Canada) NATO (North Atlantic Treaty Organization) SACLANT (Supreme Allied Commander, Atlantic) United States Regulatory Agency Servers EPA (U.S. Environmental Protection Agency) FAA (Federal Aviation Administration Technical Center) FCC (Federal Communications Commission) FTC (Federal Trade Commission) NRC (Nuclear Regulatory Commission) SEC (Securities and Exchange Commission) United States Government Agency Servers CDC (Centers for Disease Control and Prevention) CENSUS (U.S. Department of Commerce Bureau of the Census) CONGRESS (U.S. House of Representatives) CUSTOMS (U.S. Customs Service) DHHS (U.S. Department of Health and Human Services) DOE (U.S. Department of Energy National Laboratories & Programs) DOSFAN (Department of State Foreign Affairs Network) EXECUTIVE (The White House) FDIC (Federal Deposit Insurance Corporation) FEMA (Federal Emergency Management Agency) GPO (U.S. Government Printing Office) GSA (U.S. General Services Administration) HPCC (NOAA High Performance Computing and Communications) IRS (Internal Revenue Service) JUSTICE (Justice Department) NARA (National Archives and Records Administration) NASA (National Aeronautics and Space Administration) NIMH (National Institute of Mental Health) NOAA (National Oceanic & Atmospheric Administration) NSF (National Science Foundation) NTIS (National Technical Information Service) SBA (Small Business Administration) NEW (8/16/95) SEL (Space Environment Laboratory) TREASURY (Treasury Department) USCODE (U.S. House of Representatives Internet Law Library U.S. Code) _______________________________________________________ AJAX maintained and monitored by Sagal Computer Systems. E-Mail suggestions, additions, comments or corrections to sagal at interport.net From ylo at cs.hut.fi Wed Aug 30 18:26:14 1995 From: ylo at cs.hut.fi (Tatu Ylonen) Date: Wed, 30 Aug 95 18:26:14 PDT Subject: CIA & Espionage In-Reply-To: <199508301721.NAA10401@pipe4.nyc.pipeline.com> Message-ID: <199508310125.EAA14438@shadows.cs.hut.fi> > >It was said that Pres. Clinton had given a speech while > >visiting the CIA HQ in Langley/Virginia. He allegedly > >said in this speech that obtaining industrial > >informations has the highest priority and this were the > >new task for the spies. There was a fairly large article about this in Helsingin Sanomat, the largest newspaper in Finland, some weeks ago. It was quoted as being originally from the New York Times. (I have the clip saved at home and can check the date if anyone is interested.) I do find it rather shocking that the most powerful country in the world sets industrial espionage as the primary task of their intelligence services. Now talking about those crypto restrictions worldwide and the real reasons why the United States is driving them... Tatu Ylonen -- International Cryptography Pages - check http://www.cs.hut.fi/ssh/crypto From hroller at c2.org Wed Aug 30 18:47:02 1995 From: hroller at c2.org (hroller Mixmaster) Date: Wed, 30 Aug 95 18:47:02 PDT Subject: Mixmaster Security Issues Message-ID: <199508310117.SAA20828@infinity.c2.org> Apart from thwarting traffic analysis attacks, how does the security of a Mixmaster Type II remailer packet compare to that of a PGP-chained Type I message? For example, is each remailer in the path limited to knowing only the next remailer in the path? Is there any way for a remailer (except for the first and last in the chain) to know how many hops have already occurred or how many remain? Is there a session key chosen via an RNG? If so, how random is the RNG? Is it seeded from a pseudo-random source that's at least as secure as measuring keystroke latencies, as PGP does? Lance Cottrell's original "remailer essay" which proposed the Type II concept envisioned, if I'm not mistaken, the use of PGP technology to do the actual encryptions. Now it seems that another, seemingly proprietary, implementation of RSAREF was used, instead. What was the reason for this change? Would any security be lost if Type I and II technology were combined and a PGP-chained Type I packet were initially sent via Mixmaster? This would would seem to provide the necessary protection against traffic analysis while bypassing any *POSSIBLE* hidden weaknesses in Mixmaster. IOW, if the outer Mixmaster "envelope" were "steamed open", perhasps based on some hidden weakness in Mixmaster, the inner, nested PGP envelope(s) would remain intact. BTW, what volume of message traffic is the Mixmaster network of remailers currently handling? Is much cover traffic necessary to minimize delays while providing enough reordering to thwart traffic analysis? (IOW, so a remailer with a reordering pool size of five messages, and averaging one REAL message a day, wouldn't have to keep a message for an average of five days before sending it on its next hop, as a worst-case scenario). Is my math correct in surmising that chaining a message through five remailers, each with a reordering pool of five messages, could mean that the message eventually leaves the chain as one of 5^5 (3125) possible messages? (My math is a bit weak, so please feel free to correct my methodology, if necessary.) If so, does that work in reverse? Could a given output message that finally surfaced in the clear be narrowed down to one of 3125 Mixmaster input messages through traffic analysis? Or would the fact that the attacker didn't know the exact number of hops utilized significantly increase the odds against identifying the sender? What effect, if any, would increasing the number of available remailers have on traffic analysis? From hallam at w3.org Wed Aug 30 19:54:59 1995 From: hallam at w3.org (hallam at w3.org) Date: Wed, 30 Aug 95 19:54:59 PDT Subject: Is the book Network Security any good? In-Reply-To: <9508310053.AA01365@cantina.verity.com> Message-ID: <9508310253.AA09578@zorch.w3.org> >Has anyone read the book "Network Security Private Communication in a >PUBLIC World" yet? It's by Charlie Kaufman, Radia Perlman, and Mike >Speciner, and has a copyright date of this year. Its pretty good on security and structure of protocols. Makes a good companion to the Schneier book. I use it frequently. It does have some very irritating assertions concerning ASN.1 however, specifically concerning its use in Kerberos. I consider Kerberos's use of ASN.1 to be far superior than the alternative suggested which is pure lossage. Lambasting the use of ASN.1 is fair game but arguments over wasted bytes miss the point of ASN.1 and the BER encoding entirely. It would make a usefull course book. Phill From shamrock at netcom.com Wed Aug 30 19:55:00 1995 From: shamrock at netcom.com (Lucky Green) Date: Wed, 30 Aug 95 19:55:00 PDT Subject: NIST Key Escrow meeting Message-ID: At 7:51 8/30/95, Flame Remailer wrote: >Subject: NIST Key Escrow Meeting Discussion Papers > >Key Escrow Issues Meeting, September 6-7, 1995 >Discussion Paper #1 [Old and new GAK requirenments elided] >With your input, we are hopeful that this effort will lead to >definitive criteria, which will facilitate the development of >exportable products and help minimize the time required to obtain >export licenses. The Administration seeks to finalize such >criteria and make formal conforming modifications to the export >regulations before the end of 1995. > > >Note: These issues will be discussed at the Key Escrow Issues >Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at >the National Institute of Standards and Technology (Gaithersburg, >Maryland). The meeting will be open to the public, although >seating is limited. Advance registration is requested, please >contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e- >mail: carlton at micf.nist.gov. Will any Cypherpunks attend this meeting? I sure hope we get to make our ideas know. -- Lucky Green PGP encrypted mail preferred. From unicorn at access.digex.net Wed Aug 30 20:08:12 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 30 Aug 95 20:08:12 PDT Subject: CIA & Espionage In-Reply-To: <9508302127.AA00492@elysion.iaks.ira.uka.de> Message-ID: On Wed, 30 Aug 1995, Hadmut Danisch wrote: > Date: Wed, 30 Aug 1995 23:27:23 +0200 > From: Hadmut Danisch > To: cypherpunks at toad.com > Subject: Re: CIA & Espionage > > > > because of the source of confirmation, but because it fits right into the > > direction most of the intelligence agencies have been taking since the > > revelation that the French had won out a multi-billion $ contract for air > > traffic control because the French service had, through various espionage > > methods, determined the U.S. bidding position and such. > > We have a similar story in Germany. Some time ago, an asian country > (South Korea if I remember well) was looking for a high speed > passenger train. They had to choose between the german ICE and the > french TGV. Both trains have nearly the same quality from technical > point of view. Korea decided to take the cheaper one. > > The germans gave an offer and just half an hour later the french gave > an offer slightly (just a little bit) cheaper than the germans. France > got the order (over 10^9 D-Mark). The german headquarter had > instructed their asian office to give the offer with a certain price > through unprotected fax. It is said that the fax was wiretapped by the > french secret service (allegedly)... The french are particularly nortorious for this. > > Hadmut > Question: How many pounds of explosive were put in the Citreon which leveled the embassy in a massive explosion? Answer: Zero. 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From unicorn at access.digex.net Wed Aug 30 20:13:07 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 30 Aug 95 20:13:07 PDT Subject: NIST Key Escrow meeting In-Reply-To: Message-ID: On Wed, 30 Aug 1995, Lucky Green wrote: > Date: Wed, 30 Aug 1995 19:58:52 -0800 > From: Lucky Green > To: cypherpunks at toad.com > Subject: Re: NIST Key Escrow meeting > > At 7:51 8/30/95, Flame Remailer wrote: > >Subject: NIST Key Escrow Meeting Discussion Papers > > > >Key Escrow Issues Meeting, September 6-7, 1995 > >Discussion Paper #1 > > [Old and new GAK requirenments elided] > >With your input, we are hopeful that this effort will lead to > >definitive criteria, which will facilitate the development of > >exportable products and help minimize the time required to obtain > >export licenses. The Administration seeks to finalize such > >criteria and make formal conforming modifications to the export > >regulations before the end of 1995. > > > > > >Note: These issues will be discussed at the Key Escrow Issues > >Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at > >the National Institute of Standards and Technology (Gaithersburg, > >Maryland). The meeting will be open to the public, although > >seating is limited. Advance registration is requested, please > >contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e- > >mail: carlton at micf.nist.gov. > > Will any Cypherpunks attend this meeting? I sure hope we get to make our > ideas know. I will attempt to attend, but I will not be speaking, sorry. At the least, if I can make it, I will try to post a summary. > > -- Lucky Green > PGP encrypted mail preferred. > > > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From rsalz at osf.org Wed Aug 30 20:33:58 1995 From: rsalz at osf.org (Rich Salz) Date: Wed, 30 Aug 95 20:33:58 PDT Subject: Is the book Network Security any good? Message-ID: <9508310333.AA12779@sulphur.osf.org> >It does have some very irritating assertions concerning ASN.1 however, >specifically concerning its use in Kerberos. I consider Kerberos's use of ASN.1 >to be far superior than the alternative suggested which is pure lossage. What was the alternative suggestion? Many KRB5 folks, including Ted T'so, have said that using ASN.1 is the biggest mistake in the KRB5 protocol. >Lambasting the use of ASN.1 is fair game but arguments over wasted bytes miss the >point of ASN.1 and the BER encoding entirely. Hunh? The points of ASN.1 and BER (DER? -- a little mavros joke :) *are* irrelevent to Kerberos. Wasted bytes in your security protocol should most definitely be a concern. Charlie and Radia are hot-shits; I don't know the other guy. /r$ From nelson at crynwr.com Wed Aug 30 20:46:16 1995 From: nelson at crynwr.com (Russell Nelson) Date: Wed, 30 Aug 95 20:46:16 PDT Subject: Mixmaster Security Issues In-Reply-To: <199508310117.SAA20828@infinity.c2.org> Message-ID: Date: Wed, 30 Aug 1995 18:17:02 -0700 Can't answer all of your questions, but I'll answer the ones I can, which will save time for someone else to answer the rest of them. Apart from thwarting traffic analysis attacks, how does the security of a Mixmaster Type II remailer packet compare to that of a PGP-chained Type I message? Well, on the one hand, PGP uses IDEA, which is arguably better than triple-DES, but PGP also only uses the key length(s) of choice, which is to say that if you use the minimum length, you have very little security. Also, Mixmaster packets remain the same length from hop to hop, so they are harder to track. Not every PGP remailer reorders. For example, is each remailer in the path limited to knowing only the next remailer in the path? And the previous one. For PGP-chaining, that tells you a lot, because you can observe the message length getting smaller. Is there any way for a remailer (except for the first and last in the chain) to know how many hops have already occurred or how many remain? No. The hop list is a constant length, and the list is back-encrypted through the chain, so that all you can ever know is the next hop, which the previous remailer couldn't know because it couldn't decrypt it. And not even the first or last necessarily! Both the source and destination are running Mixmaster (by definition). There's no reason why mixmaster must remail -- eventually it delivers. And someone sourced the mail using Mixmaster. If the source or destination is not on an advertised remailer, or the destination was non-local to the destination remailerthen it's pretty obvious that someone on that host is an endpoint. But that's one of the beauties of Mixmaster -- there's a large security increase in setting it up as a remailer and advertising it. Would any security be lost if Type I and II technology were combined and a PGP-chained Type I packet were initially sent via Mixmaster? Security is increased. Is my math correct in surmising that chaining a message through five remailers, each with a reordering pool of five messages, could mean that the message eventually leaves the chain as one of 5^5 (3125) possible messages? You're ignoring the case where it is to/from a machine that runs a public remailer. -- -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 (9201 FAX) | America neither a Christian, Potsdam, NY 13676 | Jewish, Islamic, nor atheist (etc&) nation. This is good. From alano at teleport.com Wed Aug 30 20:54:13 1995 From: alano at teleport.com (Alan Olsen by way of Alan Olsen ) Date: Wed, 30 Aug 95 20:54:13 PDT Subject: [comp.security.unix] Advice on password security guidelines Message-ID: <199508310353.UAA29997@desiree.teleport.com> I found this on alt.humor.best-of.usenet. It seemed like something that would be appreciated here. (And it is not that far off topic.) Enjoy! ----------------------------------------------------------- In alt.humor.best-of-usenet, Artur Pioro wrote: >From: Paul Ashton >Newsgroups: comp.security.unix >Subject: Advice on password security guidelines >Hi, >my boss has asked me for comments and improvements on his new password >security policy. To me, it seems a bit severe. If anyone can offer any >additional suggestions please do, here goes... >For immediate issue: >Password changing guidelines V2.2b >Due to new security policies, the following guidelines have >been issued to assist in choosing new passwords. Please follow >them closely. >Passwords must conform to at least 21 of the following attributes. >1. Minimum length 8 characters >2. Not in any dictionary. >3. No word or phrase bearing any connection to the holder. >4. Containing no characters in the ASCII character set. >5. No characters typeable on a Sun type 5 keyboard >6. No subset of one character or more must have appeared on > Usenet news, /dev/mem, rand(3), or the King James bible (version 0.1alpha) >7. Must be quantum theoretically secure, i.e. must automatically change > if observed (to protect against net sniffing). >8. Binary representation must not contain any of the sequences 00 01 10 11, > commonly known about in hacker circles. >9. Be provably different from all other passwords on the internet. >10. Not be representable in any human language or written script. >11. Colour passwords must use a minimum 32 bit pallette. >12. Changed prior to every use. >13. Resistant to revelation under threat of physical violence. >14. Contain tissue samples of at least 3 vital organs. >15. Incontravertible by OJ Simpsons lawyers. >16. Undecodable by virtue of application of 0 way hash function. >17. Odourless, silent, invisible, tasteless, weightless, shapeless, lacking > form and inert. >18. Contain non-linear random S-boxes (without a backdoor). >19. Self-escrowable to enable authorities to capture kiddie-porn people > and baddies but not the goodies ("but we'll only decode it with a > court order, honest"). >20. Not decryptable by exhaustive application of possible one time pads. >Due to the severity of the restrictions, if the password is entered >incorrectly 3 times at login time, you will be asked if you would like to >pick a new one. >Please add guidelines to the above and adjust the minimum conformation >requirement, if applicable. >-- >Moderators accept or reject articles based solely on the criteria posted >in the Frequently Asked Questions. Article content is the responsibility >of the submittor. Submit articles to ahbou-sub at acpub.duke.edu. To write >to the moderators, send mail to ahbou-mod at acpub.duke.edu. | Spam is the Devil's toothpaste! | alano at teleport.com | |"It's only half a keyserver. I had to split the | Disclaimer: | |other half with the government man." - Black Art | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From tcmay at got.net Wed Aug 30 22:11:06 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 30 Aug 95 22:11:06 PDT Subject: Economic Espionage? Message-ID: At 1:25 AM 8/31/95, Tatu Ylonen wrote: >> >It was said that Pres. Clinton had given a speech while >> >visiting the CIA HQ in Langley/Virginia. He allegedly >> >said in this speech that obtaining industrial >> >informations has the highest priority and this were the >> >new task for the spies. > >There was a fairly large article about this in Helsingin Sanomat, the >largest newspaper in Finland, some weeks ago. It was quoted as being >originally from the New York Times. (I have the clip saved at home >and can check the date if anyone is interested.) > >I do find it rather shocking that the most powerful country in the >world sets industrial espionage as the primary task of their >intelligence services. What confirmation can you give us for this statement? I'd like to see the actual comments, not just second-hand reports. The issue of economic surveillance has come up several times, and I know of no formal policy to institute such a program. The U.S., with generally multiple competitors in each market, would have a hard time figuring out who to tell "foreign secrets" to. Would Ford be told? Or just General Motors? What about companies with operations in multiple countries? Former DIRNSA (Director of the NSA) William Odom has said repeatedly that economic espionage cannot plausibly be a central task of the NSA. Before anyone accuses me of being an apologist for the NSA (usually these claims arrive anonymously), I've been looking for evidence of an economic intelligence role or mission of the U.S. intelligence agencies for more than 7 years. Let's see some evidence. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From poodge at econ.Berkeley.EDU Wed Aug 30 22:23:09 1995 From: poodge at econ.Berkeley.EDU (Sam Quigley) Date: Wed, 30 Aug 95 22:23:09 PDT Subject: yabc Message-ID: <199508310523.WAA21036@quesnay.Berkeley.EDU> -----BEGIN PGP SIGNED MESSAGE----- Hi. I'm writing a replacement for brloop/brclient in perl, one with full SKSP compatibiliy, and one which is easily extensible and more straightforward than the original br* code... What would be some useful features to include in the code? I'm attempting to make it more friendly, more "intelligent", etc -- the whole shebang. It would be reasonably easy to, as someone here suggested, have the program start the keyfetch process before the last key segment finished, or whatever -- the question is, is that worth it? I'm also including code to make it possible for the user to specify how much time she wants to give the search, etc... It should be possible to include code for a very simple sort of farming setup (at least something to allow easy remote launches of the brute code).. Would all this be useful to other people? What features would make it more so? Also, it seems that there have been some "extensions" to the SKSP protocol... For instance, suddenly there are different machines dedicated just to ACKs, etc. Is there a central repository of these changes? (Have these changes even been publicly reviewed?) (the program, in case you couldn't deduce it from the title of this message is to be "yabc" - yet another brute* client. oh how so clever and original, no?) - -sq -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMEVHLlIP+Y8TPTdtAQHUowQAxVPVlw9WCw8wzSib8HgEitikLs459/rv zfuSV60L/7eyePb3ah/xVDWvsub/3Alru7PfgmdSssaZe3RX1Ory0xbLXoB8lXTw 2KeGb18ogRkL/2ALfA85rgAycQ6NxY4o+u/oQxY0WVlukWU+WG71bXjVRyh+YEDd AEKBnx6/uO8= =TK/a -----END PGP SIGNATURE----- From Piete.Brooks at cl.cam.ac.uk Wed Aug 30 23:35:47 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Wed, 30 Aug 95 23:35:47 PDT Subject: SSL search attack In-Reply-To: <199508302142.PAA00178@wero> Message-ID: <"swan.cl.cam.:108150:950831063347"@cl.cam.ac.uk> > Problem is, though, if *each* segment is shuffled, or shuffled in groups > of 10 or 25 or 50 or what? brutessl is designed for sequential search > through a block of segments. I was pulling down blocks of up to 40 segments > each, for each machine I was running. Of course, with brloop running I > won't be in such a bind (I have yet to see that it really works though..) > but still it also represents a coding problem as to handing out sequential > segments within shuffled blocks. My view is that IFF this becomes a problem, I'll do something to fix it. I can do it in the server (under my control) after a complete scan has been completed without finding the key. It may mean you only get smaller blocks, but IFF we get that far, tough ! > Hey, by the way Piete, is there gonna be a ego list (rankings) like there > was with the RC4? Err -- look on http://www.brute.cl.cam.ac.uk/brute/ -- follow CRACKED and then look at: Credits are available as plain text and as a table (needs a browser which supports tables !). "plain text" is 
 while "table" needs a fancy browser.


PS: I am working on beloop and brclient still, based on comments.
    brclient now uses early binding on the project, reducing traffic.
    brloop now has -h and -i flags, and a "-a" flag to create a .brloop.rc
    If allowed, it will log allocated and ACKed keys
    I have a "Local CPU Farm" slave server available
    Kevin  is working on a central server to "rsh"
	work to local CPUs.
    I am against pre-fetching of the next chunk, as I believe it should not be
	necessary (I'll review that after Hal3) and it tends to increase NOACKs


BTW: you make the 1% (of the TOTAL keyspace) cut :-)

              Credits for the CRACK of Hal's Second Challenge (plain) (p1 of 3)

            CREDITS FOR THE CRACK OF HAL'S SECOND CHALLENGE (PLAIN)

   Note that thet %age is the percentage of the complete address space.

   This data is also available as a table for users with a suitable
   browser.

%age  ACKs NoAs ACK/n ID
===== ==== ==== ===== ======================
8.498 5569 1572 0.780 jshekter at alias.com
2.182 1430  454 0.759 pjw at dcs.ed.ac.uk
1.892 1240    8 0.994 jelson at jhu.edu
1.587 1040  386 0.729 martin at mrrl.lut.ac.uk
1.437  942  412 0.696 bal at mit.edu
1.375  901    0 1.000 rkel02 at cs.auckland.ac.nz
1.367  896   51 0.946 nathanw at mit.edu
1.294  848  567 0.599 cwe at it.kth.se
1.083  710  879 0.447 floeff at mathematik.uni-stuttgart.de
1.044  684   42 0.942 aba at dcs.ex.ac.uk
1.025  672    0 1.000 bande at lut.fi
1.003  657  214 0.754 don at cs.byu.edu
0.891  584  254 0.697 droelke at aud.alcatel.com





From inglem at adnetsol.com  Wed Aug 30 23:41:49 1995
From: inglem at adnetsol.com (Mike Ingle)
Date: Wed, 30 Aug 95 23:41:49 PDT
Subject: RSA Secure (disk encryption)
Message-ID: <199508310641.XAA00285@cryptical.adnetsol.com>


RSA's home page (http://www.rsa.com) has a demo version of RSA Secure.
This is a disk/directory encryption program that serves the same
purpose as Secure Drive and SFS. According to their description, it
allows you to select only certain files to be encrypted, and uses
80-bit RC4. The demo/export version is only 40 bits.

It also has optional key escrow. You can choose to escrow a key by
secret-sharing it and giving pieces to various people. There is a
threshold system so m of n people have to cooperate to decrypt it.

						Mike




From Piete.Brooks at cl.cam.ac.uk  Thu Aug 31 00:00:51 1995
From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks)
Date: Thu, 31 Aug 95 00:00:51 PDT
Subject: Article in the Guardian (UK) about Hal2 not bad ....
Message-ID: <"swan.cl.cam.:114490:950831070035"@cl.cam.ac.uk>


An article by Azeem Azhar on page three of today's "The Guardian Online"
(he tells me it is available only in paper form !) is fairly positive.
He puts over the main point: "since US government regulations prevent the
export of software that uses stronger cryptographic techniques".





From perry at piermont.com  Thu Aug 31 01:08:58 1995
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 31 Aug 95 01:08:58 PDT
Subject: Is the book Network Security any good?
In-Reply-To: <9508310053.AA01365@cantina.verity.com>
Message-ID: <199508310807.EAA24230@frankenstein.piermont.com>



Patrick Horgan writes:
> Has anyone read the book "Network Security Private Communication in a 
> PUBLIC World" yet?  It's by Charlie Kaufman, Radia Perlman, and Mike
> Speciner, and has a copyright date of this year.
> 
> Is it good?  What's the level?

I know a bit Charlie and have met Radia and they are both quite
smart. Word from third parties is that the book is good. I haven't
read it myself, though

Perry





From loki at obscura.com  Thu Aug 31 01:14:28 1995
From: loki at obscura.com (Lance Cottrell)
Date: Thu, 31 Aug 95 01:14:28 PDT
Subject: Mixmaster Security Issues
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 6:17 PM 8/30/95, hroller Mixmaster wrote:
>Apart from thwarting traffic analysis attacks, how does the security
>of a Mixmaster Type II remailer packet compare to that of a
>PGP-chained Type I message?
>

There is no way in which the security of Mixmaster messages is LESS than
that of type I (cypherpunk) remailers. 

>For example, is each remailer in the path limited to knowing only
>the next remailer in the path?  Is there any way for a remailer
>(except for the first and last in the chain) to know how many hops
>have already occurred or how many remain?  Is there a session key
>chosen via an RNG?  If so, how random is the RNG?  Is it seeded from
>a pseudo-random source that's at least as secure as measuring
>keystroke latencies, as PGP does?

Yes, each remailer is limited to knowing the previous and next
destinations. 

A Mixmaster remailer can only tell if it is first, last, or somewhere in
the middle. No information is leaked about position in the chain. There is
a hard limit of 20 hops. 


>Lance Cottrell's original "remailer essay" which proposed the Type
>II concept envisioned, if I'm not mistaken, the use of PGP
>technology to do the actual encryptions.  Now it seems that another,
>seemingly proprietary, implementation of RSAREF was used, instead.
>What was the reason for this change?

Version 1.0 (which was released but not widely used or promoted) used
PGPTools by Pr0duct Cypher. This is a library which provides hooks for most
of the major PGP routines. The main problem with PGPTools is that I could
not get it to compile on anything but a SUN. The other problem was that it
was difficult to control the encryption so I could avoid any change in the
size of information when it was encrypted. RSAREF is very portable, robust,
supported, easy to work with, and was easy to use for fine control of the
encryption process. RSAREF is also much less of a black box to me. I can
understand what it is doing in detail. 

>
>Would any security be lost if Type I and II technology were combined
>and a PGP-chained Type I packet were initially sent via Mixmaster?
>This would would seem to provide the necessary protection against
>traffic analysis while bypassing any *POSSIBLE* hidden weaknesses in
>Mixmaster.  IOW, if the outer Mixmaster "envelope" were "steamed
>open", perhasps based on some hidden weakness in Mixmaster, the
>inner, nested PGP envelope(s) would remain intact.
>

Because of the message size limitations there are some advantages to
sending the mixmaster chain through some type 1 remailers first, rather
than sending a type 1 message in a Mixmaster packet.

>BTW, what volume of message traffic is the Mixmaster network of
>remailers currently handling?  Is much cover traffic necessary to
>minimize delays while providing enough reordering to thwart traffic
>analysis?  (IOW, so a remailer with a reordering pool size of five
>messages, and averaging one REAL message a day, wouldn't have to
>keep a message for an average of five days before sending it on its
>next hop, as a worst-case scenario).
>

It is very difficult to know what fraction of the traffic I see is cover. I
generate some cover traffic my self, and I know some others do as well.
Right now a reordering pool of 5 messages results in a latency of about 30
min. Mixmaster is no longer a small fraction of the remailer market. A
majority of all public remailers support Mixmaster. 

>Is my math correct in surmising that chaining a message through five
>remailers, each with a reordering pool of five messages, could mean
>that the message eventually leaves the chain as one of 5^5 (3125)
>possible messages?  (My math is a bit weak, so please feel free to
>correct my methodology, if necessary.)  If so, does that work in
>reverse?  Could a given output message that finally surfaced in the
>clear be narrowed down to one of 3125 Mixmaster input messages
>through traffic analysis?  Or would the fact that the attacker
>didn't know the exact number of hops utilized significantly increase
>the odds against identifying the sender?  What effect, if any, would
>increasing the number of available remailers have on traffic
>analysis?

This is not quite correct, at each hop your message could have gone to any
remailer at all. There are now 16 Mixmaster remailers in operation. If you
have two good remailers in your chain (not run by the enemy), then a given
message into the system is probably one of the messages that emerges
between 10 Min and several hours later (with some complex probability
distribution over that time). Note that because of the way the reordering
is done, messages could stay in the pool forever, but this is exponentially
less likely with time.

It turns out that this is good security for one message, but is much less
secure if you continue to communicate with the same person for some time.
Then the attacker can look for correlations between your sending a message,
and everyone who receives them. After several messages in one month, you
will stand out, unless you send cover messages regularly, so you correlate
with everyone all the time (destroying any information about who you
actually correspond with). 

        -Lance
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMEVuSvPzr81BVjMVAQGDOAf/RnB3COZyT54zaPZea3dg3DvDRVWDXdTw
+vSlTdOO7Znu2EGy2hqr6hbXGFO6ExsR4ZbC/3q8WeBmATtFIkiFYbTGYR1E/plC
ujN6G33eCPJayFDQY3D9ETx5jXd0fYJl4O560zRrxWoK8bdD1E2RWeEKCt8ck3mm
B0apFL8M9Z5RuSmL4uke7/R3m8vXH2Iq3V28VUMSSIYyFb44ZDwjjaC35Yl91NZv
145QWv7DdyiZIr/nFgyIh+5jifuvynNNJVbIGWSH5WUevpmPTvCbwJSNnsXI78OO
uvFgQfupk1tMKbdRRHUofVoDCW1e5LuYieQwk7It2rW9wo63Bx1LUA==
=Hyma
-----END PGP SIGNATURE-----

----------------------------------------------------------
Lance Cottrell   loki at obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------







From loki at obscura.com  Thu Aug 31 01:14:31 1995
From: loki at obscura.com (Lance Cottrell)
Date: Thu, 31 Aug 95 01:14:31 PDT
Subject: Mixmaster Security Issues
Message-ID: 


At 8:45 PM 8/30/95, Russell Nelson wrote:
>   Date: Wed, 30 Aug 1995 18:17:02 -0700
>
>Can't answer all of your questions, but I'll answer the ones I can,
>which will save time for someone else to answer the rest of them.
>
>   Apart from thwarting traffic analysis attacks, how does the security
>   of a Mixmaster Type II remailer packet compare to that of a
>   PGP-chained Type I message?
>
>Well, on the one hand, PGP uses IDEA, which is arguably better than
>triple-DES, but PGP also only uses the key length(s) of choice, which
>is to say that if you use the minimum length, you have very little
>security.  Also, Mixmaster packets remain the same length from hop to
>hop, so they are harder to track.

I am not sure this is the consensus opinion. Three key triple DES uses 168
bits of key, whereas IDEA only (only?!?) uses 128. DES is also much better
studied and understood. IDEA is still a young algorithm (though close to
the heart of every cypherpunk).

The rest of what you said looks good. Too bad I did not see it before I
typed my own answer ;)

----------------------------------------------------------
Lance Cottrell   loki at obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------







From perry at piermont.com  Thu Aug 31 01:17:56 1995
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 31 Aug 95 01:17:56 PDT
Subject: Is the book Network Security any good?
In-Reply-To: <9508310253.AA09578@zorch.w3.org>
Message-ID: <199508310817.EAA24257@frankenstein.piermont.com>



hallam at w3.org writes:
> It does have some very irritating assertions concerning ASN.1
> however, specifically concerning its use in Kerberos. I consider
> Kerberos's use of ASN.1 to be far superior than the alternative
> suggested which is pure lossage.

I've heard people associated with the decision to use ASN.1 in
Kerberos V say it was a mistake. Frankly, I think ASN.1 is a blight
which should be exterminated from the planet.

But we agree that the book in question is mostly good...

Perry





From jirib at sweeney.cs.monash.edu.au  Thu Aug 31 01:26:04 1995
From: jirib at sweeney.cs.monash.edu.au (Jiri Baum)
Date: Thu, 31 Aug 95 01:26:04 PDT
Subject: "Citizen-Unit Identification" a Red Herring
In-Reply-To: 
Message-ID: <199508310824.SAA17916@sweeney.cs.monash.edu.au>


-----BEGIN PGP SIGNED MESSAGE-----

Hello cypherpunks at toad.com
  and tcmay at got.net (Timothy C. May)
  and consensus at consensus.com

Well, colour me clueless, but:

tcmay writes:
...
> Citizen-Unit ASCII Name: "Timothy Christopher May"
...
> Known Aliases: "Klaus! von Future Prime," "Lance," "Nick Szabo"
...

So T.C.May is the same person as "Lance"?


The medusa gets bigger every day...

Jiri
- --
If you want an answer, please mail to .
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMEVxkixV6mvvBgf5AQF3mgP9EDa2O2kIAohjWYJH87F/3zp63rPlsraz
awE3Oabud184C+7oY1pZk1y7KloiXHcYeJNAvoHCBXMWMcFoO9Ds1Ca6iB4F49AX
SJnq+c7IwVae1f/Z58rdaMjXMTweJ3wSrSDZDadyMLHGC6921+z9J8f1pq+wB13c
6CPWlHGCINs=
=pmM9
-----END PGP SIGNATURE-----




From tfs at vampire.science.gmu.edu  Thu Aug 31 01:28:00 1995
From: tfs at vampire.science.gmu.edu (Tim Scanlon)
Date: Thu, 31 Aug 95 01:28:00 PDT
Subject: C2.ORG REMAILER
Message-ID: <9508310827.AA04419@vampire.science.gmu.edu>



Sorry for my last empty message, it's late & i confuse
the "deliver" icon with the "mail format" icon (I was
attempting to change the type from NeXTmail to plain text)

I don't see why an anonymous remailer can't be set up in
some country with an inet connection, but with little
respect for idiocy originating from other countries
& in particular the US.

Allot of that issue is treaty dependent and that's probably what
people should look at. I like what people are doing well
enough, don't get me wrong. But the vulnerability exists via
co-operative law enforcment arrangments & legal venue operations.
That's the stuff of treaty's. I think probably an appropriate
place could be found & arranged with some effort at this point.

Hell there's GOT to be some countries out there that would have
little respect for the antics of the Church 'o Bucks who'd be
intrested in it.

Stick the database on an encrypted partition, and arrange a
a two party setup on the keys & administration and it'd make
them a damn bit harder to retrieve anyhow... "I'd comply,
but I don't have the keys, and the keyholder is refusing
contact. And NO I don't know his 'True Name' and can't find him."
That'd make things a tad rough, and isn't illigal anyplace
that I'm aware of.

Call it "Apllied Stenography" (Sorry about the pun, but I couldn't
resist it :>



Tim Scanlon




________________________________________________________________
tfs at vampire.science.gmu.edu (NeXTmail, MIME)  Tim Scanlon
George Mason University     (PGP key avail.)  Public Affairs
I speak for myself, but often claim demonic possession











From monty.harder at famend.com  Thu Aug 31 01:47:25 1995
From: monty.harder at famend.com (MONTY HARDER)
Date: Thu, 31 Aug 95 01:47:25 PDT
Subject: O.J. ObCrypto:  Fuhrman's Folly Fans Fakery Fears...
Message-ID: <8B02596.00030003C5.uuout@famend.com>



  Regardless of whether Ito allows the tapes into evidence, the public
has heard a LEO matter-of-factly discussing the fabrication of evidence
against US citizens. We should take advantage of this, by connecting the
Fuhrman/Good Ole Boys from BFART bit, and GACK.

  If my private key must be escrowed with Lawn Forcement Agencies, the
very real possibility exists of a Fuhrman using it to forge evidence
against me. In =any= Key Escrow arrangement (including the non-
government variety preferred by 4 out of 5 Cypherpunks in a recent
survey) there must be a division between encryption keys and signature
keys.

  I recommend that anyone who will be using escrowed keys generate two
pairs: First, the signature key, including in the userid some kind of
[sig use] identifier (we should settle on a standard abbreviation for
this) follower by the encryption key. This way, when a person gets your
pubkeys, they get the encryption key =last=, which gets it searched
first whenever they PGP -e... something.

  Whatever arrangements are made for escrowing my encryption key,
=nobody= gets my signature key. If I am fired, quit, become brain
damaged or dead, my key can never be used by anyone to implicate me in
any criminal activity.



  Please don't mention to anyone the fact that my signature key can be
used to send me something that even the escrow agents can't read....






 *  
---
 * Monster at FAmend.Com *    





From monty.harder at famend.com  Thu Aug 31 01:47:27 1995
From: monty.harder at famend.com (MONTY HARDER)
Date: Thu, 31 Aug 95 01:47:27 PDT
Subject: Poisson numbers for random keyspace assignment
Message-ID: <8B0251E.00030003C4.uuout@famend.com>


                  [Great statistical summary deleted]

TC> * For opportunistic attacks on keys in challenges, the odds are 95% that a
TC> key will be found with only twice the total effort (or time) using a
TC> totally random method of picking up keyspace to search.

  The odds can be improved somewhat by scaling the granularity of the
sweep to the size of the sweep. (Align larger chunks on large-chunk
boundaries, eliminating the chance of overlap with other large chunks.)

TC> * This is probably good enough. (And if one only wants to be 90% sure of
TC> finding the key, even less effort is needed.)

  The best advantage of the random method is that it allows people to
participate completely anonymously, as there is nothing to report save
the Eureka!, and that can be done through a remailer anyway. When the
challenge is solved, everyone can stop cracking.

       It is one thing to work on an academic exercise, but the =real=
     test is how well the resources could actually be marshalled for a
     =real= attack. The requirement of leaving an audit trail to
     participate reduces the supply of volunteers. This approach can not
     be challenged as unrealistic.

  The whole thing can be managed via Imail, which I must point out to
you Totally Connected People, is the least-common denominator for
participation here. You have =lots= of people out here who would like to
join the Cypherpunks Brute Squad (We gotta get T-shirts for this one!)
but don't have WWW access.




 * John was a complete D**k, until Lorena got through with him.
---
 * Monster at FAmend.Com *    





From jirib at sweeney.cs.monash.edu.au  Thu Aug 31 01:52:12 1995
From: jirib at sweeney.cs.monash.edu.au (Jiri Baum)
Date: Thu, 31 Aug 95 01:52:12 PDT
Subject: A glance at the future of missing child identification
In-Reply-To: <9508290348.AA14292@hpc.uh.edu>
Message-ID: <199508310851.SAA17944@sweeney.cs.monash.edu.au>


-----BEGIN PGP SIGNED MESSAGE-----

Hello tibbs at sina.hpc.uh.edu (Jason L Tibbitts III)
  and cypherpunks at toad.com
  and tcmay at got.net (Timothy C. May)

...[about transponders for humans]...
> Believe it or not, something like this is being used (or is being prepared
> for use) in breast implants.  An article in the Houston (silicone city)
...

Is this what they call topic drift?

> Subject: Re: A glance at the future of missing child identification

I can just see the parents getting their young daughters into this system.

Boys, of course, can look after themselves. Sure.
(Or do you envision young boys with breast implants?)


ObCrypto:

So, if they manage to make it more appropriate for both young girls and
for boys, are there any counterarguments? (Not for c'punks, for general
population: "missing children" will be hard to argue against.)

  * privacy (worth a try, anyhow)

  * use of the info by the bad guys (the mythical "pretty girl radar" :-)

  * "witness/victim protection" could be made harder by this

  * alternative: the transponder password could be shared secret between
the parents and the state (what combination here?); protects both against 
perverted state and perverted parents...


OK, what have I missed?

Jiri
- --
If you want an answer, please mail to .
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMEV3+yxV6mvvBgf5AQEIZAP9HHwlBOjyAjY8v5sQhvHywAXFhiPUuiI2
iPqEyDJ+GB4ZepDJsgzLaroxcEf/Gh72bgi6K8rk3EpqdErDePXa21Egy9Fw9tkm
eFMY+YAOBLUO0C2thprTthVhlY194czoWuqvB2LXKwUyfV5w1CmvK0qQoO5+IVpL
ZUuCIsjKssw=
=qZnM
-----END PGP SIGNATURE-----




From unicorn at access.digex.net  Thu Aug 31 01:55:07 1995
From: unicorn at access.digex.net (Black Unicorn)
Date: Thu, 31 Aug 95 01:55:07 PDT
Subject: Economic Espionage?
In-Reply-To: 
Message-ID: 


On Wed, 30 Aug 1995, Timothy C. May wrote:

> Date: Wed, 30 Aug 1995 22:22:13 -0700
> From: Timothy C. May 
> To: cypherpunks at toad.com
> Subject: Economic Espionage?
> 
> At 1:25 AM 8/31/95, Tatu Ylonen wrote:
> >> >It was said that Pres. Clinton had given a speech while
> >> >visiting the  CIA HQ in Langley/Virginia. He allegedly
> >> >said in this speech that obtaining  industrial
> >> >informations has the highest priority and this were the
> >> >new  task for the spies.
> >
> >There was a fairly large article about this in Helsingin Sanomat, the
> >largest newspaper in Finland, some weeks ago.  It was quoted as being
> >originally from the New York Times.  (I have the clip saved at home
> >and can check the date if anyone is interested.)
> >
> >I do find it rather shocking that the most powerful country in the
> >world sets industrial espionage as the primary task of their
> >intelligence services.
> 
> What confirmation can you give us for this statement?

Primary task is indeed a bit of a stretch, but published and 
unpublished sources are floating about that it has become more of a 
focus.  You don't need an insider tip for that.

> 
> I'd like to see the actual comments, not just second-hand reports.
>

I've seen now three clippings posted or mentioned on the list.  Two with 
quotes.  This is hardly new.  It's been done and accepted in the 
intelligence community for quite some time.  It's getting press because 
it's new and trendy- and to some degree because there's an increased 
emphasis in the last few years.

> The issue of economic surveillance has come up several times, and I know of
> no formal policy to institute such a program.

A formal policy has exisited at CIA for over 2 years (I don't know how 
much over 2 years) now to collect industrial espionage and there is even a
desk which co-ordinates it.  I'll send you (in private e-mail) a name of an
attorney at CIA who will probably talk with you about the subject.  He's about
as open as CIA gets.

 The U.S., with generally
> multiple competitors in each market, would have a hard time figuring out
> who to tell "foreign secrets" to. Would Ford be told? Or just General
> Motors?

C'mon Mr. May.  We both know that that's hardly a hard decision.  Ford 
has been so cooperative with our endeavors of late, they will get the 
information way before GM will.

Seriously, what makes you think this is any less a political decision 
than the question of who to spy on?  You can't honestly believe that CIA 
or any other intelligence agency cares much about the equity of giving 
information to some parties and not others?  The information will go to 
who is currently on the "in" list, and those who are unlikely to spread 
the source of the sudden rash of contract bid victories.  Large U.S. 
corporations would do well to try to align themselves with the 
intelligence communities if they do much bidding against foreign firms.  

Try talking to the business intelligence people (who regularly debrief 
U.S. businessmen returning for foreign countries on a volunteer basis.)

If you play it right, my attorney friend will probably tell you a bit 
about the program.  Of course, I would appreciate it if you failed to 
mention me, though I doubt he'd know who "Black Unicorn" was anyhow.  
(Justification for pseudonyms 'punks)

>What about companies with operations in multiple countries?

Depends on:

1. The amount of espionage activity in a given country.
2. The amount of cooperation between CIA and the company in question.

> 
> Former DIRNSA (Director of the NSA) William Odom has said repeatedly that
> economic espionage cannot plausibly be a central task of the NSA.
> 

Mostly because the NSA's primary goal is large scale sigint and cryptography 
and these are less useful than humint in industrial espionage. 

C'mon Mr. May, this is basic divide and deny / plausible deniability 
here.  Since the NSA doesn't make it a central task, none of the 
intelligence agencies do?

(I'm constructing humint to include installing a tap on a single phone 
outside the negotiating room and such.)  These are not tasks for the NSA but
for an agency with extensive field operatives and flexibility, which the NSA 
lacks.  Also note that the NSA is so heavily geared for diplomatic 
interception.

I think this list sufferes a great deal from its arrogance in assuming 
the NSA is really as interested in U.S. citizens as the list would
like to suppose.  NSA makes a wonderful threat model, but like all good threat
models, it is at the extreme to very extreme end.  Does the NSA cooperate 
with federal law enforcement and other domestic activites?   Sure.  Is it 
more than a side project here and there - not really.  Does it care much 
about Industrial Espionage?  Not unless the CIA asks for sigint on 
industrial targets.

> Before anyone accuses me of being an apologist for the NSA (usually these
> claims arrive anonymously),

I won't, but they seem to have thrown you for a loop through a 
combination of an over-estimation on your part of their function and 
an over-extending of the reach of their denial.

> I've been looking for evidence of an economic
> intelligence role or mission of the U.S. intelligence agencies for more
> than 7 years.

You've been looking too early, and when you've looked early, you've 
looked for too big.  When was the last intelligence SUCCESS you have 
read about?  They don't do everything wrong.  In any event, no one 
thought it was a good idea (on a major scale anyhow) up to a pair of years ago
or so.  Bush proposed it at one time casually and was delt a backhand 
rather quickly.  I remember an article in the NYT about it written back 
just before he left CIA.  Of course this really meant that they had been doing
more and more of it and were looking to cover even more significant 
activities.  Japan was the trendy target then.

I suggest you concentrate your interest on the business intelligence 
program which has been talking to U.S. businessmen who travel abroad for 
some 10 years, and really uped the ante these last two.  Look also at 
documents listed in "Former Secrets:  Government Records Made Public 
Through the Freedom of Information Act."  (E. Hendricks)  or "Center for 
National Security Studies, From Official Files: Abstracts of Documents on 
National Security and Civil Liberties."  A great resource is also the 
National Security Archive in Washington, D.C.  (Scott Armstrong of the 
Washington Post is a co-founder)

The sugar industry is another nice place to take a look.

> 
> Let's see some evidence.
>

Ask yourself which companies have close relations with the CIA in 
past/present.

IBM. (duh)

AT&T.  (Check the connection with the recently floundering Mexician 
Telecom companies).  See _U.S. v. Americian Telephone and Telegraph Co._,
551 F.2d 384 (1976);  _U.S. v. (AT&T)_, 567 F.2d 121 (1977) for a nice idea
of the long term relationship between AT&T and CIA. 

e-systems wins contracts all the time.  Look there.  They're publicly 
held, ask for a prospectus and see what public foreign contracts they've 
announced of late.  There's your starting list of past industrial espionage 
targets.

It's not all that hard.  95% of intelligence information is 
available publicly, and maybe 10% of it is available in the newspapers.  



> --Tim May
> 
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> Corralitos, CA              | knowledge, reputations, information markets,
> Higher Power: 2^756839      | black markets, collapse of governments.
> "National borders are just speed bumps on the information superhighway."


---
00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est
E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa    -    wichtig!
*New Key Information*    -    Finger for key revocation and latest key update.








From jirib at sweeney.cs.monash.edu.au  Thu Aug 31 02:27:56 1995
From: jirib at sweeney.cs.monash.edu.au (Jiri Baum)
Date: Thu, 31 Aug 95 02:27:56 PDT
Subject: SSL search attacks
In-Reply-To: <9508300101.AA11637@ozymandias.austin.ibm.com>
Message-ID: <199508310926.TAA18041@sweeney.cs.monash.edu.au>


-----BEGIN PGP SIGNED MESSAGE-----

Hello don at cs.byu.edu
  and cypherpunks at toad.com
  and Scott Brickner 

Scott wrote:
> don at cs.byu.edu writes
> >From: Scott Brickner 

...[only server assigns segments, client may ack only assigned segments]...

> >BEAAAT STATE! Push 'em back.. WAAAAAAY BAAAACK. 
> >(relevant comments follow)
> 
...
> *coordinated* attack on the key.  We've established that there is a 1/e
> cost factor in removing the central server.  I just threw out these
...

Wouldn't it be possible to reduce the cost?

Each client could pick a segment at random, check it and then broadcast
a NAK. Other clients would then know that the segment in question has
been done, and avoid picking it in the future. If you are worried about
collisions, one could also have IGRAB, which would advise others that
someone is working on a segment (you can still collide, but not so
often).

One advantage is that it is not necessary to have a central infinitely
trusted server. (Nothing personal, but bogus server is an attack.)

NAKs and IGRABs would be weighted by the trust accorded to the entity
that originated them.

Notes:
  * "broadcast" is probably best done with a fairly sparse graph, otherwise
one will get too much communications.
  * since there is no "server", I should replace "client" with another word.
  * there is no incentive to send NAKs (they diminish your own chance
of hitting the jackpot). How could this be avoided?
  * the NAKs could be sent by e-mail, thus allowing badly connected
and/or anonymous entities to participate.


Am I making any sense at all?

Jiri
- --
If you want an answer, please mail to .
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it TOo much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMEWAKixV6mvvBgf5AQEnkQQA0/+19hwKS204HjinHiLH5atzrv4CQu4G
Gtpxoq4R+VQgVmsUdYjPsUXce3Cu8KlFuRuJwjhnRuqQxUs53uVkKxo/peoV8xZr
FNguipHzgVu7T9t/hNQwiUDIudkv9mCpP4V27CU31GIt3BpzmfiCJLryFjI0kqKe
PXAB0khlKvY=
=pbWn
-----END PGP SIGNATURE-----




From Piete.Brooks at cl.cam.ac.uk  Thu Aug 31 02:31:59 1995
From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks)
Date: Thu, 31 Aug 95 02:31:59 PDT
Subject: Poisson numbers for random keyspace assignment
In-Reply-To: <8B0251E.00030003C4.uuout@famend.com>
Message-ID: <"swan.cl.cam.:171030:950831093019"@cl.cam.ac.uk>


>   The whole thing can be managed via Imail, which I must point out to
> you Totally Connected People, is the least-common denominator for
> participation here. You have =lots= of people out here who would like to
> join the Cypherpunks Brute Squad (We gotta get T-shirts for this one!)
> but don't have WWW access.

I had the impression that there were email / WWW gateways -- are there not ?
If there are, could someone send me (privately) info, and I'll try to sort
out an easy way to do it.

Failing that, email me with either:

	Subject: Request for brute keyspace

	request 20 segments

or

	Subject: ACK for brute keyspace

	ACK        2977 3659 0ce1 1 no


(some indication of number of email only people who would like to participate
 would be useful. Email me (not CP!) with a subject line of "offer for brute"
 giving your total k/s rate so I know how much power thgere is out there
)





From stewarts at ix.netcom.com  Thu Aug 31 02:33:01 1995
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Thu, 31 Aug 95 02:33:01 PDT
Subject: CIA & Espionage
Message-ID: <199508310930.CAA18043@ix8.ix.netcom.com>



>> >It was said that Pres. Clinton had given a speech while 
>> >visiting the  CIA HQ in Langley/Virginia. He allegedly 
>> >said in this speech that obtaining  industrial 
>> >informations has the highest priority and this were the 
>> >new  task for the spies.

Did he really say the priority was stealing information from
other people, or only protecting Big American Companies from 
those nasty French Spy Agency persons?  (Clinton being who he is,
I'd expect him to say a politically correct version of the latter, 
whether he means the former or not, just like his predecessor.)
#---
#                                Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---






From stewarts at ix.netcom.com  Thu Aug 31 02:58:25 1995
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Thu, 31 Aug 95 02:58:25 PDT
Subject: O.J. ObCrypto:  Fuhrman's Folly Fans Fakery Fears...
Message-ID: <199508310955.CAA19393@ix8.ix.netcom.com>


At 11:50 PM 8/30/95 -0500, you wrote:
> In =any= Key Escrow arrangement (including the non-government variety 
> preferred by 4 out of 5 Cypherpunks in a recent survey) 
> there must be a division between encryption keys and signature keys.
....
> Please don't mention to anyone the fact that my signature key can be
> used to send me something that even the escrow agents can't read....

Only if you use RSA.  One of the neat things about RSA, as opposed to DH or 
DSA/DSS, is that the same algorithm can do both signature and encryption.

Once we all have our Gummint-issue Citizen-Unit SmartCards with the
Web-Of-Mistrust Hierarchical Certification System, 
people won't be able to use the DSS feature to send you encrypted messages 
        Pay no attention to that man behind the subliminal
channel!
but you can still use them for signatures, including checking escrow agency 
signatures on your privacy key.
#---
#                                Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---






From don at cs.byu.edu  Thu Aug 31 04:24:22 1995
From: don at cs.byu.edu (don at cs.byu.edu)
Date: Thu, 31 Aug 95 04:24:22 PDT
Subject: SSL search attack
Message-ID: <199508311118.FAA00515@wero>


-----BEGIN PGP SIGNED MESSAGE-----

From: Jiri Baum 
>So T.C.May is the same person as "Lance"?
Hey, I wanna be Lance tooooooo. Can I be Lance? Can I?


From: Jiri Baum 

>Each client could pick a segment at random, check it and then broadcast
>a NAK. Other clients would then know that the segment in question has
>been done, and avoid picking it in the future. If you are worried about

That opens it wide open to someone NAKing the keyspace where the key is.
If we're going to involve a server, might as well do the sequential job
and make it fast.


From: monty.harder at famend.com (MONTY HARDER)

TC> * For opportunistic attacks on keys in challenges, the odds are 95% that a
TC> key will be found with only twice the total effort (or time) using a
TC> totally random method of picking up keyspace to search.

>  The odds can be improved somewhat by scaling the granularity of the
>sweep to the size of the sweep. (Align larger chunks on large-chunk
>boundaries, eliminating the chance of overlap with other large chunks.)

Some kind of step (ie, round-down) function performed on the random (I
vote we call it a dart) output, with the size of the step based on the how
many segments at once you want to search? Seems to me that all your doing 
is searching an X segment area around where the dart hit. In order to
get any kind of boundry, you have to scale the allowed segment blocks, by 
powers of two, for example, or something, so everyone knows where the 
borders are. Its a nice thought but I don't see that it's necessary.

If, on the other hand, sequential searchers plow through half of the
keyspace while a "random crew" throws darts at the other half, everyone
can participate how they wish. And if the keyserver gets deep-six'd by a
Denial of Service attack (or just swamped), everyone can just switch into
random mode and shotgun the keyspace. (Maybe even avoiding what's already 
been sequentially-searched)

Don

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMEWZ6MLa+QKZS485AQGg3AMApFhrOBURkmwJQ699IkBhlZao6ynLe4pW
8eJllDAutliFdzGWA/PYHrfYsO8Dl9IOYrzFCmdNJY5urON3/IeOv5eEGqGkc/N6
3ZaKR4FIBk8jk0u6QGxi/iRfPfSa62gp
=it70
-----END PGP SIGNATURE-----
           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://bert.cs.byu.edu/~don     or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Death threats ALWAYS pgp signed
* This user insured by the Smith, Wesson, & Zimmermann insurance company *





From asb at nexor.co.uk  Thu Aug 31 06:10:43 1995
From: asb at nexor.co.uk (Andy Brown)
Date: Thu, 31 Aug 95 06:10:43 PDT
Subject: yabc
In-Reply-To: <199508310523.WAA21036@quesnay.Berkeley.EDU>
Message-ID: 


On Wed, 30 Aug 1995, Sam Quigley wrote:
 
> Also, it seems that there have been some "extensions" to the SKSP
> protocol...  For instance, suddenly there are different machines
> dedicated just to ACKs, etc.  Is there a central repository of these
> changes?  (Have these changes even been publicly reviewed?)

These aren't changes to the protocol, which just defines what a client and
a server should understand.  The "local" servers that only do ACKs are
designed to collect up reponses from a local client farm and then feed
them en-masse to the central server, using SKSP.

To answer your second point, there are ideas being floated around between 
Adam, Piete and myself as to the "next step".

I had the idea that the load on the central server might be reduced by
having a system where clients register their availability times, PGP key
and computing horsepower to the server, and the server calls the client at
the start of an available period and hands it a keyspace that fills the
time available.  PGP signatures on all exchanges would authenticate the
parties and it would be impossible for large keyspaces to be requested in
error or malicously.  Un-ack'd keyspaces would wrap around.  This idea
needs quite a bit more coding and people have expressed reservations about
just how much load would be saved.

On the other hand, Piete has a proposal that also uses PGP signatures and
retains the existing protocol.  The central server would remain as is, but
would only accept ACKs from servers that it trusted via a signed PGP key. 
There would be a small number of such second level servers, perhaps one in
each country.  This hierarchy of trust extends downwards as far as is
necessary in each country with clients being at the leaf nodes of the
tree.  This method spreads the load worldwide in a very effective manner,
with the final central server only receiving calls from a handful of other
servers.  This idea needs less coding than mine and solves the immediate
problem. 

We're still talking, and listening...


- Andy

+-------------------------------------------------------------------------+
| Andrew Brown  Internet   Telephone +44 115 952 0585    |
| PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A  C0 1F 9F 66 64 02 4C 88   |
+-------------------------------------------------------------------------+





From wnug at loc.gov  Thu Aug 31 06:18:22 1995
From: wnug at loc.gov (William R. Nugent)
Date: Thu, 31 Aug 95 06:18:22 PDT
Subject: opinions on RSA Secure?
Message-ID: <199508311318.JAA47267@rs8.loc.gov>



c'punks:

RSA Secure appears to be a neat commercial package: it loads easily, runs fast, and
and generates an 80-bit key using Rivest's RC4. It has an "emergency access"
feature (splittable key escrow) which can, however, be disabled by the user.
Has anyone checked out the innards? Hoe secure is it in industrial/commercial
usage?; against the TLAs?; any hidden trapdoors?
Thanks in advance for your views.

Bill Nugent
Library of Congress
(a personal, not an institutional, query)






From sunder at escape.com  Thu Aug 31 07:21:47 1995
From: sunder at escape.com (Ray Arachelian)
Date: Thu, 31 Aug 95 07:21:47 PDT
Subject: your mail
In-Reply-To: 
Message-ID: 


On Sat, 12 Aug 1995, Ed Carp [khijol SysAdmin] wrote:

> I always thought he was an AI program that someone put in a lot of 
> abusive crap to be funny - then someone accidentally let it loose on the 
> net ;)

Unfortunatly, this is a wetware being; I did have the pleasure of meeting 
him at a speech given by him and Dave Mandl a few years back.  He did an 
excellent speech, and was very informative.  At the time, being a 
neophite cypherpunk, I found the info enlightening.  But alas, his human 
interaction skills rate below what one would find in a kindergarten.

He's not a bad guy really, just vicious when it comes to manners.  At 
times, he takes the net.cop attitude.  And we all know how well that 
works in an anarchistic organization/group/entity such as the cypherpunks.
He's a great cryptographer/programmer too from what I've seen.

At times, I do respect his skills, but his attitudes belong in /dev/nul.

=================================================================93=======
 + ^ + |  Ray Arachelian | Amerika: The land of the Freeh. | \-_    _-/  |
  \|/  |sunder at escape.com| Where day by day, yet another   |  \  --  /   |
<--+-->|                 | Constitutional right vanishes.  |6 _\-  -/_  6|
  /|\  |    Just Say     |                                 |----\  /---- | 
 + v + | "No" to the NSA!| Jail the censor, not the author!|     \/      |
=======/---------------------------------------------------------VI------/
      /  I watched and weeped as the Exon bill passed, knowing that yet /
     / another freedom vanished before my eyes.  How soon before we see/
    /a full scale dictatorship in the name of decency? While the rest /
   /of_the_world_fights_FOR_freedom,_our_gov'ment_fights_our_freedom_/






From MINITERS at citadel.edu  Thu Aug 31 07:32:52 1995
From: MINITERS at citadel.edu (MINITERS at citadel.edu)
Date: Thu, 31 Aug 95 07:32:52 PDT
Subject: VCRPLUS Huffman code
Message-ID: <01HUPXCYJA9I000AKW@CITCS.Citadel.edu>


Has anyone worked out the VCRPLUS code?

The TVGuide has a litsing  which can be used to set up a VCR by
employing a series of numbers which encode date/timestart/timefinish/channel
in a minimized sequence which I believe is a Huffman code(David Huffman-MIT MS
thesis 1954) I am interested in if anyone has taken the time to figure out
the algorithm?
please respond to me directly so as not to clutter the list if you don't mind.






From nobody at flame.alias.net  Thu Aug 31 08:01:51 1995
From: nobody at flame.alias.net (Anonymous)
Date: Thu, 31 Aug 95 08:01:51 PDT
Subject: UK Guardian article on 2nd SSL breaking
Message-ID: <199508311501.RAA19171@utopia.hacktic.nl>



from the "uk-pipeline":

>>>>>>>>>>>>>>>>>>>>

  CYPHERPUNKS LEAD NETSCAPE'S NAVIGATOR ASTRAY
  
  A team of computer experts has succeeded in breaking the secure 'key' 
  used on international versions of the World-Wide Web browser, Netscape 
  Navigator.
  
  The key would normally have been used to secure transmission of sensitive 
  information, such as credit card details, between a Web-surfer and a Web 
  site, such as an on-line shopping service.
  
  However, the cypherpunks, as they are known, only cracked the 40-bit key 
  that is used by export versions of Netscape Navigator, since US 
  Government regulations prevent the export of software that uses stronger 
  cryptographic techniques. "We have, quite categorically, demonstrated 
  that 40-bit keys are too weak to use for commercial systems," said Dr. 
  Piete Brookes, a computer officer at Cambridge University who managed the 
  project.  The code cracking took 31 hours and 47 minutes of computer time 
  on around 300 machines strung across the internet.
  
  The team was able to crack the code because they had been provided with 
  the transcript of a secure transmission.  Such transcripts are not 
  impossible to acquire, according to Dr. Brookes: "All you need is a tap 
  on the line, or access to a computer in a suitable part of the network.". 
  The 128-bit key used by American versions of Netscape Navigator is "well 
  out of reach of any hacker groups in the forseeable future."  He 
  estimates it would take one billion, billion, billion, billion years to 
  break.
  
  	Azeem Azhar
  
  Further information can be found on the World-Wide Web at 
  http://www.dcs.ex.ac.uk/~aba/

>>>>>>>>>>>>>>>>>>>>






From karlsiil at attmail.com  Thu Aug 31 08:21:34 1995
From: karlsiil at attmail.com (Karl A Siil)
Date: Thu, 31 Aug 95 08:21:34 PDT
Subject: opinions on RSA Secure?
In-Reply-To: <199508311318.JAA47267@rs8.loc.gov>
Message-ID: 


Bill, et. al.,

>and generates an 80-bit key using Rivest's RC4. It has an "emergency access"
>feature (splittable key escrow) which can, however, be disabled by the user.
	.
	.
	.
>Bill Nugent
>Library of Congress
>(a personal, not an institutional, query)

To clarify, the Emergency Access (EA) feature's owner (e.g., the Site Security
Officer (SSO)) can determine whether to *allow* users to disable EA. A 
possible way one brings RSA Secure to the(ir) masses of users is as follows:

	The SSO (or some equivalent) gets the software and configures EA 
	(i.e., generates EA keys) on their PC. An important part of
	the EA config is the creation of a User Disk which is distributed
	to the users of the package. On that disk goes the cryto-stuff
	that lets EA work in the future, plus the config data (including
	whether or not the EA can be overridden).

	The users, on getting the User disks from the SSO, then configure
	their PC's to encrypt/decrypt their files. If the SSO hasn't
	allowed EA disabling, when the users encrypt, the "Disable EA"
	checkbox is greyed out (missing? I forget; I would prefer it to
	be missing if not available).

The important thing here is that the ability to control the RSA Secure 
"policy" is in the same hands as the responsiblity for creating the org's 
security policy, if any.

Personally, I find RSA Secure to be quite a nice package, from a usage point 
of view. The way it blends into FileManager is really convenient. The less I 
have to "work at" security, the more likely it is that I'll use it. The crypto
is satisfactory for my needs and I'm not going to rehash (no pun intended) the
arguments over RC4-40, etc.


					Karl A. Siil
					AT&T Bell Labs
					Holmdel, NJ





From baldwin at RSA.COM  Thu Aug 31 08:49:59 1995
From: baldwin at RSA.COM (baldwin (Robert W. Baldwin))
Date: Thu, 31 Aug 95 08:49:59 PDT
Subject: Some details on RSA Secure
Message-ID: <9507318098.AA809884265@snail.rsa.com>


Here are my biased comments on RSA Secure.  They are biased by
the fact that I an a techie who works for RSA Data Security.

Neatest Features:
- It is integrated with the File Manager on Windows and the
  Finder on Mac System 7.
    For example, from the file manager you can double click on
  an encrypted Excel spread sheet and the file will automatically
  decrypt and launch Excel.  The decryption can be automatic
  because the file manager hangs on to your password for a settable
  number of minutes.

- A settable list of files can be automatically decrypted (or
  encrypted) on system startup (or shutdown).

Technical Features:
- The random number generator for file encryption keys and public
  keys is seeded by user keystrokes or wiggling the mouse.  The
  GUI for this is really fun to play with, but it only comes up
  when you first install the software.

- The user's passphrase unlocks a master key that is used to unlock
  the file encryption key for each file.

- Tamper detection for encrypted files using an MD5 hash.

- If emergency key access is turned on then the file encrypting
  key is also encrypted with the public key for emergency key
  access.  That public key is usually split into 5 or more pieces
  and two or three of the pieces are required to perform the
  emergency access functions.  A quick look at the file header
  reveals whether the escrow feature is in use.

- Files encrypted with the 40 bit demo version can be read by
  the 80 bit commercial version, and will be automatically
  upgraded to 80 bit security when they are reencrypted.

- Runs on DOS, Windows, Mac, and SunOS.  Other ports coming soon.


Coming Soon:
- Password based file sharing.  A simple way to protect files
  in transit using a secret passphrase known only to the sender
  and receiver.  Currently, only the person who encrypted the
  file can decrypt it.

- Self decrypting binaries.  This allows you to send an encrypted
  file to someone who does not have RSA Secure.  They execute
  the file, which then asks for the password and extracts the
  contents if the password is correct.  The sender can choose
  to use 40 or 80 bit encryption keys in order to comply with
  export regulations.

Request for Improvements:

        What else should be in a product that is aimed at
the commercial laptop market?

                --Bob Baldwin








From trollins at hns.com  Thu Aug 31 09:26:18 1995
From: trollins at hns.com (Tom Rollins)
Date: Thu, 31 Aug 95 09:26:18 PDT
Subject: Fiat Shamir Zero Knowledge Test
Message-ID: <9508311626.AA12640@dcn92.hns.com>


Hello,

Can someon point me to a net description of
the "Fiat Shamir Zero Knowledge Test" used
in the RCA DirecTV smart cards.

Thanks in advance...





From tcmay at got.net  Thu Aug 31 09:30:44 1995
From: tcmay at got.net (Timothy C. May)
Date: Thu, 31 Aug 95 09:30:44 PDT
Subject: Poisson numbers for random keyspace assignment
Message-ID: 


At 2:49 AM 8/31/95, MONTY HARDER wrote:
>                  [Great statistical summary deleted]

Thanks. Two other people sent me e-mail saying the odds of a keyspace chunk
being left uncovered are 1/e, so this part is pretty well known. (With an
expectation of "1" of course, as I noted. Interestingly, this was the same
formula we used at Intel to figure out chip yields: "What's the probability
that a chip will have zero defects given that m defects are the "expected"
number?")

I wanted to explain the derivation in more detail than just saying 1/e,
especially for the more interesting cases where the keyspace gets more
coverage. (Where the m = expected value is more than 1.)

>TC> * For opportunistic attacks on keys in challenges, the odds are 95% that a
>TC> key will be found with only twice the total effort (or time) using a
>TC> totally random method of picking up keyspace to search.
>
>  The odds can be improved somewhat by scaling the granularity of the
>sweep to the size of the sweep. (Align larger chunks on large-chunk
>boundaries, eliminating the chance of overlap with other large chunks.)

Indeed, this is an effect to consider. That is, each searcher is
(presumably) not overlapping, so the results I reported are sort of a bound
on the actual numbers. At one end, with lots of searchers doing very small
fractions of the total, the results are pure Poisson. At the other end,
with a searcher covering most or all of the keyspace, then of course the
results are those of nonrandom search. Practically speaking, with dozens or
hundreds of searchers, the Poisson results produce accurate enough
estimates.

>  The best advantage of the random method is that it allows people to
>participate completely anonymously, as there is nothing to report save
>the Eureka!, and that can be done through a remailer anyway. When the
>challenge is solved, everyone can stop cracking.

A very good point! Anonymous cracking has many advantages.


--Tim May

---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."







From perry at piermont.com  Thu Aug 31 09:37:40 1995
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 31 Aug 95 09:37:40 PDT
Subject: Crypto '95
Message-ID: <199508311637.MAA24666@frankenstein.piermont.com>



Anything really fun revealed at Crypto?

Anything fun at the rump session?

.pm





From sjb at austin.ibm.com  Thu Aug 31 10:30:38 1995
From: sjb at austin.ibm.com (Scott Brickner)
Date: Thu, 31 Aug 95 10:30:38 PDT
Subject: SSL search attacks
In-Reply-To: <199508310926.TAA18041@sweeney.cs.monash.edu.au>
Message-ID: <9508311728.AA16306@ozymandias.austin.ibm.com>


Jiri Baum writes
>> *coordinated* attack on the key.  We've established that there is a 1/e
>> cost factor in removing the central server.  I just threw out these
>...
>
>Wouldn't it be possible to reduce the cost?
>
>Each client could pick a segment at random, check it and then broadcast
>a NAK. Other clients would then know that the segment in question has
>been done, and avoid picking it in the future. If you are worried about
>collisions, one could also have IGRAB, which would advise others that
>someone is working on a segment (you can still collide, but not so
>often).

This only reduces the cost if everyone is playing fair.  In practice,
it will usually *increase* the cost.  A denial of service attack can be
mounted by the owner of the key just by anonymously NAKing the segment
with the key.  Then you have to search the *whole* keyspace, fail to
find it, and start over with a new strategy.

>One advantage is that it is not necessary to have a central infinitely
>trusted server. (Nothing personal, but bogus server is an attack.)

An attack on what?  The overall model here is that someone presents
the world at large with a problem to solve.  Someone else volunteers
to coordinate the effort by providing a server.  Providing a bogus
server is an attack in the sense that it wastes the CPU cycles of
the clients, but they're junk cycles anyway.  It's kind of like the
issue about being "unable to participate" because the group effort
ignores the efforts of random searchers.  Those searchers *aren't*
participating, and not ignoring them opens the server to attack.
An "effort" coordinated by a bogus server is no effort at all.

My point is that the "random" efforts are no different than everyone
working on the problem independently, each picking a random place to
start and going sequentially from there.

>NAKs and IGRABs would be weighted by the trust accorded to the entity
>that originated them.

This is similar to what I outlined yesterday afternoon.  Let unsolicited
NAKs and IGRABs represent adjustments to the probability that a segment
is assigned to a client *inside* the group.  Invalid unsolicited NAKs
don't destroy the current search, they only slow it down slightly ---
but less than a fully random effort.

>Notes:
>  * the NAKs could be sent by e-mail, thus allowing badly connected
>and/or anonymous entities to participate.

This could be done in any case.  It just slows down the effective search
rate of the e-mail participants.

This might be an argument in favor of requesting more space as you get
near the end of your current space, though.  When the communications
latency starts to approach the segment search time, you cut down your
waiting time by prefetching work.





From hodges at CNMAT.CNMAT.Berkeley.EDU  Thu Aug 31 11:36:39 1995
From: hodges at CNMAT.CNMAT.Berkeley.EDU (Richard Hodges)
Date: Thu, 31 Aug 95 11:36:39 PDT
Subject: Mixmaster Security Issues
Message-ID: 


Lance Cottrell writes:

>Because of the message size limitations there are some advantages to
>sending the mixmaster chain through some type 1 remailers first, rather
>than sending a type 1 message in a Mixmaster packet.

Are there any gateways that will take a (pgp-encrypted) type 1 message,
with presumably some kind of headers giving onward routing information and
put it into the type 2 network?

Should there be such a service? I think this was discussed earlier, but
Lance's statement above seems to reopen the discussion.


>It is very difficult to know what fraction of the traffic I see is cover. I
>generate some cover traffic my self, and I know some others do as well.
>Right now a reordering pool of 5 messages results in a latency of about 30
>min. Mixmaster is no longer a small fraction of the remailer market. A
>majority of all public remailers support Mixmaster.

What is the total daily volume of mixmaster traffic for all the advertised
mixmasters? Has anyone measure this statistic?

Regards,
Richard Hodges







From loki at obscura.com  Thu Aug 31 12:33:30 1995
From: loki at obscura.com (Lance Cottrell)
Date: Thu, 31 Aug 95 12:33:30 PDT
Subject: Mixmaster Security Issues
Message-ID: 


At 12:38 PM 8/31/95, Richard Hodges wrote:
>Lance Cottrell writes:
>
>>Because of the message size limitations there are some advantages to
>>sending the mixmaster chain through some type 1 remailers first, rather
>>than sending a type 1 message in a Mixmaster packet.
>
>Are there any gateways that will take a (pgp-encrypted) type 1 message,
>with presumably some kind of headers giving onward routing information and
>put it into the type 2 network?
>
>Should there be such a service? I think this was discussed earlier, but
>Lance's statement above seems to reopen the discussion.
>
>
>>It is very difficult to know what fraction of the traffic I see is cover. I
>>generate some cover traffic my self, and I know some others do as well.
>>Right now a reordering pool of 5 messages results in a latency of about 30
>>min. Mixmaster is no longer a small fraction of the remailer market. A
>>majority of all public remailers support Mixmaster.
>
>What is the total daily volume of mixmaster traffic for all the advertised
>mixmasters? Has anyone measure this statistic?
>
>Regards,
>Richard Hodges

You don't need anything this fancy. Just have Mixmaster dump the message to
a file rather than sending it (-o option). Then make that the message you
send through the type 1 chain, and make the first Mixmaster remailer the
final destination of the type 1 chain.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki at obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------







From starrd at iia2.org  Thu Aug 31 15:51:30 1995
From: starrd at iia2.org (starrd)
Date: Thu, 31 Aug 95 15:51:30 PDT
Subject: opinions on RSA Secure?
In-Reply-To: <199508311318.JAA47267@rs8.loc.gov>
Message-ID: 


On Thu, 31 Aug 1995, William R. Nugent wrote:

> Date: Thu, 31 Aug 1995 09:18:18 -0400
> From: William R. Nugent 
> To: cypherpunks at toad.com
> Subject: opinions on RSA Secure?
> 
> 
> c'punks:
> 
> RSA Secure appears to be a neat commercial package: it loads easily, runs fast, and
> and generates an 80-bit key using Rivest's RC4. It has an "emergency access"
> feature (splittable key escrow) which can, however, be disabled by the user.
> Has anyone checked out the innards? Hoe secure is it in industrial/commercial
> usage?; against the TLAs?; any hidden trapdoors?
> Thanks in advance for your views.

The fact that the key is only 80 is *major* compromise.  I would 
recommend that package to no-one.   With only a 80 bit key you dont 
*need* trapdoors, granted they may be more "convienient" but the fact is 
the 80 key *can* [and certainly will] be broken...

Summary: Don't used it.


Btw, this is not an opposition to RSA, RSA is very good - it is an 
opposition to the length of the key...

||||||||||||email address: starrd at iia2.org or starrd at cinenet.net|||||||||||
|    Creator of the original                |         Get paid to upload  |
|      Patriot's Archives                    \     shareware to BBSes and |
| ftp: iia.org /pub/users/patriot              \_____      the Internet!  |
| ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\      Get file:     |
| For index of available files: descript.ion           \  uploader.zip    |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk
LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP
7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR
tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK
Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD
cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf
9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig=
=0Tlq
-----END PGP PUBLIC KEY BLOCK-----






From sjb at austin.ibm.com  Thu Aug 31 16:32:13 1995
From: sjb at austin.ibm.com (Scott Brickner)
Date: Thu, 31 Aug 95 16:32:13 PDT
Subject: A problem with anonymity
Message-ID: <9508312332.AA12214@ozymandias.austin.ibm.com>


I was thinking about some issues related to electronic commerce, and it
occurred to me that there is a significant problem in conducting
business with untraceable pseudonyms (anonyms?).  The problem occurred
to me while considering inheritance.

If one operates a business under an anonym (as opposed to the sort of
conditionally traceable pseudonym proposed by AT&T in "Anonymous Credit
Cards" ),
there's a strategy for transferring unlimited funds to one's
posterity.

Consider a business which typically has a lot of assets, but which are
offset by a lot of liabilities --- almost any sort of VAR will do, for
instance.  In your will, you leave the key to unlock a private message
to your heir, in which you hand over the information necessary to
assume your anonym.  Since the heir presumably has his own identity
(whether anonymous or not is immaterial, except to *his* heirs), and
the anonym can't be linked to you, he has no reason to care about
maintaining the reputation of the anonym.  In dismantling the anonym,
he sells its assets to his own identity at a fraction of their worth,
and defaults on the liabilities.

Since the anonym behaved reputably during its life, it developed what
would have been a credit-worthy reputation, had it been a (traceable)
pseudonym.  But, since there's nothing to link the anonym to its heirs
(or ancestors), the creditors of the anonym must eat the loss.

Since the process of taking an anonym from scratch to a positive
reputation would be reasonably short (presumably not too much longer
than taking a real name or pseudonym the same distance), especially when
helped along by being fed the profits from the legitimate business of
an ancestor anonym, it's likely that a single individual could pull off
such an asset transfer at least two or three times a decade, as well as
at inheritance time.

A market which permits anonyms to have credit based on reputation will
probably have a constant stream of defaults caused by such behavior,
representing a significant risk factor in extending credit to anonyms
which can't be predicted by reputation.

Comments?





From sinclai at ecf.toronto.edu  Thu Aug 31 17:21:38 1995
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Thu, 31 Aug 95 17:21:38 PDT
Subject: opinions on RSA Secure?
In-Reply-To: 
Message-ID: <95Aug31.202112edt.1621@cannon.ecf.toronto.edu>


> The fact that the key is only 80 is *major* compromise.  I would 
> recommend that package to no-one.   With only a 80 bit key you dont 
> *need* trapdoors, granted they may be more "convienient" but the fact is 
> the 80 key *can* [and certainly will] be broken...
I disagree.  If we assume that RC4 and DES can be run at the same speed
(I don't know how true this is) then 80 bit RC4 is 2^24 times harder
to break than DES.  That's 16 million.  A machine that will crack
DES in one day is of the order of one million dollars.  It would take
50,000 years to crack 80-bit RC4.  Alternativly, a one-day crack
would cost 16 trillion dollars.  I feel safe with those numbers.

Certainly, for the most paranoid 128 bit IDEA is better than an
80 bit RC4.  However, to say that it is unsuitable for anyone is
a vast stretch.  Considering it probably has a better user-interface
than SecureDrive, it may be more suitable for the average person.





From tcmay at got.net  Thu Aug 31 17:22:53 1995
From: tcmay at got.net (Timothy C. May)
Date: Thu, 31 Aug 95 17:22:53 PDT
Subject: A problem with anonymity
Message-ID: 


At 11:32 PM 8/31/95, Scott Brickner wrote:
>I was thinking about some issues related to electronic commerce, and it
>occurred to me that there is a significant problem in conducting
>business with untraceable pseudonyms (anonyms?).  The problem occurred
>to me while considering inheritance.
>
>If one operates a business under an anonym (as opposed to the sort of
>conditionally traceable pseudonym proposed by AT&T in "Anonymous Credit
>Cards" ),
>there's a strategy for transferring unlimited funds to one's
>posterity.
>
>Consider a business which typically has a lot of assets, but which are
>offset by a lot of liabilities --- almost any sort of VAR will do, for
>instance.  In your will, you leave the key to unlock a private message
>to your heir, in which you hand over the information necessary to
>assume your anonym.  Since the heir presumably has his own identity
>(whether anonymous or not is immaterial, except to *his* heirs), and
>the anonym can't be linked to you, he has no reason to care about
>maintaining the reputation of the anonym.  In dismantling the anonym,
>he sells its assets to his own identity at a fraction of their worth,
>and defaults on the liabilities.
     ^^^^^^^^^^^^^^^^^^^^^^^^^^^

You don't have to look to death and inheritance for this problem to crop
up. Similar situations arise when:

- a pseudonym simply decides to dissolve the current pseudonym and shift
focus to another pseudonym (perhaps transferring a bunch of assets, then
simply vanishing and leaving "no forwarding address')

(This is of course the basis of any number of scams and "boiler room
operations." Crypto does not completey eliminate scams like this, and, in
fact, generates some new kinds of scams.)

- this is also a well-known problem with any services that handle money,
valuables, etc. For example, the money courier who vanishes to Rio de
Janeiro.

This is one thing that _bonding_ is designed to partially ameliorate. One
posts a bond which is greater than the amount being carried, or at least is
some large amount. (Calculations are complex, and various agencies may have
various policies, depending on other reputation factors.)


>Since the anonym behaved reputably during its life, it developed what
>would have been a credit-worthy reputation, had it been a (traceable)
>pseudonym.  But, since there's nothing to link the anonym to its heirs
>(or ancestors), the creditors of the anonym must eat the loss.

The concept of "reputation capital" is a critical one.

ideally, one never "trusts" an agent with a transaction greater than the
value of the reputation capital he will lose if he defaults.

There are still scams and manouvers to thwart this reputation capital
scheme. The agent planning to "defect" (default, split, abscond, renege,
etc.) can try to pile up as many pending transactions as possible,
anticipating that the various transactees will be unaware of each other.
(This of course happens in real life.)

Whether cryptographic protocols (cf. the "encrypted open books" proposal by
eric Hughes for one approach which may be useful) solve this problem is not
known at this time. But the non-crypto world has of course not solved this
problem, either.

...
>A market which permits anonyms to have credit based on reputation will
>probably have a constant stream of defaults caused by such behavior,
>representing a significant risk factor in extending credit to anonyms
>which can't be predicted by reputation.
>
>Comments?

Lots of issues need to be thought about. My hunch is that economists, game
theorists, and scam artists will all discover digital money and pseudonyms
and will explore various aspects of this situation.

I devoted a pretty big chunk of my Cyphernomicon to these "darker sides" of
anonymity, of reputation capital, and suchlike. By no means did I cover all
the issues of "crypto anarchy," but I suggest interested folks take a look
at the chapter on crypto anarchy for more discussion.

--Tim May



---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."







From kooltek at iol.ie  Thu Aug 31 17:34:35 1995
From: kooltek at iol.ie (jmcc)
Date: Thu, 31 Aug 95 17:34:35 PDT
Subject: Fiat Shamir Zero Knowledge Test
Message-ID: <199509010028.BAA06686@joyce.iol.ie>


>Can someon point me to a net description of
>the "Fiat Shamir Zero Knowledge Test" used
>in the RCA DirecTV smart cards.
>

The standard text on this is the paper "How To Prove Yourself" by Fiat and
Shamir. I'll try and dig up the name of the ftp site I found it on but in
the meantime here is a rough description.

The access control system for RCA DirecTv was developed by News Datacom.
They, News Datacom, also developed the security for the VideoCrypt system
here in Europe. The smart card used in VideoCrypt here in Europe has been
continually reverse-engineered for the last three card issues. (currently on
issue 09). Therefore much of the description below is based on the European
system. Of course the fact that the DSS cards are now turning up in Europe
repainted as Sky cards indicates that the ROM is identical. This is where
the routined for card i/o protocols and data packets are. As a result, the
DirecTv system probably uses the same packet types. Any of the pirate smart
card emulator programs available on BBSes on FTP sites can be used to
monitor the data flowing to and from the card. Cutting to the chase:

Packet - Direction- Bytes - Function
70       C > D      6       Card presents  6 byte ID number to decoder
7C       C > D     16       Card sends tiering/authorisation levels to decoder
7E	 C > D     64       Card sends X value for ZKT to decoder 
80       D > C	    1       Decoder sends Q flag to card (either 00h or 01h)
82       C > D     64       Card's Y ZKT response to decoder
70       C > D      6       Card presents 6 byte ID number to decoder


The Fiat Shamir ZKT as used in here is dependent on a number of elements:
S, the serial number of the card. 
N, the common modulus. 
R, the look-up table in the card (a block of data).
X, the value sent by the card to be authenticated.
Q, the calculation mode flag (either 00h or 01h)
Y, the calculated response from the card.

The X value is calculated as X=R^2 mod N. The Y responses are calculated as
follows.

 Y = R if Q=00h
 Y = (R * S) mod N if Q=01h

The Q flag tells the card how to generate response Y. The card would be
authenticated in the following cases:

If Q=00h then Y^2 = X mod N

If Q=01h then Y^2 = (X * V) mod N where V is the card identity number
received prior to the authentication process. S, the card serial number is
derived from V by the equation: S = sqrt (V) mod N

The implementation of the ZKT in VideoCrypt is faulty and open to a simple
hack. It is designed to make the card authenticate itself. Many of the
earlier decoders had a flaw in the ZKT calculation routines in the decoder.
Of course the data in the decoder was easily popped by hackers since the
microcontroller in charge of the authentication was not secured.

In the VideoCrypt system, one of the latest bypasses for the ZKT is to
record the response from a valid card and have the pirate card replay it.
This saves a lot of time and it does work perfectly.

Since the complete contents, (ROM and EEPROM), of the VideoCrypt card are
now available, the whole idea of authentication is invalid. In the DSS
system, however, there the ZKT is still viable though there are some ways in
which it theoretically could  be bypassed if it uses the same implementation
as VideoCrypt.

Regards...jmcc
(John McCormac)
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzAYiFIAAAEEANTTBXIijEE82VN6nL7U+Or0Br4/eJ6POKxfxy64GOJsEO7g
kPrAI3zzuYZ4XhOH01Lt4dtr+0hmanMpKOssYR02sZGaR6OARWSRe9KIWpSUGHG3
8pBBCqYO6adzFEVEOclqDQ1L6QZaOsf+qX8h9eo/bXpeYg43PZvSRmmL6lExAAUR
tA5rb29sdGVrQGlvbC5pZQ==
=vzc/
-----END PGP PUBLIC KEY BLOCK-----






From starrd at iia2.org  Thu Aug 31 17:43:41 1995
From: starrd at iia2.org (starrd)
Date: Thu, 31 Aug 95 17:43:41 PDT
Subject: opinions on RSA Secure?
In-Reply-To: <95Aug31.202112edt.1621@cannon.ecf.toronto.edu>
Message-ID: 


On Thu, 31 Aug 1995, SINCLAIR DOUGLAS N wrote:
> 
> > The fact that the key is only 80 is *major* compromise.  I would 
> > recommend that package to no-one.   With only a 80 bit key you dont 
> > *need* trapdoors, granted they may be more "convienient" but the fact is 
> > the 80 key *can* [and certainly will] be broken...
> I disagree.  If we assume that RC4 and DES can be run at the same speed
> (I don't know how true this is) then 80 bit RC4 is 2^24 times harder
> to break than DES.  That's 16 million.  A machine that will crack
> DES in one day is of the order of one million dollars.  It would take
> 50,000 years to crack 80-bit RC4.  Alternativly, a one-day crack
> would cost 16 trillion dollars.  I feel safe with those numbers.
> 
> Certainly, for the most paranoid 128 bit IDEA is better than an
> 80 bit RC4.  However, to say that it is unsuitable for anyone is
> a vast stretch.  Considering it probably has a better user-interface
> than SecureDrive, it may be more suitable for the average person.
> 

I am a user of SecureDrive, and strongly support it.   There is *no* 
interface required, once you log into the drive, *everything* operates 
totally transparent to the user.

Always keep in mind that when the gov't doesn't mind the software being 
exported, they alrady know how to compromise it...Trust PGP, Hpack & 
SecureDrive...you won't be disappointed.

||||||||||||email address: starrd at iia2.org or starrd at cinenet.net|||||||||||
|    Creator of the original                |         Get paid to upload  |
|      Patriot's Archives                    \     shareware to BBSes and |
| ftp: iia.org /pub/users/patriot              \_____      the Internet!  |
| ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\      Get file:     |
| For index of available files: descript.ion           \  uploader.zip    |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk
LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP
7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR
tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK
Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD
cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf
9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig=
=0Tlq
-----END PGP PUBLIC KEY BLOCK-----






From mnorton at cavern.uark.edu  Thu Aug 31 18:58:29 1995
From: mnorton at cavern.uark.edu (Mac Norton)
Date: Thu, 31 Aug 95 18:58:29 PDT
Subject: A problem with anonymity
In-Reply-To: <9508312332.AA12214@ozymandias.austin.ibm.com>
Message-ID: 


1.  Anonymity raises the price of credit; the market will
	decide, probably variously, how that increase will
	be distributed among borrowers.

2.  I suspect the taxation authorities would have an interest
	and that it would be counter-anonymity, producing
	friction that would further increase the above cost.

MacN

On Thu, 31 Aug 1995, Scott Brickner wrote:

> I was thinking about some issues related to electronic commerce, and it
> occurred to me that there is a significant problem in conducting
> business with untraceable pseudonyms (anonyms?).  The problem occurred
> to me while considering inheritance.
> 
> If one operates a business under an anonym (as opposed to the sort of
> conditionally traceable pseudonym proposed by AT&T in "Anonymous Credit
> Cards" ),
> there's a strategy for transferring unlimited funds to one's
> posterity.
> 
> Consider a business which typically has a lot of assets, but which are
> offset by a lot of liabilities --- almost any sort of VAR will do, for
> instance.  In your will, you leave the key to unlock a private message
> to your heir, in which you hand over the information necessary to
> assume your anonym.  Since the heir presumably has his own identity
> (whether anonymous or not is immaterial, except to *his* heirs), and
> the anonym can't be linked to you, he has no reason to care about
> maintaining the reputation of the anonym.  In dismantling the anonym,
> he sells its assets to his own identity at a fraction of their worth,
> and defaults on the liabilities.
> 
> Since the anonym behaved reputably during its life, it developed what
> would have been a credit-worthy reputation, had it been a (traceable)
> pseudonym.  But, since there's nothing to link the anonym to its heirs
> (or ancestors), the creditors of the anonym must eat the loss.
> 
> Since the process of taking an anonym from scratch to a positive
> reputation would be reasonably short (presumably not too much longer
> than taking a real name or pseudonym the same distance), especially when
> helped along by being fed the profits from the legitimate business of
> an ancestor anonym, it's likely that a single individual could pull off
> such an asset transfer at least two or three times a decade, as well as
> at inheritance time.
> 
> A market which permits anonyms to have credit based on reputation will
> probably have a constant stream of defaults caused by such behavior,
> representing a significant risk factor in extending credit to anonyms
> which can't be predicted by reputation.
> 
> Comments?
> 





From mnorton at cavern.uark.edu  Thu Aug 31 19:06:18 1995
From: mnorton at cavern.uark.edu (Mac Norton)
Date: Thu, 31 Aug 95 19:06:18 PDT
Subject: A problem with anonymity
In-Reply-To: 
Message-ID: 



On Thu, 31 Aug 1995, Timothy C. May wrote:

> You don't have to look to death and inheritance for this problem to crop
> up. Similar situations arise when:

But these are problems of fraud that the criminal and civil
justice systems already comprehend.  I think what is posited
is something a bit more unique.

> 
> - a pseudonym simply decides to dissolve the current pseudonym and shift
> focus to another pseudonym (perhaps transferring a bunch of assets, then
> simply vanishing and leaving "no forwarding address')
> 
> (This is of course the basis of any number of scams and "boiler room
> operations." Crypto does not completey eliminate scams like this, and, in
> fact, generates some new kinds of scams.)
> 
> - this is also a well-known problem with any services that handle money,
> valuables, etc. For example, the money courier who vanishes to Rio de
> Janeiro.

I don't think bonding is applicable in this posit, given the 
assumed established creditworthiness of the original anonym.
Perhaps he originally posted a bond, but the market would 
probably have dispensed with that condition as an unnecessary
formality at some point in his glowing credit history.

MacN
> 
> This is one thing that _bonding_ is designed to partially ameliorate. One
> posts a bond which is greater than the amount being carried, or at least is
> some large amount. (Calculations are complex, and various agencies may have
> various policies, depending on other reputation factors.)
> 
> 
> >Since the anonym behaved reputably during its life, it developed what
> >would have been a credit-worthy reputation, had it been a (traceable)
> >pseudonym.  But, since there's nothing to link the anonym to its heirs
> >(or ancestors), the creditors of the anonym must eat the loss.
> 
> The concept of "reputation capital" is a critical one.
> 
> ideally, one never "trusts" an agent with a transaction greater than the
> value of the reputation capital he will lose if he defaults.
> 
> There are still scams and manouvers to thwart this reputation capital
> scheme. The agent planning to "defect" (default, split, abscond, renege,
> etc.) can try to pile up as many pending transactions as possible,
> anticipating that the various transactees will be unaware of each other.
> (This of course happens in real life.)
> 
> Whether cryptographic protocols (cf. the "encrypted open books" proposal by
> eric Hughes for one approach which may be useful) solve this problem is not
> known at this time. But the non-crypto world has of course not solved this
> problem, either.
> 
> ...
> >A market which permits anonyms to have credit based on reputation will
> >probably have a constant stream of defaults caused by such behavior,
> >representing a significant risk factor in extending credit to anonyms
> >which can't be predicted by reputation.
> >
> >Comments?
> 
> Lots of issues need to be thought about. My hunch is that economists, game
> theorists, and scam artists will all discover digital money and pseudonyms
> and will explore various aspects of this situation.
> 
> I devoted a pretty big chunk of my Cyphernomicon to these "darker sides" of
> anonymity, of reputation capital, and suchlike. By no means did I cover all
> the issues of "crypto anarchy," but I suggest interested folks take a look
> at the chapter on crypto anarchy for more discussion.
> 
> --Tim May
> 
> 
> 
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> Corralitos, CA              | knowledge, reputations, information markets,
> Higher Power: 2^756839      | black markets, collapse of governments.
> "National borders are just speed bumps on the information superhighway."
> 
> 
> 





From tcmay at got.net  Thu Aug 31 19:24:12 1995
From: tcmay at got.net (Timothy C. May)
Date: Thu, 31 Aug 95 19:24:12 PDT
Subject: A problem with anonymity
Message-ID: 


At 2:06 AM 9/1/95, Mac Norton wrote:
>On Thu, 31 Aug 1995, Timothy C. May wrote:
>
>> You don't have to look to death and inheritance for this problem to crop
>> up. Similar situations arise when:
>
>But these are problems of fraud that the criminal and civil
>justice systems already comprehend.  I think what is posited
>is something a bit more unique.

The guy who takes in money and vanishes, or skips to Rio, out of the reach
of extradition treaties, is not all that different from the posited
situation of a nym dematerializing.

The "law" can't really touch either situation, efficiently, and so other
mechanisms are generally used (or recommended, though many con victims have
fail to do so).

I've not claimed the scenarios are identical, only that the issue of agents
taking in money or promising services and then vanishing is as old as
history. That such things will happen with digital pseudonyms is assured.
Fortunately, countermeasures appear practical.

...
>> - this is also a well-known problem with any services that handle money,
>> valuables, etc. For example, the money courier who vanishes to Rio de
>> Janeiro.
>
>I don't think bonding is applicable in this posit, given the
>assumed established creditworthiness of the original anonym.
>Perhaps he originally posted a bond, but the market would
>probably have dispensed with that condition as an unnecessary
>formality at some point in his glowing credit history.
>
>MacN

If the "market" (actually, some players in the market) chose to dispense
with bonding and then got burned, so be it. Later iterations of the market,
and the players, will thus likely _not_ dispense with bonding and other
such measures.

Think of it as evolution in action.

--Tim May

(P.S. Could people try not to include all of the post they are responding
to in their replies?)

---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."







From scmayo at rschp1.anu.edu.au  Thu Aug 31 19:27:21 1995
From: scmayo at rschp1.anu.edu.au (Sherry Mayo)
Date: Thu, 31 Aug 95 19:27:21 PDT
Subject: sums with BIG numbers
Message-ID: <9509010227.AA28294@toad.com>


Can anyone point me to any books, documentation or
whatever that will explain the methods used in routines
like bignum for doing sums with 'too-big' numbers.

I'm having a tough time trying to figure it out from the code 
;-(

Sherry






From rrothenb at ic.sunysb.edu  Thu Aug 31 20:20:28 1995
From: rrothenb at ic.sunysb.edu (Deranged Mutant)
Date: Thu, 31 Aug 95 20:20:28 PDT
Subject: sums with BIG numbers
In-Reply-To: <9509010227.AA28294@toad.com>
Message-ID: <199509010320.XAA07735@libws4.ic.sunysb.edu>



> Can anyone point me to any books, documentation or
> whatever that will explain the methods used in routines
> like bignum for doing sums with 'too-big' numbers.
> 
> I'm having a tough time trying to figure it out from the code 
> ;-(
> 
> Sherry
> 
What do you mean? How big numbers are added (trivially easier than multiplication
or division) or how it handles numbers that are too large for the variable's
size?






From rrothenb at ic.sunysb.edu  Thu Aug 31 20:27:48 1995
From: rrothenb at ic.sunysb.edu (Deranged Mutant)
Date: Thu, 31 Aug 95 20:27:48 PDT
Subject: opinions on RSA Secure?
In-Reply-To: <95Aug31.202112edt.1621@cannon.ecf.toronto.edu>
Message-ID: <199509010328.XAA07922@libws4.ic.sunysb.edu>


[..]
> 
> Certainly, for the most paranoid 128 bit IDEA is better than an
> 80 bit RC4.  However, to say that it is unsuitable for anyone is
> a vast stretch.  Considering it probably has a better user-interface
> than SecureDrive, it may be more suitable for the average person.
> 
So why not a user-friendly Windows or GUI interface for SecureDrive as well?

How hard is it to adapt LOGIN for Windows?






From rjc at clark.net  Thu Aug 31 20:28:32 1995
From: rjc at clark.net (Ray Cromwell)
Date: Thu, 31 Aug 95 20:28:32 PDT
Subject: sums with BIG numbers
In-Reply-To: <9509010227.AA28294@toad.com>
Message-ID: <199509010327.XAA25211@clark.net>


> 
> Can anyone point me to any books, documentation or
> whatever that will explain the methods used in routines
> like bignum for doing sums with 'too-big' numbers.


Try Knuth's The Art of Computer Programming, Volume 2, Seminumerical 
Algorithms.

Most bignum routines work like this. An integer is represented
as a polynomial p(x) with coefficients a_0, a_1, ..., a_n, where
x is the radix or "base" of the number. The coefficients come from
the ring of integers, modulo the base. For instance, if you are
using base-2 (x=2), the number 28 could be represented as
p(x) = a_4 x^4 + a_3 + x^3 + a_2 x^2 + a_1 x + a_0 

where a_4=a_3=a_2=1 and a_1=a_0=0.  Each a_n is an element of Z mod x

To add two bignums, P(x) and Q(x) simply sum coefficients of like
terms like you would with any polynomial addition, with one simple
modification. If a_k is the coefficient of the x^k term of P(x), and
b_k is the coefficient of the x^k term of Q(x), then the
x^k term of P(x)+Q(x) is a_k+b_k+(carry of previous term) mod x.
(new carry=(a_k+b_k + previous carry)/x)
All this says is, the new term is the sum of the coefficients 
on the x^k terms, modulo x (because your coefficients can not hold
numbers larger than 'x'), plus the carry of the last term. The
carry is 1 if a_k+b_k+previous_carry > x. 

Now you may ask, if our coefficients in our bignum are stored as
32-bit integers, how do I compute the result in C and take into
account overflow?

Well, add the two numbers together. If the result is less than either
of the numbers, an overflow has occured and you must carry (the
machine register has 'rolled over'). For multiplication, you can
either break a 32-bit number into 2 16-bit chunks and perform 4 16-bit
multiplies to get a 64-bit result (using 16x16->32 bit hardware
multiplication) or you can use a number of type "long long int" in C
and let the compiler do it for you.


A short example: let X=123 and Y=789 be bignums represented via the
polynomials P(x)=1 x^2 + 2 x + 3 and Q(x)=7 x^2 + 8 x + 9  with
x=10. let r_n be the coefficients of the resultant polynomial 
R(x)=P(x)+Q(x)

Start at the least significant term. Carry=0
Now r_0=(a_0 + b_0)+carry mod x, or r_0=9+3 mod 10=2, carry=(9+3)/10=1
    r_1=8 + 2 + carry = 11 mod 10 = 1    carry=11/10 = 1 
    r_2=1+7 + carry = 9  carry = 9 / 10 = 0
    
So the result is 912.
  
Explicit modulos are only required if you are working in some base
other then the machine's natural word size. (otherwise the
'roll over' effect gives you the mod for free)

If you are seeking the fastest practical methods of doing multiplication,
division, and modular exponentiation, look up information on 
Karatsuba multiplication, fast reciprocals via Newton's Method,
and Fast Integer Squaring combined with exponent shifting.
(if you are looking at PGP's source code, PGP does not use the
fastest algorithms)

-Ray




  




From rrothenb at ic.sunysb.edu  Thu Aug 31 20:31:14 1995
From: rrothenb at ic.sunysb.edu (Deranged Mutant)
Date: Thu, 31 Aug 95 20:31:14 PDT
Subject: LuRaSHA vaporware...
Message-ID: <199509010332.XAA08009@libws4.ic.sunysb.edu>



The encrypted filesystem I promised never came through, partly because I've
been busy but also because I'm toying with writing it for OS/2 instead... 
alas I know little about OS/2.

Either way, the encryption/decryption routines are nicely written, and I am
willing to make them available for perusal either way (their written in 386
Assembler code).

Drop me a note if you're interested.





From monty.harder at famend.com  Thu Aug 31 20:44:44 1995
From: monty.harder at famend.com (MONTY HARDER)
Date: Thu, 31 Aug 95 20:44:44 PDT
Subject: SSL search attack
Message-ID: <8B034A5.00030003CF.uuout@famend.com>


D > >  The odds can be improved somewhat by scaling the granularity of the
D > >sweep to the size of the sweep. (Align larger chunks on large-chunk
D > >boundaries, eliminating the chance of overlap with other large chunks.)
D >
D > Some kind of step (ie, round-down) function performed on the random (I

  More like deciding ahead of time that if you are going to take 1/n of
the keyspace, you should take a chunk aligned on a 1/n boundary. That
way, you don't have two people take chunks right next to each other,
just missing the key, or take chunks that overlap each other massively,
duplicating effort.

  If a random protocol were to be used, each person would roll up an
appropriate starting spot, and then simply search sequentially
thereafter, so that he would not double up on his =own= previous
efforts. The point of scaling the starting point is basically the theory
that says:

     "I will generate a random number of the form xxxxxx0000, because if
     I trust that a person has scanned any given number, I also trust
     that he has scanned the next FFFF keys, so it would be
     counterproductive for me to start anywhere not so aligned."

  And the number of 0s is based on my pathetic amount of computing power
being estimated as 2**(-24) of the total effort. For those who made the
Big Boys list, a few more zeros are in order.

D > is searching an X segment area around where the dart hit. In order to
D > get any kind of boundry, you have to scale the allowed segment blocks, by
D > powers of two, for example, or something, so everyone knows where the
D > borders are. Its a nice thought but I don't see that it's necessary.

  It should improve the odds just a bit. Instead of throwing darts at
2**40 targets, we are only throwing them at 2**24 small ones, and people
with large darts to throw can worry about, say, 2**16 or even 2**12
targets to hit.



 * You always carry weapons, 'cause you always carry cash.
   -Glenn Frey.
---
 * Monster at FAmend.Com *    





From hal9001 at panix.com  Thu Aug 31 21:58:14 1995
From: hal9001 at panix.com (Robert A. Rosenberg)
Date: Thu, 31 Aug 95 21:58:14 PDT
Subject: O.J. ObCrypto:  Fuhrman's Folly Fans Fakery Fears...
Message-ID: 


At 23:50 8/30/95, MONTY HARDER wrote:
>I recommend that anyone who will be using escrowed keys generate two
>pairs: First, the signature key, including in the userid some kind of
>[sig use] identifier (we should settle on a standard abbreviation for
>this) follower by the encryption key. This way, when a person gets your
>pubkeys, they get the encryption key =last=, which gets it searched
>first whenever they PGP -e... something.
>
>  Whatever arrangements are made for escrowing my encryption key,
>=nobody= gets my signature key. If I am fired, quit, become brain
>damaged or dead, my key can never be used by anyone to implicate me in
>any criminal activity.
>
>
>
>  Please don't mention to anyone the fact that my signature key can be
>used to send me something that even the escrow agents can't read....

I do not think that PGP 2.x can easily (ie: Automatically) use one key for
Signing and another for Encrypting a Message (it does both at the same time
if you ask). If I "Clear Sign" a message and then Encrypt it, then I get
the result but I'm not sure if doing the decrypt on such a message will
automatically spot the signature and verify it (as would occur with a E+S
pass).

PGP3 is supposed to have the ability to have keysets that contain two keys
for this purpose (ie: When you generate a key set you can ask it to
generate separate Sign and Encrypt keys so that separate keys get used for
each function).







From hal9001 at panix.com  Thu Aug 31 21:58:44 1995
From: hal9001 at panix.com (Robert A. Rosenberg)
Date: Thu, 31 Aug 95 21:58:44 PDT
Subject: SSL search attack
Message-ID: 


At 07:33 8/31/95, Piete Brooks wrote:
> I am against pre-fetching of the next chunk, as I believe it should not be
>        necessary (I'll review that after Hal3) and it tends to increase NOACKs

I see nothing wrong with the concept of being allocated an initial chunk
and having the scan software attempt to ACK it when 50% of it has been
searched. A successful ACK would allow the releasing of a new chunk (in
response) equal in size to the returned chunk. A failure of the Server to
accept the ACK would trigger a retry at set intervals (such as 75% and 100%
or 60/70/80/90/100%) until the Server responds. Thus the scanner is always
in possession of a Full Sized Chuck to scan (so long as the Server accepts
an ACK before the 100% done mark) and temporary failures will not stop the
process of a scanner as currently happens.

Note: All this does is alter the size of the initial chunk granted and
allow the scanner to report partial progress and reset the scanned range
back to the original chunk size (ie: The Scanner never has more than the
designated assigned chunk size at any time - it just gets refreshed in
pieces [thus allowing overlap of scanning with getting a new range to scan]
in lieu of all at once [which has a failure to accept the ACK as a bottle
neck in uninterrupted scanning]).







From will at thinkmedia.com  Thu Aug 31 22:27:17 1995
From: will at thinkmedia.com (thinkmedia.com)
Date: Thu, 31 Aug 95 22:27:17 PDT
Subject: cypherpunks lite?
Message-ID: <199509010527.WAA12666@scruz.net>


Can someone provide me with the address of cypherpunks lite?

Thanks.

-Will S. Johnston
______________________________________________________________________________
Opinion is a flitting thing,                         Real Time Media
But Truth, outlasts the Sun--                        Thinking Media Research
If then we cannot own them both--                    will at thinkmedia.com
Possess the oldest one--                             (408) 423-3720
             -Emily Dickinson                        http://www.thinkmedia.com








From perry at piermont.com  Thu Aug 31 22:56:24 1995
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 31 Aug 95 22:56:24 PDT
Subject: sums with BIG numbers
In-Reply-To: <9509010227.AA28294@toad.com>
Message-ID: <199509010555.BAA25418@frankenstein.piermont.com>



Sherry Mayo writes:
> Can anyone point me to any books, documentation or
> whatever that will explain the methods used in routines
> like bignum for doing sums with 'too-big' numbers.
> 
> I'm having a tough time trying to figure it out from the code 
> ;-(

The best book to read is, of course, Volume 2 of Knuth's "Art of
Computer Programming". Many of the algorithms in use today are a bit
snazzier but Knuth explains all the general principles of how such
things are done.

BTW, any good hacker should own all three published volumes. Its *the*
classic.

Perry





From feanor at anduin.gondolin.org  Thu Aug 31 23:14:44 1995
From: feanor at anduin.gondolin.org (Bryan Strawser)
Date: Thu, 31 Aug 95 23:14:44 PDT
Subject: Hmmm.. (fwd)
Message-ID: <199509010555.AAA20955@anduin.gondolin.org>


In a previous message, Jamie Rishaw said...

This was from one of the discussion groups concerning InterNIC's operation
of the whois services, registration services, etc.  I found it quite
interesting that they were logging this sort of information.

Bryan

> From owner-rs-talk at internic.net  Fri Sep  1 00:47:14 1995
> Message-Id: 
> From: jamie at sauron.multiverse.com (Jamie Rishaw)
> Subject: Hmmm..
> To: rs-talk at internic.net
> Date: Thu, 31 Aug 1995 14:11:28 -0400 (EDT)
> MIME-Version: 1.0
> Content-Type: text/plain; charset=US-ASCII
> Content-Transfer-Encoding: 7bit
> Content-Length:        343
> Sender: owner-rs-talk at internic.net
> 
> What's this?
> 
> melkor% whois seaway.com                                                  ~/nic
> crt0: no /usr/lib/ld.so
>  
> Could not open log file [/home/guest/guest/logs/whoisrv.log]
> 
> 
> Does NIC log all the WHOIS requests?  Why?
> 
> 
> -- 
> jamie rishaw (jamie at multiverse.net)
> 
> "Hey!  Who took the cork off my lunch??!"
>                 -- W. C. Fields
> 


-- 
Bryan Strawser, Gondolin Technologies, Bloomington, IN USA        Remember Waco
feanor at gondolin.org                                            Live free or die




From ravage at einstein.ssz.com  Thu Aug 31 23:17:08 1995
From: ravage at einstein.ssz.com (Jim Choate)
Date: Thu, 31 Aug 95 23:17:08 PDT
Subject: sums with BIG numbers
In-Reply-To: <199509010555.BAA25418@frankenstein.piermont.com>
Message-ID: <199509010620.BAA00211@einstein.ssz.com>


> 
> 
> Sherry Mayo writes:
> > Can anyone point me to any books, documentation or
> > whatever that will explain the methods used in routines
> > like bignum for doing sums with 'too-big' numbers.
> > 
> > I'm having a tough time trying to figure it out from the code 
> > ;-(
> 
> The best book to read is, of course, Volume 2 of Knuth's "Art of
> Computer Programming". Many of the algorithms in use today are a bit
> snazzier but Knuth explains all the general principles of how such
> things are done.
> 
> BTW, any good hacker should own all three published volumes. Its *the*
> classic.
> 
> Perry
> 

Volume 4 should be in print shortly.